Roles and Capabilities

About Roles and Capabilities

A role manages the availability of application features such as menu items and plug-ins. An application feature that is under role-based management is called a capability.
Certain actions are available only to users or groups that have a particular role. Any user or group who is a member of a role has all of that role’s capabilities.
Roles can contribute to one another. A role automatically includes all of the capabilities of a role that contributes to it.
Roles differ from permissions. In general, roles do not affect access to metadata or data.

Predefined Roles and Capabilities for SAS Decision Manager

Your installation includes several predefined roles for administrators and users of SAS Decision Manager. Depending on what software you have installed, you might have other predefined roles.
Note: The ability to access and update metadata is subject to permissions that are placed on that metadata. These roles do not affect permissions.
Predefined User Roles and Capabilities
Role
Description
Decision Manager Common: Administration
Users in this role can perform all Decision Manager Common tasks, including administering workflows.
This role is assigned to the group Decision Manager Common Administrators and has the Decision Manager Common: Workflow category capability.
Business Rules Manager: All Capabilities
Users in this role can view and edit all business rules content, including vocabularies, entities, terms, lookup tables, rule sets, and rule flows.
Business Rules Manager: Rule Flow and Rule Set Designer
Users in this role can create, edit, and delete rule sets and rule flows.
Business Rules Manager: Rule Flow and Rule Set Read-Only
Users in this role can view rule sets and rule flows.
Business Rules Manager: Vocabulary and Lookup Designer
Users in this role can create, edit, and delete vocabularies, entities, terms, and lookup tables.
Business Rules Manager: Vocabulary and Lookup Read-Only
Users in this role can view vocabularies, entities, terms, and lookup tables.
Model Manager: Administration Usage
Users in this role can perform all model management tasks.
This role is assigned to the group Model Manager Administrator Users and has the following Model Manager Plug-in capabilities by default:
  • Model Projects category
  • Model Portfolios category
Model Manager: Advanced Usage
Users in this role can perform all model management tasks except for tasks that can be performed only by an application administrator.
This role is assigned to the group Model Manager Advanced Users and has the following Model Manager Plug-in capabilities by default:
  • Model Projects category
  • Model Portfolios category
Model Manager: Usage
Users in this role are general users that can perform all tasks except for advanced user tasks and administrator tasks.
This role is assigned to the group Model Manager Users.
Comments: Administrator
Users in this roll can edit or delete comments.
The ability to edit and delete comments is controlled by the capabilities under Applicationsthen selectSAS Application Infrastructurethen selectComments in SAS Management Console.
Management Console: Advanced
Provides access to all plug-ins in SAS Management Console.
This role is assigned to the group SAS Administrators.
Metadata Server: Operation
Supports adding metadata repositories and operating the metadata server.
This role is assigned to the group SAS Administrators.
Metadata Server: User Administration
Supports management of users, groups, and roles other than the unrestricted users role.
This role is assigned to the group SAS Administrators.
Metadata Server: Unrestricted
Provides all capabilities in SAS Management Console and provides access to all metadata.
This role is assigned to the group SAS Administrator Users.

Viewing Roles and Capabilities in SAS Management Console

To view details about a role, open the User Manager plug-in in SAS Management Console, right-click the role, and select Properties. You can then view tabs that display the role’s members, capabilities, and contributing roles.
For example, the following display shows the capabilities for the Business Rules Manager: Rule Flow and Rule Set Designer role. These capabilities correspond to the description of this role in Predefined Roles and Capabilities for SAS Decision Manager.
SAS Management Console showing the roles and capabilities for SAS Business Rules Manager
Note: Some roles have implicit capabilities that are not specified on the Capabilities tab.
The SAS Decision Manager capabilities control access to categories in the application. For example, the Rule Sets and Rule Flows categories do not appear when a user signs in to SAS Decision Manager if that user is not assigned to either of the following categories:
  • Business Rules Manager: Rule Flow and Rule Set Designer
  • Business Rules Manager: Rule Flow and Rule Set Read-Only
The Create/Update and Delete capabilities control access to specific object types. You can combine the category capabilities with the object capabilities to control access at whatever level is needed. For example, if you want a user to be able to view and edit rule flows only, the user should have only the following capabilities:
  • Manage Business Rule Flows/Sets for the Business Rules Plugin
  • Create/Update and Delete capabilities for Rule Flow objects
The following table describes the icons used in the Properties window.
Icon
Description
No capabilities icon
None of the capabilities in this category have been specified for this role.
Some capabilities icon
Some of the capabilities in this category have been specified for this role, either explicitly or through a contributing role.
All capabilities icon
All of the capabilities in this category have been specified for this role, either explicitly or through a contributing role.
Shaded check boxes indicate capabilities that come from contributing roles.