![]() |
![]() |
Getting Started With Permissions |
Instead of setting permissions on every individual item, use inherited settings. This approach reduces the number of access controls that you have to manage. For example, rather than adding explicit settings or ACTs to every report, you can set permissions on a folder that contains reports for which those permissions are appropriate.
To learn more, complete this exercise in SAS Management Console:
Log on as someone who has a well-formed user definition.
On the Folders tab, right-click
your My Folder
and select New Folder. Create a new folder named parent.
Right-click the parent folder and create another folder named child.
Right-click the child folder and
select Properties. On the Authorization tab, select SASUSERS. Notice that
this group has an indirect
denial of the Read permission. Click
Cancel.
Right-click the parent folder and
select Properties. On the Authorization tab, select SASUSERS, add an explicit
grant of Read permission, and click OK.
Right-click
the child folder and
select Properties. On the Authorization tab, select SASUSERS. Notice that
this group now has an inherited
grant of Read permission.
On the
child folder's Authorization tab, add an explicit
grant of
Read permission on top of the inherited
grant of Read permission,
and click OK. This ensures that read access for
SASUSERS is preserved even if the setting on the parent
folder changes.
To verify that the explicit setting on the child folder is preserved, change the parent
folder setting for SASUSERS to an explicit
denial of Read
permission, and then check the child folder
settings again. For SASUSERS, the explicit
grant of Read
permission is still there. The denial on the parent
folder is not relevant for the child folder
because there is an explicit setting on the child
folder.
To clean up, right-click the parent folder and select Delete.
See Also
![]() |
![]() |
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.