Roles and Capabilities
About Roles and Capabilities
A role manages the availability
of application features such as menu items and plug-ins. An application
feature that is under role-based management is called a capability.
Certain
actions are available only to users or groups that have a particular
role. Any user or group who is a member of a role has all of that
role’s capabilities.
Roles
can contribute to one another. A role automatically includes all of
the capabilities of a role that contributes to it.
Roles differ from permissions.
In general, roles do not affect access to metadata or data.
Predefined Roles and Capabilities for SAS Decision Manager
Your installation includes
several predefined roles for administrators and users of SAS Decision Manager.
Depending on what software you have installed, you might have other
predefined roles.
Note: The ability to access and
update metadata is subject to permissions that are placed on that
metadata. These roles do not affect permissions.
|
Role
|
Description
|
|---|---|
|
Decision Manager Common:
Administration
|
Users in this role can
perform all Decision Manager Common tasks, including administering
workflows.
This role is assigned
to the group Decision Manager Common Administrators and has the Decision
Manager Common: Workflow category capability.
|
|
Business Rules Manager:
All Capabilities
|
Users in this role can
view and edit all business rules content, including vocabularies,
entities, terms, lookup tables, rule sets, and rule flows.
|
|
Business Rules Manager:
Rule Flow and Rule Set Designer
|
Users in this role can
create, edit, and delete rule sets and rule flows.
|
|
Business Rules Manager:
Rule Flow and Rule Set Read-Only
|
Users in this role can
view rule sets and rule flows.
|
|
Business Rules Manager:
Vocabulary and Lookup Designer
|
Users in this role can
create, edit, and delete vocabularies, entities, terms, and lookup
tables.
|
|
Business Rules Manager:
Vocabulary and Lookup Read-Only
|
Users in this role can
view vocabularies, entities, terms, and lookup tables.
|
|
Model Manager: Administration
Usage
|
Users in this role can
perform all model management tasks.
This role is assigned
to the group Model Manager Administrator Users and has the following
Model Manager Plug-in capabilities by default:
|
|
Model Manager: Advanced
Usage
|
Users in this role can
perform all model management tasks except for tasks that can be performed
only by an application administrator.
This role is assigned
to the group Model Manager Advanced Users and has the following Model
Manager Plug-in capabilities by default:
|
|
Model Manager: Usage
|
Users in this role are
general users that can perform all tasks except for advanced user
tasks and administrator tasks.
This role is assigned
to the group Model Manager Users.
|
|
Comments: Administrator
|
Users in this roll can
edit or delete comments.
The ability to edit
and delete comments is controlled by the capabilities under Applications
 SAS Application InfrastructureComments in SAS Management
Console.
|
|
Management Console:
Advanced
|
Provides access to all
plug-ins in SAS Management Console.
This role is assigned
to the group SAS Administrators.
|
|
Metadata Server: Operation
|
Supports adding metadata
repositories and operating the metadata server.
This role is assigned
to the group SAS Administrators.
|
|
Metadata Server: User
Administration
|
Supports management
of users, groups, and roles other than the unrestricted users role.
This role is assigned
to the group SAS Administrators.
|
|
Metadata Server: Unrestricted
|
Provides all capabilities
in SAS Management Console and provides access to all metadata.
This role is assigned
to the group SAS Administrator Users.
|
Viewing Roles and Capabilities in SAS Management Console
To view details about
a role, open the User Manager plug-in in SAS Management Console, right-click
the role, and select Properties. You can
then view tabs that display the role’s members, capabilities,
and contributing roles.
For example, the following
display shows the capabilities for the Business Rules Manager: Rule
Flow and Rule Set Designer role. These capabilities
correspond to the description of this role in
Predefined Roles and Capabilities for SAS Decision Manager.
Note: Some roles have implicit
capabilities that are not specified on the Capabilities tab.
The SAS Decision Manager
capabilities control access to categories in the application. For
example, the Rule Sets and Rule Flows categories do not appear when
a user signs in to SAS Decision Manager if that user is
not assigned to either of the following categories:
-
Business Rules Manager: Rule Flow and Rule Set Designer
-
Business Rules Manager: Rule Flow and Rule Set Read-Only
The Create/Update and Delete capabilities
control access to specific object types. You can combine the category
capabilities with the object capabilities to control access at whatever
level is needed. For example, if you want a user to be able to view
and edit rule flows only, the user should have only the following
capabilities:
-
Manage Business Rule Flows/Sets for the Business Rules Plugin
-
Create/Update and Delete capabilities for Rule Flow objects
The following table
describes the icons used in the Properties window.
|
Icon
|
Description
|
|---|---|
 |
None of the capabilities
in this category have been specified for this role.
|
 |
Some of the capabilities
in this category have been specified for this role, either explicitly
or through a contributing role.
|
 |
All of the capabilities
in this category have been specified for this role, either explicitly
or through a contributing role.
|
Shaded check boxes indicate
capabilities that come from contributing roles.
Copyright © SAS Institute Inc. All rights reserved.