Usage Note 20381: Permission errors might occur when you log on to the SASĀ® Information Delivery Portal
 |  |  |  |
When you attempt to log on to the SAS Information Delivery Portal, the logon might fail with the following error in the portal.log file:
l.delegates.authentication.LogonDelegate - Access denied. .metadataOperations.SearchMetadataFacade - getObjectFromId: An error occurred while retrieving metadata. com.sas.services.ServiceException: An error occurred while retrieving metadata. [ com.sas.metadata.remote.MdException: The user does not have permission to perform this action. [ com.sas.iom.SASIOMDefs.GenericError: The user does not have permission to perform this action. ] ]
In addition, the metadata server log might contain the following error:
UpdateMetadata return code=807fe8f4.... DoRequest return code=807fe8f4.... The user does not have permission to perform this action.
These errors indicate that the user has been authenticated but does not have permission to perform an action in the metadata.
To correct the problem, verify that the user has ReadMetadata and WriteMetadata permissions in the default access control template (ACT), as follows:
In the SAS® 9.1.3 Management Console:
- Select Authorization Manager ► Access Control Templates.
- Right-click Access Control Templates and select Properties from the menu for the active ACT (for example, Default ACT)
- Click the Users and Permissions tab and verify that the user or group in which the user is a member has been granted ReadMetadata and WriteMetadata permissions. Note: If the PUBLIC group has these permissions and the user has not been denied these permissions, the permissions are set correctly.
In the SAS® 9.2 Management Console:
- Select Authorization Manager ► Access Control Templates.
- Right-click Access Control Templates and select Properties from the menu for the active ACT (for example, the Default ACT#&41;
- Click the Permission Pattern tab and verify that the user or group in which the user is a member has been granted ReadMetadata and WriteMetadata permissions. Note: If the PUBLIC group has these permissions and the user has not been denied these permissions, the permissions are set correctly.
If the process described above does not solve the problem, verify that the user's portal permission tree has the appropriate permissions. To do this, check the permissions that are set for the portal permission tree for that specific user, as follows:
- Select the path to the Portal Application Tree.
- For SAS 9.1.3 Management Console, select Authorization Manager ► Resource Management ► By Application ► BIP Service ► Portal Application Tree.
- For SAS 9.2 Management Console, select Authorization Manager ► Resource Management ► By Application ►SAS Folders ► Portal Application Tree.
- Find the portal permission tree that is associated with the specific user.
- Right-click that permission tree and select Properties.
- Click the Authorization tab. On this tab, look for an entry for the same ser name. Highlight that name and review the permissions that are granted or denied for that user. The particular user name should be listed for its own permission tree, and that name should be explicitly granted ReadMetadata and WriteMetadata permissions. That is, a check mark, without a colored (green or gray) box around it, should appear under GRANT for those two permission settings.
- Select the PUBLIC group from the same Authorization tab, and ensure that this group is explicitly denied permissions for ReadMetadata and WriteMetadata.
- Select the Portal Admins group from the Authorization tab. and ensure that this group is explicitly granted permissions for ReadMetadata and WriteMetadata.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Information Delivery Portal | Microsoft Windows XP Professional | 2.0 | 9.1 TS1M3 SP4 | ||
| Microsoft Windows 2000 Datacenter Server | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows 2000 Professional | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows 2000 Server | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows NT Workstation | 2.0 | 9.1 TS1M3 SP4 | ||||
| 64-bit Enabled Solaris | 2.0 | 9.1 TS1M3 SP4 | ||||
| Microsoft Windows 2000 Advanced Server | 2.0 | 9.1 TS1M3 SP4 | ||||
| Solaris for x64 | 2.0 | 9.1 TS1M3 SP4 | ||||
| 64-bit Enabled HP-UX | 2.0 | 9.1 TS1M3 SP4 | ||||
| 64-bit Enabled AIX | 2.0 | 9.1 TS1M3 SP4 | ||||
| Type: | Usage Note |
| Priority: | |
| Topic: | System Administration ==> Security |
| Date Modified: | 2011-07-07 10:38:12 |
| Date Created: | 2007-06-13 10:24:45 |