Overview

BI row-level permissions enable you to limit access to SAS data and third-party relational data that is accessed through information maps. Row-level permissions are enforced when relational information maps are accessed from applications such as SAS^® Web Report Studio.

This sample shows you how to create a simple identity-driven, row-level permission in SAS Information Map Studio. As the input table for the information map, this sample uses the SASHELP.CLASS table.

Note: This feature is only available for relational information maps. For OLAP-based information maps, you can specify member-level security (see How to Assign an OLAP Permission Condition).

Note: Row-level permission filters also can be based on group membership (see Sample 31885).

Note: This sample was written using SAS Information Map Studio 3.1, but the tasks are essentially the same for SAS Information Map Studio 4.2 and later.

Tip: If your environment includes a SAS Demo User, then use that account to follow along with the sample steps.

Create the Security Associations Table

A security associations table documents the relationships between a user and the information that you want to control access to. The following DATA step code was used to create the security associations table that is used in this sample.

data sashelp.rlp_class;  
   input PersonName $13. @14 Gender $;  
   datalines;
SAS Demo User F
SAS Guest     M
;
run;

Note: Remember to register the security associations table in SAS^® Management Console.

In this sample, SAS Demo User is given permission to only view information for females and SAS Guest is given permission to only view information for males.

Create the Information Map

1. Log in to SAS Information Map Studio. This sample uses the credentials for SAS Demo User.
2. Use Insert –> Table to insert both the CLASS table and the RLP_CLASS table.



3. From the Physical Data panel, move all of the columns from the CLASS table over to the Information Map panel. Do not move over any columns from the RLP_CLASS table.



4. Save the information map.
5. Right-click on the information map name and select Properties.
6. Select the Required Tables tab, make RLP_CLASS a required table, and then click OK.



7. On the Relationships tab, associate Sex in the CLASS table with Gender in the RLP_CLASS table.



8. Click the Presentation tab, and select Insert–>Filter.
9. Name the filter and then click Edit Data Item to open the Edit Expression dialog box.
10. Select Character as the type of expression.
11. On the Data Sources tab beneath the Expression Text box, expand the RLP_CLASS table, select the PersonName column, and then click Add to Expression.



12. Click OK to return to the New Filter dialog box.

Define the Identity-Driven Filter

From the drop-down list beneath Value(s), select Derive identity values (for row-level permissions) to see a list of identity-driven properties. This sample filters on SAS.PersonName.

Expand Filter expression at the bottom of the dialog box to see the criteria that you have just defined.

Make the Filter Required

1. Right-click on the information map name and select Properties.
2. Select the General Prefilters tab, and assign the RLP_Filter to the CLASS table, and then click OK.

View the Results

To see results of testing this filter in SAS Information Studio and SAS Web Report Studio, click the Results tab at the top of this sample.

Additional Documentation

For more information about creating row-level permissions, see the documentation for the version of SAS that you are using:

• SAS 9.4 Guide to BI Row-Level Permissions .
• SAS 9.3 Guide to BI Row-Level Permissions .
• SAS 9.2 Intelligence Platform: Security Administration Guide: BI Row-Level Permissions.
• SAS 9.1.3 Intelligence Platform: Security Administration Guide, "Chapter 10: BI Row-Level Permissions".

For more information about SAS Information Map Studio, see the SAS Information Map Studio documentation page.

---

These sample files and code examples are provided by SAS Institute Inc. "as is" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. Recipients acknowledge and agree that SAS Institute shall not be liable for any damages whatsoever arising out of their use of this material. In addition, SAS Institute will provide no support for the materials contained herein.

---

These sample files and code examples are provided by SAS Institute Inc. "as is" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. Recipients acknowledge and agree that SAS Institute shall not be liable for any damages whatsoever arising out of their use of this material. In addition, SAS Institute will provide no support for the materials contained herein.

Test the Filter in SAS Information Map Studio

1. Select Tools–>Test.
2. Select all of the data items. (You do not have to select the filter because you made it required).



3. Click Test to see results only for females because SAS Demo User is the currently logged-in user.

Test the Filter in SAS Web Report Studio

1. Log into SAS Web Report Studio as SAS Guest.
2. View a report that is based on the RLP Sample Map. Recall that SAS Guest can only view information about males.

Operating System and Release Information