SAS Visual Analytics: managing user permissions

11

I’ve recently had the opportunity to learn a little more about administering SAS Visual Analytics.  The sessions introduced me to two new GUI interfaces that simplify the work for SAS administrators.  In my last post, I shared how to load data into memory using the SAS Visual Data Builder.

After building the table, loading into memory and scheduling the query, you will want to work on the user or group permissions for the dataset.  You can use the SAS Visual Analytics Administrator for this task.

Accessing the table

To access the SAS Visual Analytics Administrator, return to the SAS Visual Analytics home page by selecting the HOME icon and select Manage Environment from the right hand pane. Your userid must have the appropriate permissions to be able to utilize all of the features I am going to show below:VApermissions1

To view the current permissions on the table, expand the LASR directory tree in the left hand side pane.  Double-click on the SampleClaims table that we’ve been using for this discussion. You’ll see the permissions listed by type of access permitted for each user role.

VApermissions2

Setting permissions 

Defining user groups can be done within SAS Management Console. Once I have my user groups, I can then set permissions within SAS Visual Analytics. In this particular situation, SASUSERS is the collection of all users who have access to SAS. SAS Administrators and SAS System Services are a subset of the SASUSERS group by definition. You may have other groups defined, such as Finance or Marketing. The following tasks can be done on any of your user groups as needed.

I want to give my SASUSERS read permissions, but I don’t want them to delete or overwrite the existing table. When I click on “grant” or “deny”, it becomes an explicit permission. An explicit permission is one that the administrator has expressly set. Implicit or inherited permissions will then be set for the subset of users within SASUSERS (my SAS Administrators and SAS System Services groups).

To change the permission explicitly, I select the icon I wish to change for the user or user group I wish to change.

VApermissions3

When I make SASUSERS an explicit Deny for WriteMetadata access, the SAS System Services and SAS Administrators inherit a Deny as shown below. Explicit permissions are denoted by a yellow star.

VApermissions4

Since SAS Administrators and SAS System Services should have WriteMetadata access, I will need to go in and give the SAS System Services and SAS Administrators groups an explicit grant.

The same process will need to be repeated for other permissions columns such as Write, Administer, and Delete.  All the permissions should look like the table below, with explicit permissions denoted by a yellow star.

VApermissions5

Testing the result

Once your query has been scheduled and you’ve set all your user permissions, it’s good practice to create an exploration to determine the table has loaded correctly and to see what end-users will see.

Returning to the Home page, select Create Exploration --> Select a Data Source.  Scroll down to your table (here we're testing the SampleClaims table) and select Open.

VApermissions6

Take advantage of the auto-charting feature  in the SAS Visual Analytics Data Explorer by simply dragging and dropping whatever categories or measures you’d like to view onto the workspace.  In this example, I’ve selected the variables Claim Amount and Type of Car, and the auto-charting facility automatically selects a bar chart for me.

VApermissions7

I hope this has helped you get up and running with some common administrator tasks within SAS Visual Analytics!

Share

About Author

Wendy McHenry

Systems Engineer

Wendy McHenry is a Systems Engineer at SAS, and every day she gets to show her customers how SAS can help solve their problems. Her primary focus is on our SMB customers. Wendy has been a SAS user for over 17 years and joined SAS as an employee in the Fall of 2011. Her SAS focus areas include data management, business intelligence, and SAS Administration. In her spare time, she is a Girl Scout volunteer. Connect with Wendy on Twitter at: @wendymac98

11 Comments

  1. I AM A SAS ADMINSTRATOR AND I NEED HELP WITH PERMISSION ACESS. I AM TRYING TO DELETE A USER NAME WHERE THE WRITE META FOR THE USER IS MARKED DENY INSTEAD OF GRANTED. IS THERE A WAY TO REVERSE THE PERMISSION ACCESS FOR A USER NAME. CURRENTLY I DO NOT HAVE ACCESS TO CHANE THE PERMISSION OR DELETE THE USER ID

  2. Hi there,

    Nice, informative article. Thanks.

    I am new to the world of SAS VA administration. I am asked to assign access to three sets of groups to access SAS VA. Member of one group can see each other work but should not be able to access other group's work. To do that I created three different groups in SAS Management consoles and assigned them SAS Visual analyst role at each group level. I created individual users with no roles and assigned them respective groups. Access will be activated from next week and I am wondering if I did right thing or missed out on any? Appreciate your help. Thanks.

    • Wendy McHenry

      Hi,

      That sounds like you've thought about the right things!

      The next step you might want to consider is adding the group level permissions to folders- so group A has permission for Read/Write on folder A, but group B and C do not have permission for Folder A. That way everyone in Group A can work with each other's work in Folder A, but groups B and C cannot see it.

      Group B has permission for Read/Write on folder B, but group A and C do not have permission for folder B; etc. In my experience that is the easiest way to have those group permissions working.

      For any troubleshooting you may run into, please do reach out to SAS Technical Support for assistance.

      Thank you and have a good time with SAS Visual Analytics! I hope you all will enjoy it as much as I do!

      Wendy

  3. Hi. A very interesting article. It describes the security on a table. I am interested to know if the same principal applies to folder permission. For example if I have folder A and folder b. I have two groups "all_users" and "report_writers" where report_writers is a subset of all_users. All_users has read only permissions and report_writers has read write access. All users_users has access to both folders and report_writers has access to folder B only. Will that work so the report writes can develop reports in folder b, and the rest of all_users can look at the reports developed in folder B.

  4. Is it possible in SAS VA to create permissions that will effect report filters instead of files or folders?I want the data in my report to be filtered by the end user login information so that the end user can only see summary data and detailed data associated with that user but no one else.

  5. Thanks for the article. Does the same apply for explorations and reports? I want my users to view and interact with my explorations but not overwrite them. I'd like for them to be able to save their own copies if they need to modify.

    Thanks,
    Matt

  6. mauro ruffino on

    hi, and its possible to know in sas va report (to use in any calculated items...) the "current user" id or group ?

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Top