|

Authorization Model

Permissions by Task

The following tables show required metadata layer permissions for selected tasks. This list explains symbols in the tables:

An asterisk (*) in a column heading indicates that an item is optional. For example, not all reports include a stored process.
R^MLE indicates that the Read permission is required only if data is accessed through the metadata LIBNAME engine.
R^{MLE, OLAP} indicates that the OLAP data can be also involved (the Read permission is always required for OLAP data).

There is a separate table for folders, reports, information maps, stored processes, publishing channels, tables, and cubes.

Working with Folders: Permissions for Selected Tasks
Task	Repository	Parent Folder	Folder	Item
Add a folder	RM, WM	RM, WMM¹	-	-
Delete a folder	RM	RM, WMM¹	RM, WM	-
Rename a folder	RM	RM	RM, WM	-
Set folder permissions	RM	RM	RM, WM	-
Add an item to a folder	RM, WM	RM	RM, WMM	-
Delete an item from a folder	RM	RM	RM, WMM	RM, WM
Copy/export items	RM	RM	RM	RM
Paste/import items	RM, WM	RM	RM, WMM	-
1 If the parent folder is the root folder , you need RM, WM on the root folder.

Working with Reports: Permissions for Selected Tasks
Task	Repository	Parent Folder	Report	Stored Process*	Information Map*	Data
Create and save a new report	RM, WM	RM, WMM	-	RM	RM, R	RM, R^{MLE, OLAP}
Delete a report	RM	RM, WMM	RM, WM	-	-	-
View or refresh a report	RM	RM	RM	RM	RM, R	RM, R^{MLE, OLAP}
View a batch report	RM	RM	RM	-	-	-
Edit or rename a report	RM	RM	RM, WM	-	-	-
Set report permissions	RM	RM	RM, WM	-	-	-

Working with Information Maps: Permissions for Selected Tasks
Task	Repository	Parent Folder	Information Map	Stored Process*	Data
Create and save a new information map	RM, WM	RM, WMM	-	RM	RM, R^{MLE, OLAP}
Delete an information map	RM	RM, WMM	RM, WM	-	-
Set information map permissions	RM	RM	RM, WM	-	-
Edit or rename an information map	RM	RM	RM, WM	-	-
Run queries in an information map	RM	RM	RM, R	RM	RM, R^MLE, OLAP

Working with Stored Processes: Permissions for Selected Tasks
Task	Repository	Parent Folder	Application Server	Stored Process	Data
Register a stored process	RM, WM	RM, WMM	RM, WM	-	-
Delete a stored process	RM	RM, WMM	RM, WM	RM, WM	-
Set stored process permissions	RM	RM	RM	RM, WM	-
Run a stored process	RM	RM	RM	RM	RM, R^MLE, OLAP

Working with Publishing Channels: Permissions for Selected Tasks
Task	Repository	Parent Folder	Channel	Subscriber
Add a channel or subscriber	RM, WM	RM, WMM	-	-
Delete a channel or subscriber	RM	RM, WMM	RM, WM	RM, WM
Edit a channel or subscriber	RM	RM	RM, WM	RM, WM
Publish content to a channel	RM, WM¹	RM	RM, W, WM¹	RM²
1 WM is required if the channel has an archive persistent store. 2 Content is published to only those subscribers for whom you have RM.

Working with Tables: Permissions for Selected Tasks
Task	Repository	Application Server	Library	Parent Folder	Table	Column
Register a table	RM, WM	RM	RM, WM	RM, WMM	-	-
Delete a table	RM	RM	RM, WM	RM, WMM	RM, WM	-
Set table permissions	RM	-	RM	RM	RM, WM	-
Access table data	RM	RM	RM	RM	RM, R^MLE	RM
Register a library	RM, WM	RM, WM	-	RM, WMM	-	-

Working with Cubes: Permissions for Selected Tasks
Task	Repository	Application Server	OLAP Schema	Parent Folder	Cube	Source Data Sets
Register a cube	RM, WM	RM	RM, WM	RM, WMM	-	RM, R^MLE
Delete a cube	RM	RM	RM, WM	RM, WMM	RM, WM	-
Rebuild a cube	RM	RM	RM	RM	RM, WM	RM, R^MLE
Refresh a cube	RM	RM	RM	RM	RM, R	RM, R^MLE
Set cube permissions	RM	-	RM	RM	RM, WM	-
Access cube data	RM	RM	RM	RM	RM, R	-
Register a schema	RM, WM	RM, WM	-	RM, WMM	-	-
Use the OLAP Server Monitor	RM	A	-	-	-	-

See Also

	Use and Enforcement of Each Permission
	Permissions by Item

|

|

Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.