Have you ever worked on a SAS 9.2 installation where someone has modified the capabilities of the predefined roles, and you need to reset them back to the default configuration? Or perhaps you are trying to see if there is a particular capability and want to search using a keyword, rather than manually reading through the list in SAS Management Console?
If you answered yes to any of these questions then you might want to check out the SAS® 9.2 Intelligence Platform Desktop Application Administration Guide (PDF, HTML) and the SAS® 9.2 Intelligence Platform Web Application Administration Guide, Third Edition (PDF, HTML).
Each of the SAS applications that support roles has a matrix showing the available capabilities for that application and how those capabilities map to the application’s predefined roles. If you need to reset the predefined roles then these matrices provide the information you need. Alternatively, if you want to search for a particular capability then you can use your web-browser/PDF-viewer’s find tool to look for keywords like library, OLAP or Join.
Here is a quick list of links to the specific pages containing the role/capability matrices for each application:
On a side note, if any SAS developers or product managers happen to read this post, I think it would be great if you could search/filter capabilities in SAS Management Console. There are lots of capabilities to look through and I can only imagine the list getting longer in future versions of SAS. Perhaps a reset-role-to-default-capabilities feature too? :) Perhaps I should make a SASware Ballot suggestion.
Hi Paul,
Definitely, you should add your ballot about roles management in 9.2 : I’ll vote for it !
I think a kind of ‘layer’ is missing here since we need to track the change with another tool (eg Excel …) which is far from perfect. SAS provides incidentally a spreadsheet to manage the roles. See this archive (http://support.sas.com/rnd/papers/sgf10/311-2010.zip) which comes with the following paper : http://support.sas.com/resources/papers/proceedings10/311-2010.pdf.
Personally, I made my own version of the spreadsheet because I learned about the SAS version later on. Some capabilities are missing from the doc provided in the article so I had to retrieve the list looking at the SMC. Of course, I can send a copy to anyone interested upon request.
Like you, I didn’t find any workaround to adress this problem of default capabilities updatable. You cannot make a copy of the default roles since the copy cannot be used as a contributing role itself, and you cannot (indeed you can but at your own risks !) apply permissions to the roles. We might ask SAS for CCL or RCL (Capabilities – or Roles – Control Lists) in order to assign capabilities to Roles this way also (these new objects could be managed with Authorization Manager and applied with the ‘Contributing Roles’ Tab).
In metadata, capabilities are stored as ‘AccessControlEntry’ Objects (Roles are mere IdentityGroups) which associate Roles (IdentityGroup) with an ‘Execute’ Permission and with an ‘ApplicationAction’ object, this type being new in 9.2 MetadaData, thanks to the metabrowser !
Cheers
Ronan