Configuring Users, Groups, and Roles

Overview of Configuring Users, Groups, and Roles

When you use SAS Management Console to configure users, groups, and roles, users from different departments or divisions can collaborate to create, update, and deploy models. They use the SAS Publishing Framework to inform subscribers about model updates.
As an administrator, you need to create users, user groups, and then assign roles in order for users to access the SAS Model Manager repository. The User Manager plug-in for SAS Management Console allows a user to define a user or a group. A wizard helps you create the user and groups of users and also to assign roles.
Note: If you are using an automated approach to add and maintain user identities, see User Import Macros in SAS Intelligence Platform: Security Administration Guide.

SAS Model Manager Users, Groups, and Roles

The following users, groups, and roles are created as part of the SAS Model Manager installation process:
Note: The SAS Model Manager Administrator user is no longer created by default during installation. You must create a user and assign the user to the Model Manager Administrator Users group.
SAS Model Manager Users
User
Description
SAS Administrator
This user has access to all SAS Management Console capabilities and metadata administrative tasks.
SAS 9.4 creates this user during installation.
SAS Demo User
This user is optional. You can choose to create this user during installation. However, this user is not assigned to a group during installation.
SAS Model Manager Groups
Group
Description
SAS Administrators
This group performs metadata administrative tasks.
SAS 9.4 creates this group during installation.
Model Manager Administrator Users
This group has administrative permissions for the SAS Model Manager Client and to the Workflow Console.
Model Manager Advanced Users
This group has permissions to read, write, and delete content.
Model Manager Users
This group has permission to read content.
Model Manager Example Life Cycle Assignee Users
This group is used by the example life cycle templates that are shipped with SAS Model Manager. The group contains those users who can change the status of life cycle tasks, but who cannot approve them.
Model Manager Example Life Cycle Approver User
This group is used by the example life cycles templates that are shipped with SAS Model Manager. The group contains those users who can approve completed life cycle tasks.
SAS Model Manager Roles
Role
Description
Comments Administrator
A user who can manage comments in the SAS Model Manager Workflow Console.
This role is assigned to the group Model Manager Administrators.
Management Console: Advanced
Provides access to all plug-ins in SAS Management Console.
This role is assigned to the group SAS Administrators.
Metadata Server: Operation
Supports adding metadata repositories and operating the metadata server.
This role is assigned to the group SAS Administrators.
Metadata Server: User Administration
Supports management of users, groups, and roles other than the unrestricted users role.
This role is assigned to the group SAS Administrators.
Metadata Server: Unrestricted
Provides all capabilities in SAS Management Console and provides access to all metadata.
This role is assigned to the group SAS Administrator Users.
Model Manager: Administration Usage
A user who can perform all SAS Model Manager tasks.
This role is assigned to the group Model Manager Administrator Users.
Model Manager: Advanced Usage
A user who can perform all SAS Model Manager tasks except for tasks that can be performed only by a SAS Model Manager administrator.
This role is assigned to the group Model Manager Advanced Users.
Model Manager: Usage
A SAS Model Manager general user. The general user can perform all tasks except for advanced user tasks and administrator tasks.
This role is assigned to the group Model Manager Users.
Model Manager: Life Cycle Assignee Usage
A user or group who can be assigned to complete a life cycle task.
Model Manager: Life Cycle Approval Usage
A user or group who can approve the completion of a life cycle task.
Model Manager: Life Cycle Participant Usage
A user or group that is displayed in the Participant selection list of the Life Cycle Template Editor.
SAS Model Manager Java Services Capabilities
Capability
Description
Workflow Service: Create a workflow instance
Users or groups associated with a usage role that has this capability can create a workflow instance.
This role is assigned to the Model Manager: Administration Usage role by default.
Job Execution Service: Refresh job logs
Provides access to all plug-ins in SAS Management Console.
This role is assigned to the group SAS Administrators.
For more information about SAS Model Manager tasks that are associated with each role, see the SAS Model Manager: User's Guide.

Create a New User

Before creating users for SAS Model Manager, you need to define these users on your network domains with valid user IDs and passwords. SAS Management Console helps you create users by using the New User wizard. You can click Help anytime to get information about the current window properties.
To create a new user:
  1. In SAS Management Console, right-click User Manager from the Plug-ins tab, and select Newthen selectUser. The New User Properties window appears.
    New Users Properties window
  2. Enter the name of the user on the General tab.
    The Display Name, Job Title, and Description are optional.
    CAUTION:
    Do not use spaces or special characters in the name of a user, group, or role.
  3. Provide an e-mail address for the user to receive e-mail notifications from the SAS Publishing Framework. Click the E-mail tab on the lower panel and then click New. The E-mail Properties dialog box appears.
    E-mail Properties Window
  4. Enter SMTP in the Type field and the user's e-mail address in the Address field. Click OK.
  5. Click the Group and Roles tab if you want this user to be included in a specified group. Use the arrow button to add the new user to a group.
    New User Group and Roles Tab
  6. Click the Accounts tab and select New.
  7. Enter the User ID, Password, and the Authentication Domain. Click New to create a new valid domain. Enter a name and description for the new domain, and then click OK twice to add the new account.
  8. (Optional) Click the Authorization tab if you want to add users or groups that can view and modify the metadata of this group. It is recommended that you specify authorizations for group level and not user level.
  9. Click OK.
    The newly created user is displayed with all the other users when the User Manager object is selected from the SAS Management Console navigation tree.
  10. In a Windows environment grant the new user permissions for the user rights assignment of Log on as a batch job for local security policies on the machine that hosts the SAS Workspace Server.

Create a New User Group

To create a user group:
  1. In SAS Management Console, right-click User Manager from the Plug-ins tab, and select Newthen selectGroup. The New Group Properties window appears.
    New Group Properties
  2. Enter the name of the group on the General tab. The other fields are optional.
  3. Click the Members tab. From the Available Identities list, select the users to be included in this group. Select the user name from the Available Identities list and click the arrow button to add it to the Current Members list.
    New Group Members List
  4. (Optional) Select the Groups and Roles tab if you want this user group to be included in a specified group.
  5. (Optional) Select the Accounts tab. You might need this to create the New Login Properties for users who were not defined previously.
  6. (Optional) Click the Authorization tab if you want to add users or groups that can view and modify the metadata of this group.
  7. Click OK.
    The newly created group name is displayed with all the other groups when the User Manager object is selected from the SAS Management Console navigation tree.

Create a New Role

To create a new role:
  1. In SAS Management Console, right-click User Manager from the Plug-ins tab, and select Newthen selectRole. The New Role Properties window appears.
    New Role Properties
  2. Enter the name of the role on the General tab. The other fields are optional.
  3. Click the Members tab. From the Available Identities list, select the users and groups to assign to this role. Select the user or group name from the Available Identities list and click the arrow button to add it to the Current Members list.
    New Role Members List
  4. Click the Capabilities tab. Expand the tree nodes, and then select the check boxes to assign capabilities to the role.
  5. Click the Contributing Roles tab to give this role all of the capabilities of one or more other roles. Use the arrows to add the new user to a group.
    Note: Changes that you make to a role's capabilities affect any roles with which that role is associated.
  6. (Optional) Click the Authorization tab if you want to add users or groups that can view and modify the metadata of this role.
  7. Click OK.
    The newly created role name is displayed with all the other roles when the User Manager object is selected from the SAS Management Console navigation tree.
Copyright © SAS Institute Inc. All rights reserved.