Category Archives: SAS Metadata Security

Protecting the Unrestricted from Impersonation

By Paul Homes | Published: 18 November 2011

I was asked a very insightful question about SAS® metadata security this week. This question and the ensuing investigation means I’ll now consider the inclusion of protections for unrestricted users in my metadata security plans. Especially for securing sensitive environments that have a separate group of user administrators who should not have access to login [...]

Posted in SAS Metadata Security | Tagged , , , , , | 2 Comments

Baseline Security Metadata for a new SAS® 9.3 Deployment

By Paul Homes | Published: 18 November 2011

When I’m reviewing SAS® metadata security implementations, I find it useful to have baseline security metadata to refer to. This baseline documents the initial state of metadata security (ACTs, ACEs, users, groups, roles, capabilities, protected objects, logins and internal logins) for a fresh new SAS software deployment. When reviewing a SAS installation I can then [...]

Posted in SAS Metadata Security | Tagged , , , , , , | Leave a comment

WriteMemberMetadata Permission

By Paul Homes | Published: 16 July 2011

The WriteMemberMetadata (WMM) permission was a welcome addition back when SAS 9.2 was released, because it allowed an administrator to distinguish between a users ability to manage a metadata folder from their ability to manage its contents. In SAS 9.1.3 there was only the WriteMetadata (WM) permission and, if you had the ability to manage [...]

Posted in SAS Metadata Security | Tagged , , , , | 2 Comments

Authorization Manager Plug-in and Custom Metadata Permissions

By Paul Homes | Published: 8 March 2011

Something I’ve only noticed recently, which I haven’t seen in the SAS® 9.2 What’s New documentation, is an apparent change relating to support for custom, or user-defined, metadata permissions in the SAS Management Console Authorization Manager plug-in. I hadn’t noticed this change before because I’ve not yet had a need for custom metadata permissions myself. [...]

Posted in SAS Metadata Security | Tagged , , , , , | Leave a comment

SAS 9.2 OLAP Cube Identity Driven Member Level Security

By Paul Homes | Published: 26 January 2011

Identity-driven member level security for SAS 9.2 OLAP cubes, as the name suggests, uses the identity of the requesting user to restrict access to specific members of a dimension, and in so doing control the subset of cube data that the user has access to. Imagine that you have an OLAP cube containing sales data [...]

Posted in SAS Metadata Security | Tagged , , , , , , | 9 Comments