Users, Groups, and Roles |
The metadata server enforces these identity-related constraints:
You can't create a user definition that has the same name as an existing user definition. The display names don't have to be unique.
Note: We recommend that you avoid using spaces or special characters in the name of a user, group, or role that you create. Not all components support spaces and special characters in identity names.
You can't create a group or role definition that has the same name as an existing group or role definition. The display names don't have to be unique.
You can't assign the same external account ID to two different identities. All of the logins that include a particular ID must be owned by the same identity. This requirement enables the metadata server to resolve each ID to a single identity.
This requirement is case-insensitive. For example, you can't assign a login with an ID of smith to one user and a login with an ID of SMITH to another user.
This requirement applies to the fully qualified form of the ID. For example, you can assign a login with an ID of winDEV\brown to one user and a login with an ID of winPROD\brown to another user. In this example, winDEV and winPROD are Windows domain names, which are incorporated into the fully qualified form of an external account ID.
This requirement can't be mitigated by associating the logins with different SAS authentication domains. For example, assume that one user has a login with an ID of smith that is associated with a SAS authentication domain named DefaultAuth. In that case, you can't give any other user a login with the ID smith, even if you plan to assign the login to a different SAS authentication domain.
Note: To enable multiple users to share an account, store the credentials for that account in a login as part of a group definition. Then add the users who will share the account as members of that group definition.
If you give a user two logins that contain the same ID, the logins must be associated with different authentication domains. Within an authentication domain, each ID must be unique. For example, if you give the person Tara O'Toole two logins that both have an ID of tara, then you can't associate both of those logins with the OraAuth authentication domain.
Note: Like the previous requirement, this requirement is case-insensitive and is applied to the fully qualified form of the external account ID.
A user can have multiple locations, e-mail addresses, and telephone numbers. However, each user can have only one item of a given type. For example, a user can have one home e-mail address and one work e-mail address, but not two work e-mail addresses.
See Also
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.