Security Overview |
The SAS implementation of roles enables you to manage the availability of application features such as menu items, plug-ins, and buttons. Applications that have roles include the SAS Add-In for Microsoft Office, SAS Enterprise Guide, SAS Management Console, and SAS Web Report Studio. For example, role memberships determine whether a user can see the Server Manager plug-in (in SAS Management Console), compare data (in SAS Enterprise Guide), or directly open an information map (in SAS Web Report Studio). You can assign roles to users and to groups.
An application feature that is under role management is called a capability. Each application that supports roles provides a fixed set of explicit and implicit capabilities. Explicit capabilities can be incrementally added to or removed from any role (other than the unrestricted role, which always provides all explicit capabilities). An implicit capability is permanently bound to a certain role. A contributed capability is an implicit or explicit capability that is assigned through role aggregation. If you designate one role as a contributing role for another role, all of the first role's capabilities become contributed capabilities for the second role.
In general, roles are separate from permissions and do not affect access to metadata or data.
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.