Permission
(Abbreviation)
|
Actions Affected and
Limitations on Enforcement
|
---|---|
ReadMetadata (RM)
|
View an object. For
example, to see an information map, you need RM for that information
map. To see (or traverse) a folder, you need RM for that folder.
|
WriteMetadata (WM)
|
Edit, delete, change
permissions for, or rename an object. For example, to edit a report,
you need WM for the report. To delete a report, you need WM for the
report (and WMM for the parent folder of the report). WM can also
affect the ability to create associations. For example, you need WM
on an application server in order to associate a library to that server.
WM affects the ability to create objects in certain containers. For
example, to add an object anywhere in a repository, you need WM at
the repository level. For folders, adding and deleting child objects
is controlled by WMM, not WM.
|
WriteMemberMetadata
(WMM)
|
Add an object to a folder
or delete an object from a folder. For example, to save a report to
a folder, you need WMM for the folder. To remove a report from a folder,
you need WMM for the folder (and WM for the report). To enable someone
to interact with the contents of a folder, but with not the folder
itself, grant WMM and deny WM.1
|
CheckInMetadata (CM)
|
Check in and check out
objects in a change-managed area. Change management is an optional
feature that is supported by only SAS Data Integration Studio.2
|
Administer (A)
|
Monitor, stop, pause,
resume, refresh, or quiesce a server or spawner. For the metadata
server, the ability to perform tasks other than monitoring is managed
by the Metadata Server: Operation
role (not by this permission).
|
Read (R)
|
Read data. For example,
you need RM for a cube in order to see the cube, and you need R for
the cube in order to run a query against it. Enforced for OLAP data,
information maps, data that is accessed through the metadata LIBNAME
engine, and dashboard objects.
|
Create (C)
|
Add data. For example,
on a table, C controls adding rows to the table. Enforced for data
that is accessed through the metadata LIBNAME engine.
|
Write (W)
|
Update data. For example,
on a table, W controls updating the rows in the table. Enforced for
data that is accessed through the metadata LIBNAME engine, for publishing
channels, and for dashboard objects.
|
Delete (D)
|
Delete data. For example,
D on a library controls the deletion of tables from the library. Enforced
for data that is accessed through the metadata LIBNAME engine and
for dashboard objects.
|
ManageMemberMetadata
(MMM)
|
Change the membership
of the Group and Role. Cannot change security or other account attributes
|
ManageCredentialsMetadata
(MCM)
|
Manage accounts and
trusted logins of User and Group. Cannot change security or other
account attributes.
|
1A folder's WMM settings mirror its WM settings unless the folder has a direct control for WMM. A grant (or deny) of WMM on a folder becomes an inherited grant (or deny) of WM on the objects and subfolders within that folder. WMM is not inherited from one folder to another. WMM is not applicable to specialized folders (such as virtual folders, favorites folders, or search folders). | |
2In any change-managed areas of a foundation repository, change-managed users should have CM (instead of WM and WMM). |