Role-Based Access to Features :: SAS(R) Visual Process Orchestration 2.2: User's Guide

Overview

When you log on to SAS Data Management Console, you are granted access to applications and features based on the roles and capabilities that are associated with your login. Typically, these roles are assigned to a group to which you belong. For example, by default, members of the Data Management Executives group have the Data Management: Process Orchestration role. This role has one capability: ViewApplication, which enables access to SAS Visual Process Orchestration. Without this capability, you cannot see SAS Visual Process Orchestration features in SAS Data Management Console.

Default Groups, Roles, and Capabilities

The following groups, roles, and capabilities are installed in SAS Management Console when SAS Visual Process Orchestration is installed.

Default Groups, Roles, and Capabilities
Role Name	Role Description	Capability IDs	Groups That Get This Role by Default
Process Orchestration: Job Administration	Provides all functionality related to administrative activities for SAS Visual Process Orchestration jobs.	ViewApplication; UnlockOtherUsersJobs; StopOtherUsersJobs (see Usage Notes below); EditJobs; RunJobs	Data Management Administrators
Process Orchestration: Job Development	Provides functionality related to editing SAS Visual Process Orchestration jobs.	ViewApplication; EditJobs; RunJobs	Data Management Stewards; Data Management Power Users
Process Orchestration: Job Execution	Provides functionality related to running SAS Visual Process Orchestration jobs.	ViewApplication; RunJobs	Data Management Business Users
Data Management: Process Orchestration	Provides default access to the SAS Visual Process Orchestration application.	ViewApplication	Data Management Business Approvers; Data Management Executives

Define Users and Link Them to Groups (and Roles)

SAS Visual Process Orchestration is installed as part of a bundle of products. After installation, an administrator uses SAS Management Console to perform the following tasks:

Create a user definition for each person who uses SAS Visual Process Orchestration.
Create any custom groups (and roles) that you might require if the default groups provided by SAS Visual Process Orchestration do not meet your needs.
Assign each user to one or more of the default or custom groups in order to grant each user the capabilities that he or she requires.

For more information about defining users and groups in SAS Management Console, see SAS Management Console: Guide to Users and Permissions.

Usage Notes for Roles and Capabilities

Capabilities Work in Combination with Other Methods for Granting Privilege

Capabilities cannot grant privileges in excess of those that are granted by other, relevant systems. For example, suppose that you have the capability called StopOtherUsersJobs. This capability alone is not sufficient to stop someone else’s job that is running on a DataFlux Data Management Server. To do that, you (or a group to which you belong) must be a member of the administrative group that is defined on the DataFlux Data Management Server.