Use ACTs to avoid having
to repeatedly set the same explicit permissions for the same identities
on multiple objects. When you apply an ACT to an object, the ACT settings
are added to the object's protections.
How to Use an ACT
Determine whether there
is an existing ACT that you can use.
On the Plug-ins tab
of SAS Management Console, select Authorization
ManagerAccess Control Templates.
On the Permission
Pattern tab of each ACT, examine the settings for each identity. If you do not find an appropriate ACT, consider using a combination of ACTs and
explicit settings or creating a new ACT.
Note: Do not confuse an ACT's Authorization tab
with its Permission Pattern tab. Settings
on an ACT's Authorization tab affect who
can access that ACT; settings on an ACT's Permission Pattern tab
affect access to the objects to which that ACT is applied.
When you have identified
an ACT that you want to use, navigate to an object to which you will
add that ACT's settings. On the object's Authorization tab,
click Access Control Templates.
Expand the nodes in
the Available list box, move the ACT to the Currently
Using list box, and click OK.
Note: The repository ACT is typically
not in the Currently Using list box because
that ACT is typically not applied to any objects.
Note: You can apply multiple ACTs.
If there is a tie (for example, a group is granted ReadMetadata in
one applied ACT and denied ReadMetadata in another applied ACT), the
outcome is a denial. For a full discussion of precedence, see SAS
Intelligence Platform: Security Administration Guide.
On the object's Authorization tab,
notice that the Users and Groups list box now includes the identities that participate in the ACT that you selected.
Select each identity and verify that the revised settings are as you expect. On the
Authorization tab of an object
to which an ACT is applied, settings that are explicit in the ACT's pattern are green .