 |
|
| Authorization Model |
Inheritance Paths
In the metadata layer, parent items convey their effective permissions to child items. Children inherit the net effect of their parents' access controls, not the access controls themselves. The following figures depict inheritance paths in a foundation repository. The arrows in the figure flow from parent to child. For example, a folder conveys its effective permissions to the items that it contains. The arrows in the second figure flow from child to parent, showing the same relationships from a different perspective.
Inheritance Paths (Integrated View)
![[Inheritance Paths (Integrated View)]](images/ra-inherit-down2.gif)
Inheritance Paths (Separated View)
![[Inheritance Paths (Separated View)]](images/ra-inherit-items2.gif)
Here are some details about the preceding figures:
-
The depicted folder structure is arbitrary and intended only to show the security relationships between different types of items.
-
Not all item types are depicted. To trace inheritance for a particular item, click Advanced on that item's Authorization tab. This feature is available to only unrestricted users.
-
The root folder represents the top of the folder tree for the foundation repository. It corresponds to the SAS Folders node on the Folders tab in SAS Management Console.
-
The root folder inherits settings from the Permission Pattern tab of the repository ACT.
-
Any custom repositories are represented as folders (immediate children of the foundation root folder). Although these folders inherit permissions from both the foundation root folder and the repository ACT of the custom repository, access to items within the custom repository branch should be managed from the folder side (except for items that aren't in the folder tree).
-
On the Folders tab in SAS Management Console, your My Folder
![[my folder icon]](images/myfolder.gif)
is displayed directly below the root folder. This
is just a shortcut for accessing your personal content area; this folder is
not an immediate child of the root folder. -
The figures show users, groups, and roles inheriting repository-level permissions. The Authorization tab in a user, group, or role displays default settings that reflect special rules that prevent regular users from modifying or deleting identities. An identity's Authorization tab can affect access to that identity's definition. An identity's Authorization tab has no effect on what that identity can do.
See Also
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.