One thought on “Default Role / Capability Matrices for SAS® 9.2”

  1. Hi Paul,

    Definitely, you should add your ballot about roles management in 9.2 : I’ll vote for it !
    I think a kind of ‘layer’ is missing here since we need to track the change with another tool (eg Excel …) which is far from perfect. SAS provides incidentally a spreadsheet to manage the roles. See this archive ( which comes with the following paper :
    Personally, I made my own version of the spreadsheet because I learned about the SAS version later on. Some capabilities are missing from the doc provided in the article so I had to retrieve the list looking at the SMC. Of course, I can send a copy to anyone interested upon request.

    Like you, I didn’t find any workaround to adress this problem of default capabilities updatable. You cannot make a copy of the default roles since the copy cannot be used as a contributing role itself, and you cannot (indeed you can but at your own risks !) apply permissions to the roles. We might ask SAS for CCL or RCL (Capabilities – or Roles – Control Lists) in order to assign capabilities to Roles this way also (these new objects could be managed with Authorization Manager and applied with the ‘Contributing Roles’ Tab).

    In metadata, capabilities are stored as ‘AccessControlEntry’ Objects (Roles are mere IdentityGroups) which associate Roles (IdentityGroup) with an ‘Execute’ Permission and with an ‘ApplicationAction’ object, this type being new in 9.2 MetadaData, thanks to the metabrowser !


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.