As mentioned in my previous post, Duplicating or Copying SAS Access Control Templates, Metacoda Plug-ins 6.1 R3 also includes support for duplicating users in SAS metadata. Metacoda customers have often asked us for the ability to create a new user just like another user. Primarily, this is to give a new user the same, or similar, access as an existing user in the same job role. In a well set up SAS metadata security implementation, this is usually as simple as making them a member of the same groups and/or roles and that is one of the main aspects of this new duplicate-user feature. Continue reading “Duplicating or Copying SAS Users”
Tag: Metacoda Security Plug-ins
Duplicating or Copying SAS Access Control Templates
When working with SAS® 9 metadata security, I often want to create an Access Control Template (ACT) which is very similar to an existing ACT. It may be that it will have a similar definition or permission pattern. It will usually have the same access controls applied to it for its own protection. It might occasionally be applied to protect the same set of objects as the original ACT.
Duplicating or copying SAS metadata security objects, such as ACTs, users, groups, and roles, has been a common request from Metacoda customers too. For this reason we added duplication support in Metacoda Plug-ins 6.1 R3. In the ACT, User, Group, and Role Reviewer plug-ins you will find a new Duplicate… action in the the context menu seen when right-mouse clicking over an object. A pop-up dialog then gives you some options to control what is duplicated.
The ability to duplicate objects via this facility is limited to SAS administrators via membership of one the standard SAS metadata server roles (i.e. “Metadata Server: Unrestricted“, “Metadata Server: User Administration“, or “Metadata Server: Operation“). Of course you also need permission to view the object you are duplicating. Continue reading “Duplicating or Copying SAS Access Control Templates”
Adding Metacoda Custom Tasks Capabilities for SAS Enterprise Guide
When you install Metacoda Custom Tasks for use in SAS® Enterprise Guide® and the SAS® Add-In for Microsoft Office you may find you don’t see the new menu items you expected in the Tools menu:
There are 2 main reasons why they may be missing: 1) the custom tasks could not be loaded, perhaps due to an issue during installation; and 2) you are not being granted access to the custom tasks due to your metadata roles and capabilities. The first issue is usually quite easy to resolve. This post is about the second scenario because it can be somewhat harder to troubleshoot.
Roles and capabilities are used in the SAS platform to control access to SAS application features such as menu items in SAS Enterprise Guide. In a new SAS platform installation the PUBLIC group (which includes everyone) is a member of the Enterprise Guide: Advanced role, and that role grants all capabilities for SAS Enterprise Guide. That means, by default, all users have access to all of the controllable features in SAS Enterprise Guide. Some SAS customers change this, as may be required for their security plan, by removing the PUBLIC group and replacing it with more appropriate groups for their environment, and perhaps create additional roles with the required capabilities. It is in this scenario where you may find your capability set is preventing access to the Metacoda Custom Tasks. Continue reading “Adding Metacoda Custom Tasks Capabilities for SAS Enterprise Guide”
Metacoda Plug-ins Tip: hasPermissionCondition
This post continues a series of examples on Advanced Expression-Based Filters for Metacoda Plug-ins. The recent Metacoda Plug-ins 6.1 R2 release added support for a new hasPermissionCondition boolean attribute that can be used in any filter bar on a table of Access Control Entries (ACEs), such as the ACE Reviewer.
You can copy and paste the following into the filter bar of the Metacoda ACE Reviewer to only show ACEs that include permissions conditions, such as those used for SAS OLAP Member-Level Permissions, BI Row-Level Permissions, or Visual Analytics Conditional Grants:
#@ hasPermissionConditionHere is an example of it in action:
Of course, if required, you can also negate it to filter out those rows with permission conditions:
#@ !hasPermissionConditionIf you have any questions about Metacoda Plug-ins, Advanced Expression-Based Filters, or hasPermissionCondition please leave a comment below.
Metacoda Plug-ins Tip: Compare Metadata Objects
One of the new additions in the recently released Metacoda Plug-ins 6.1 R2 is a Compare Metadata Objects feature. This is a something that several customers have requested, particularly for the comparison of SAS metadata security objects like ACTs, Users, Groups, and Roles. One of the most common requests was to be able to compare users, who are supposed to be almost identical, but are found to have different access. Being able to compare the two users to see which groups they have, or don’t have, in common helps to speed up troubleshooting.
With the new Compare Metadata Objects dialog, you can compare any two metadata objects to show similarities and differences. Whilst it can be used to do a basic comparison of any 2 metadata objects, specific attention has been given to aid in the comparison of security objects, including ACT Permission Patterns, ACT and ACE participation, applied ACTs and ACEs, user/group membership of groups and roles, and members of groups and roles.
There are several ways to access this feature. The first is to use SAS Management Console Tools menu:
… this opens the comparison dialog where you can proceed to search for, and select, the two objects you want to compare. Continue reading “Metacoda Plug-ins Tip: Compare Metadata Objects”