This tip was prompted by a SAS Communities question which I hear from time to time, essentially “How do I find out which groups a SAS user is a Portal Group Content Administrator for?” It can be answered using the Metacoda Identity Permissions Explorer but involves a few steps so I will outline them here.
To quote the SASĀ® 9.4 Intelligence Platform: Web Application Administration Guide, Group Content Administrator section:
A group content administrator is a user who has WriteMetadata permission for the respective group, and the group’s Portal permission tree. A group content administrator can share personal content with the group, and can edit or remove content that has been shared with the group. (Portal administrators have WriteMetadata permission for all group permission trees that are defined in metadata.)
So, to find out which groups a user is group content admin for, we need to look for all of the group portal permission trees where the user has a grant of the WM permission. This can be done quickly and easily using the Metacoda Identity Permissions Explorer. Below is a screenshot with numbered steps where we find out which groups Aaron Atkins (demoaaron), a fictitious Business Analyst, is a Portal Group Content Administrator for.
1) Launch SAS Management Console and select the Metacoda Identity Permissions Explorer plug-in. We are focused on a specific individual (Aaron) and want to see what his effective permissions and access levels are on a broad collection of objects (portal permission trees).
2) Find and select the user in question: Aaron Atkins
3) Select the high level Portal Application Tree on the right hand side of the Folders tab which will shows the members (portal permission trees) on the left hand side, together with Aaron’s effective permissions and Access Levels on those portal permission trees.
4) We are focused on the portal permission trees for which he has update access so we click on the Access Level icon column header to sort by the access level such that portal permission trees where he has most access (Update metadata) move to the top.
5) We can now review all of the portal permission trees where he has update access (and optionally export a CSV file or HTML report containing this info):
- VegasDirectors Permission Tree: the portal permission tree for the VegasDirectors group
- Vegas_NZ Permission Tree: the portal permission tree for the Vegas_NZ group
- Vegas_AP Permission Tree: the portal permission tree for the Vegas_AP group
- demoaaron Permission Tree: the portal permission tree for his own user account (demoaaron)
Ignoring his own user permissions tree, we can see he is a Portal Group Content Administrator for 3 groups: VegasDirectors, Vegas_NZ, and Vegas_AP.
Of course, you may have other questions like “Who are Portal Group Content Administrators?” or “Which groups have Portal Group Content Administrators?”. There are other ways we can answer those questions, using other plug-ins, but I’ll leave those for future posts. If you’d like to see those answers or have any question please leave a comment below and let me know.