SAS VA Administration: Setting up Your Security Model
One part of the Zenguard service is helping customer setup their SAS security model, which involves determining which users need to do what in the SAS Visual Analytics system. Most customers have the same basic needs – some users to view reports and some to prepare the reports. There can be a lot of variation after that point. Some of the report builders also administer the system while others are only allowed to use the data given to them.
What’s in a Pre-Defined Role?
SAS Visual Analytics ships with five pre-defined roles. Each role is composed of a pre-defined set of capabilities for different things a user or set of users can do, such as consume reports, build reports, and administer the system. The roles follow along what you might expect most organizations would desire for organizing their uses. The roles provide enough flexibility to allow quick changes.
Notice as that as the role becomes more complex it inherits the capabilities of the roles before it. This is true for all roles except the Administrator role, which does not inherit the ability to use the Data Builder. I’m not sure why this was setup this way as the administrators could give assign the capability to their own role.
It is easier to understand how the capabilities are assigned when you look at this chart. It breaks down the roles by capability. [Here’s a larger chart that shows everything available so you can see what is not assigned to a role.]
Note: This information is valid for SAS Visual Analytics 7.1. Refer to the SAS VA Administrator Guide for more complete details.
Applying the SAS VA Security Model
When creating a security model, you can assign these roles to groups. This allows you to control what the users are allowed to do within the VA system. Notice I didn’t say anything about permissions. Roles only say what abilities a user or group has. Permissions are set in ACEs (like folders) or with a ACT. Here’s some examples of how roles were assigned to groups.
This is an example of a large complex organization where the roles are more defined. The team has the four groups that essentially align with the roles.
This is a smaller organization where the VA developers wear a lot of hats. They are responsible for building the data and administering the system. They have assigned multiple roles to a single group called VA Developers. You may have noticed that the Basic role doesn’t seem to be used. That role is intended for use with systems where the public is allowed to reach the reports. [Paul Homes had an interesting post where he tested VA public (anonymous access) with web authentication.]
Now here’s some clever users – they hired the Zencos Zenguard team to help with administering their system and training their users to use SAS Visual Analytics team. Plus if you think about it – why would users who have the Analysis and Data Builder roles – Data Builder can do everything Analysis can?
If you need with your SAS Visual Analytics security model, contact Zencos to learn more about implementing our Zenguard service at your company.
Latest posts by Tricia Aanderud (see all)
- Designing Dashboards: Sending Your Style Vibe - 2017-01-21
- SAS Visual Analytics: Design Versus Reality - 2016-10-05
- Seize the Day! Submit an #SASGF Abstract - 2016-09-21
- Need a Dynamic X-Axis with Your SAS Visual Analytics Report? - 2016-07-31
- Planning Your SAS Visual Analytics Dashboard - 2016-06-06