Getting Started With Permissions

Inherited Settings

Instead of setting permissions on every individual item, use inherited settings. This approach reduces the number of access controls that you have to manage. For example, rather than adding explicit settings or ACTs to every report, you can set permissions on a folder that contains reports for which those permissions are appropriate.

To learn more, complete this exercise in SAS Management Console:

Log on as someone who has a well-formed user definition.
On the Folders tab, right-click your My Folder and select New Folder. Create a new folder named parent.
Right-click the parent folder and create another folder named child.
Right-click the child folder and select Properties. On the Authorization tab, select SASUSERS. Notice that this group has an indirect denial of the Read permission. Click Cancel.
Right-click the parent folder and select Properties. On the Authorization tab, select SASUSERS, add an explicit grant of Read permission, and click OK.
Right-click the child folder and select Properties. On the Authorization tab, select SASUSERS. Notice that this group now has an inherited grant of Read permission.
On the child folder's Authorization tab, add an explicit grant of Read permission on top of the inherited grant of Read permission, and click OK. This ensures that read access for SASUSERS is preserved even if the setting on the parent folder changes.
To verify that the explicit setting on the child folder is preserved, change the parent folder setting for SASUSERS to an explicit denial of Read permission, and then check the child folder settings again. For SASUSERS, the explicit grant of Read permission is still there. The denial on the parent folder is not relevant for the child folder because there is an explicit setting on the child folder.
To clean up, right-click the parent folder and select Delete.

	Orientation to Working With Permissions
	The Authorization Tab
	Inheritance Paths