INFOMAPS Procedure


Changes the access permissions to the information map and optionally assigns authorization-based prefilters for a specific user or group.
Note: The UPDATE MAP_PERMISSIONS statement immediately updates the permissions settings for the information map when it is submitted. This is different from the other UPDATE statements in the INFOMAPS procedure, for which the specified changes are not stored until the information map is saved.


Form 1:

UPDATE MAP_PERMISSIONS GROUP="identity" permission-specification-1

Form 2:

UPDATE MAP_PERMISSIONS USER="identity" permission-specification-1

Required Arguments

specifies the name of a group or user whose permissions to the information map are updated.
specifies the user’s or group’s access permissions settings to the information map. The specification value has the following forms:
denies the user or group one or more of the following access permissions to the information map.
READ sets the Read access permission for the information map.
READMETADATA sets the ReadMetadata access permission for the information map.
WRITEMETADATA sets the WriteMetadata access permission for the information map.
GRANT (READ</CONDITION=(<data-source-filters-1<... data-source-filters-n>>)> | READMETADATA | WRITEMETADATA)
grants the user or group one or more access permissions to the information map. See the DENY option for descriptions of the permission values.
When the READ option is specified, you can add the /CONDITION= option to assign authorization-based prefilters for the user or group. The data-source-filters values for the /CONDITION= option have the following form:
"data-source-ID" (PREFILTERS=("filter-ID-1 <... "filter-ID-n">)
specifies the identifier of the data source to which the assigned filters are applied.
specifies the identifier of a filter defined in the information map that is applied before the specified data source is used.
Notes:When the /CONDITION= option is used with the READ option, the Read permission for the user or group is granted immediately, but the specified filter assignments are not written to the information map until it is saved.

When a Read permission is denied or removed for the user or group, any associated permission condition is deleted.

removes one or more access permissions to the information map for the specified user or group. See the DENY option for descriptions of the permission values.
See:For more information about metadata permissions, see “Introduction to Access Management” in SAS Management Console: Guide to Users and Permissions.


Authorization-based assigned prefilters are filters that are applied to queries by the specified user or group that reference the data source with which the filter is associated and to queries for which the associated data source is marked as required. Prefilters are applied before the data source is used by the specified user or group. These filters subset the data in its associated data source before any other part of a query is run. The generated query contains a subquery that ensures that no data is consumed without the filter being applied.
Note: Assigned prefilters can also be applied for all users of the information map. For more information about assigning prefilters that apply to all users, see SET ASSIGNED_FILTERS Statement.


/* For user "jsmith", grant both WRITEMETADATA and READ permissions */
/* and assign authorization-based prefilters to the identity.       */
update map_permissions
                (prefilters=("ageLessThan30" "FemaleOnly"))));

/* For group "PUBLIC", deny WRITEMETADATA permission and */
/* grant READMETADATA permission to the information map  */
update map_permissions
       deny (writemetadata)

/* Remove the READ permission of the identity "jsmith". Any */
/* permission condition associated with the READ permission */
/* is deleted and the identity resumes whatever permissions */
/* it obtains from group memberships or inheritance.        */
update map_permissions user="jsmith" remove(read);
Note: The specified identity must be a registered user or group on the metadata server.