Blogging about all things SAS » Enterprise Guide and Metadata http://blog.saasinct.com :: Sharing with the world everything we discover about SAS. Fri, 18 Nov 2011 07:19:40 +0000 en hourly 1 http://wordpress.org/?v=3.3 SAS Security – Is the glass 1/2 full or 1/2 empty http://blog.saasinct.com/2009/04/26/sas-security-is-the-glass-12-full-or-12-empty/?utm_source=rss&utm_medium=rss&utm_campaign=sas-security-is-the-glass-12-full-or-12-empty http://blog.saasinct.com/2009/04/26/sas-security-is-the-glass-12-full-or-12-empty/#comments Sun, 26 Apr 2009 08:17:43 +0000 Shane Gibson http://blog.sasinct.com/2009/04/26/sas-security-is-the-glass-12-full-or-12-empty/ Been doing some work on SAS Security lately and the post over on Angela Halls blog about Managing Metadata via EG, elicited my post. Particluary the comment “NOTE:: Deleting Metadata can cause orphan content elsewhere, so use this capability judiciously.”

When you first install SAS it by default optimistic, by that I mean it allows public, and SAS Users to do lots unless you stop them.

Now if you do the SAS Administrators course the first thing you get told is to secure metadata, i.e change it to a pessimistic view, where users can’t do anything unless you grant them (or a group they belong to) rights to do so.

Easier said than done, as you can’t just deny everything to Public and SAS Users as nothing will work (because they need to be able to read and write metadata to check what they can do ;-)

So you need to play with your ACT and Group structure to initially deny them everything and then grant access to what you want them to see.

I suggest you at least deny the write metadata on anything you want to keep, before you show them in Enterprise Guide how to delete stuff ;-)

I beleive this all changes in SAS 9.2.

Share

]]> http://blog.saasinct.com/2009/04/26/sas-security-is-the-glass-12-full-or-12-empty/feed/ 0