As mentioned in my previous post, Duplicating or Copying SAS Access Control Templates, Metacoda Plug-ins 6.1 R3 also includes support for duplicating users in SAS metadata. Metacoda customers have often asked us for the ability to create a new user just like another user. Primarily, this is to give a new user the same, or similar, access as an existing user in the same job role. In a well set up SAS metadata security implementation, this is usually as simple as making them a member of the same groups and/or roles and that is one of the main aspects of this new duplicate-user feature.
Duplicating users is of most benefit to those SAS administrators that are manually managing SAS users with SAS Management Console and not doing automatic identity synchronization with Microsoft Active Directory using the Metacoda Identity Sync plug-in or custom SAS identity synchronization code. In identity-synced environments, the duplication of users would normally be done in AD itself, flowing through to SAS metadata automatically. There are still a few manually managed SAS users in a identity-synced environment so you may still have a need to duplicate them from time to time.
The ability to duplicate users in Metacoda Plug-ins is limited to unrestricted SAS administrators and restricted SAS user administrators (via membership of either of the standard SAS metadata server roles “Metadata Server: Unrestricted” or “Metadata Server: User Administration“.
To duplicate a user, right mouse click over the user you want to copy in the Metacoda User Reviewer, and select the Duplicate… action:
You will then see a dialog where you can control what is duplicated:
You can specify:
- A name for the new user (defaults to Copy of original-user-name)
- A display name for the new user (defaults to Copy of original-user-display-name)
- Whether or not you want to duplicate the direct group memberships of the original user (defaults to yes). This is used to make the user a direct member of the same groups, and consequently a member of the same indirect groups (through group nesting), as the original user and in most cases give them the same effective metadata permissions and access levels.
- Whether or not you want to duplicate the direct role memberships of the original user (defaults to yes). This is used to make the user a direct member of the same roles as the original user (if any), and give them access to the same SAS application features (or capabilities). This is in addition to the indirect role memberships the user will gain through their group memberships (and those groups membership of roles).
- Whether or not you want to duplicate any access controls (ACTs and ACEs) that were applied to the original user (if any), so that it is secured the same way as the original user (defaults to yes).
For any further customization of the new user you can use the standard SAS Management Console User Manager plug-in.
If you have any feedback, questions, or comments about duplicating users, or about Metacoda Plug-ins in general, please leave a comment below or contact me. If you’d like to try out Metacoda Plug-ins in your own SAS environment you can also register to request a free 30 day evaluation at the Metacoda web site.