BI Tools

Tips and tricks for building information maps, OLAP cubes, reports, and dashboards

BI Admin

Learn your way around a SAS BI installation.

Visual Analytics

Learn your way around the SAS Visual Analytics tool

Coding & Data

Extract, transform, and load your data into the SAS BI toolset

Stored Processes

Create and design stored processes like a rock star

Home » BI Admin, Visual Analytics

SAS VA Administration: Setting up Your Security Model

Submitted by on 2015-09-07 – 10:33 AM

One part of the Zenguard service is helping customer setup their SAS security model, which involves determining which users need to do what in the SAS Visual Analytics system. Most customers have the same basic needs – some users to view reports and some to prepare the reports.  There can be a lot of variation after that point.  Some of the report builders also administer the system while others are only allowed to use the data given to them.

What’s in a Pre-Defined Role?

SAS Visual Analytics ships with five pre-defined roles. Each role is composed of a pre-defined set of capabilities for different things a user or set of users can do, such as consume reports, build reports, and administer the system.  The roles follow along what you might expect most organizations would desire for organizing their uses. The roles provide enough flexibility to allow quick changes.

Notice as that as the role becomes more complex it inherits the capabilities of the roles before it. This is true for all roles except the Administrator role, which does not inherit the ability to use the Data Builder. I’m not sure why this was setup this way as the administrators could give assign the capability to their own role.

It is easier to understand how the capabilities are assigned when you look at this chart. It breaks down the roles by capability. [Here’s a larger chart that shows everything available so you can see what is not assigned to a role.]

Note: This information is valid for SAS Visual Analytics 7.1. Refer to the SAS VA Administrator Guide for more complete details.

Applying the SAS VA Security Model

When creating a security model, you can assign these roles to groups. This allows you to control what the users are allowed to do within the VA system. Notice I didn’t say anything about permissions. Roles only say what abilities a user or group has. Permissions are set in ACEs (like folders) or with a ACT. Here’s some examples of how roles were assigned to groups.

This is an example of a large complex organization where the roles are more defined. The team has the four groups that essentially align with the roles.


This is a smaller organization where the VA developers wear a lot of hats. They are responsible for building the data and administering the system.  They have assigned multiple roles to a single group called VA Developers. You may have noticed that the Basic role doesn’t seem to be used. That role is intended for use with systems where the public is allowed to reach the reports. [Paul Homes had an interesting post where he tested VA public (anonymous access) with web authentication.]

Now here’s some clever users – they hired the Zencos Zenguard team to help with administering their system and training their users to use SAS Visual Analytics team. Plus if you think about it – why would users who have the Analysis and Data Builder roles – Data Builder can do everything Analysis can?

If you need with your SAS Visual Analytics security model, contact Zencos to learn more about implementing our Zenguard service at your company.

The following two tabs change content below.

Tricia Aanderud

Director of Data Visualization at Zencos Consulting
Tricia Aanderud is a SAS Business Intelligence and Visual Analytics consultant based in Raleigh, NC who works for Zencos Consulting. She has written several books about SAS, presented papers at many SAS conferences, and has been using SAS since 2001. Contact her for assistance with your next project.
Spread the love