Administering Portal Authorization |
A group content administrator is a user who has WriteMetadata permission for the respective group, and the group's Portal permission tree. A group content administrator can share personal content with the group, and can edit or remove content that has been shared with the group. (The SAS administrator and the SAS Trusted User has WriteMetadata permission for all group permission trees that are defined in metadata.)
Prerequisites: Before you can assign a content administrator for a group, all of the following must be true:
The person who will be a content administrator must have a user identity that is defined in SAS metadata.
This user identity must be a member of the group that the person will administer.
A group permission tree folder must exist in metadata for the group. To verify that a permission tree folder exists, or to create one, see Overview of Permission Tree Folders.
To configure a group content administrator for the Portal Application Permissions tree, follow these steps:
Log on to SAS Management Console as the SAS Administrator (sasadm).
On the Plug-ins tab in SAS Management Console, navigate to Environment Management Authorization Manager Resource Management By Type Tree.
Right-click on the permissions tree for the group and select Properties.
In the permissions tree properties dialog box, select the Authorization tab.
Select the Add button to display the Add Users and Groups dialog box.
In the Add Users and Groups dialog box, select and move the group content administrator under Available Identities to Selected Identities. Note that the group content administrator must be a person, and not a group.
Click OK to exit the dialog box.
When you return to the Authorization tab, make sure the appropriate user is selected in the Users and Groups list box.
To modify the permissions for the selected user, in the permissions list row for the WriteMetadata permission, select Grant.
Important Note: Ensure that the permission is explicit. The check box for a permission that comes from a directly assigned access control entry (ACE) has no added background color. If the check box for a permission has a background color, to remove the background color and designate the permission as a directly assigned permission, click the check box again.
The following example display of the Authorization tab shows the permissions for the SAS Demo Users group tree. The WriteMetadata permission is directly assigned to the content administrator (in this example, the SAS Demo Admin user).
In the properties dialog box, click OK to save your changes.
The user that was configured as a group content administrator can now log on to the portal and share personal content with that group.
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.