Applying row-level security to a SAS LASR Analytic Server table enables an administrator to grant access to data rows based on an expression.  However, if the qualifying expression becomes too lengthy, users might receive unexpected results. This problem is most likely to occur when using an identity-driven filter such as the following:

In this expression, the row is returned if the data item GROUP matches any of the metadata groups the user is a member of.  Because a user can be a member of any number of groups, this IN statement can grow quite long.  When this problem occurs, users might experience a couple of different behaviors:

• The user might receive an explicit error stating "ERROR: You have insufficient permission to perform the requested operation on table xxx.xxx."
• The number of records returned might be more than what the user should see based on the row-level security expression.

Although row-level permissions are applied in a variety of clients, including SAS^® Visual Analytics, users are most likely to encounter this issue when they are using clients such as Base SAS^®, SAS^® Enterprise Guide^®, and SAS^® Studio.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for LASR Analytic Server 2.8 is available at:

A fix for this issue for LASR Analytic Server 2.7 is available at: