Previous Page

|

Next Page

Users, Groups, and Roles

Differences Between Roles and Groups

Roles and groups serve distinct purposes. You can't assign permissions to a role or capabilities to a group. Here are some additional distinctions:

• The identity hierarchy is relevant for groups, but not for roles. If you are a member of a role, you have all of that role's capabilities, regardless of whether you are a direct member of that role and what your other memberships are.

• You can deny a permission to a group, but you can't deny a capability to a role. Each role either provides or doesn't provide each capability. No role takes capabilities away from its members.

• A group's permissions are not displayed as part of a group definition, but a role's capabilities are displayed as part of a role definition.

• A group can be a member of another group, but a role cannot be a member of another role. Instead, one role can contribute its capabilities to another role.

See Also

	Role Definitions
	Main Administrative Roles
	How to Assign Capabilities to Roles

Previous Page

|

Next Page

|

Top of Page

Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.