Access management is
in the metadata authorization layer, which is provided by SAS Environment
Manager.
This application supports
the access control tasks that are provided by the Authorization module
to SAS Environment Manager, including the following:
-
applying access control templates
(ACTs) to metadata objects
-
applying explicit controls to objects
-
managing repository-level controls
-
In addition, this application
provides new access management features, including the following:
-
The basic authorization display
provides a full grid of applicable permissions and access control
participants. This enables you to immediately see the entire picture,
instead of having to examine the settings for only one identity at
a time. You can immediately see the impact of your access control
changes across identities. For example, the impact that an explicit
denial for PUBLIC has on all restricted identities that do not have
offsetting direct controls is immediately apparent.
-
For each effective permission,
you can view origins information that identifies the source of the
effective grant or denial.
-
The permissions inspector, enables
you to easily and safely look up effective permissions for any user
or group.
-
In each ACT’s definition,
a usage tab lists the objects to which that ACT is directly applied.
This helps you identify any gaps in your access control implementation,
and helps you anticipate the impact of any changes that you make to
the ACT.
-
The Explore Inheritance diagram
enables you to identify all of an object’s access control parents.
The diagram has an effective permissions overlay that helps you determine,
for a specified identity and permission, where within the inheritance
path access is gained or lost.
-
In each object’s authorization
properties, a summary tab provides a simple list of any direct controls
(explicit controls and directly applied ACTs) that have been set on
the object. You can rearrange the list to group settings by identity,
permission, or type (explicit versus ACT).
Note: This application provides
improved access to information. It does not introduce any changes
to the underlying security model.