Problem Note 15314: Direct ACE (Access Control Entry) may not override permissions defined in ACT (Access Control Template)
 |  |  |  |  |
Permissions defined in an ACE (Access Control Entry) that have been explicitly or directly applied to an object may be ignored when the object has a conflicting permission from an ACT (Access Control Template). This behavior can result in a permission being denied when it should be granted.
This problem has been encountered when all the following are true:
- A user is a direct member of one or more Identity Groups at the same group membership level.
- One Identity Group is granted access by an explicit ACE.
- Another or same Identity Group is denied access by an ACT.
To circumvent the problem, remove the ACT containing the deny.
Note: See The User/Group Identity Hierarchy in the SAS® 9.1.3 Intelligence Platform: Security Administration Guide for details on group membership level.
Select the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Metadata Server | Microsoft Windows XP Professional | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 |
| Microsoft Windows NT Workstation | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows Server 2003 Standard Edition | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows Server 2003 Enterprise Edition | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows Server 2003 Datacenter Edition | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows 2000 Server | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows 2000 Professional | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows 2000 Advanced Server | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows 2000 Datacenter Server | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| 64-bit Enabled Solaris | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| z/OS | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| Linux on Itanium | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| HP-UX IPF | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
| 64-bit Enabled AIX | 9.1 TS1M3 SP2 | 9.1 TS1M3 SP4 | ||
A fix for SAS 9.1.3 (9.1 TS1M3) for this issue is available at:
http://www.sas.com/techsup/download/hotfix/e9_sbcs_prod_list.html#015314A fix for SAS 9.1.3 (9.1 TS1M3) with Asian Language Support (DBCS) for this issue is available at :
http://www.sas.com/techsup/download/hotfix/e9_dbcs_prod_list.html#015314| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2006-11-21 13:46:44 |
| Date Created: | 2005-05-24 13:03:29 |