Working with Inherited Settings
Instead
of setting permissions on every individual object, use inherited settings.
This approach reduces the number of access controls that you have
to manage. For example, rather than adding explicit settings or ACTs
to every report, you can set permissions on a folder that contains
reports for which those permissions are appropriate.
To learn more, complete
this exercise in SAS Management Console:
-
Log on as someone who has a well-formed user definition.
-
On the Folders tab, right-click your My Folder
and select New
Folder. Create a new folder
named parent. -
Right-click the
parentfolder and create another folder namedchild.
-
Right-click the
childfolder and select Properties. On the Authorization tab, select SASUSERS. Notice that this group has an indirect
denial of the Read permission. Click Cancel.
-
Right-click the
parentfolder and select Properties. On the Authorization tab, select SASUSERS, add an explicit
grant of Read permission, and click OK.
-
Right-click the
childfolder and select Properties. On the Authorization tab, select SASUSERS. Notice that this group now has an inherited grant of Read permission.
-
On the
childfolder's Authorization tab, add an explicit grant of Read permission on top of the inherited
grant of Read permission, and click OK.
This ensures that Read access for SASUSERS is preserved even if the
setting on the parentfolder changes. -
To verify that the explicit setting on the
childfolder is preserved, change theparentfolder setting for SASUSERS to an explicit denial of Read permission, and then check the childfolder settings again. For SASUSERS, the explicit grant of Read permission is still there. The denial
on the parentfolder is not relevant for thechildfolder because there is an explicit setting on thechildfolder. -
To clean up, right-click the
parentfolder and select Delete.
Copyright © SAS Institute Inc. All Rights Reserved.