Assign Capabilities to a Role

To practice customizing the distribution of capabilities across roles, complete this exercise in SAS Management Console:
  1. Log on as someone who has user administration capabilities and is a member of the SAS Administrators group (for example, sasadm@saspw).
  2. On the Plug-ins tab, select User Manager (make sure you are in the foundation repository). In the display area, clear the Show Users and Show Groups check boxes. The roles that exist in your deployment are displayed.
  3. Right-click User Manager and select Newthen selectRole. On the General tab, enter Test Role in the Name field.
    Note: Creating a new role isolates this exercise from the rest of your deployment, ensuring that your current configuration is preserved.
  4. To learn how to directly assign capabilities, select the Capabilities tab:
    1. Notice that a message at the top of the tab reminds you that a few capabilities (for example, those of the metadata server's roles) are not listed on this tab (because those capabilities are implicit).
    2. Notice that the first node (Applications) has an empty branch icon empty branch . This indicates that no explicit capabilities are assigned to this role.
    3. Notice that there is a second-level node for each component that provides explicit capabilities. A role can provide capabilities from multiple applications.
    4. Click + to expand the Management Console node. Click + to expand the Plug-ins node. Select the Authorization Manager check box. Notice that the branch icons are now partial partial branch . This indicates that some of the capabilities are selected.
      Note: To see a description of any capability, click that capability's text and look at the Description field at the bottom of the tab.
    5. Click the partial icon partial branch for the Plug-ins folder. This action causes all of the capabilities beneath that node to be explicitly selected. Click again to cycle back to the empty branch icon (no capabilities assigned). Click a third time to revert to the immediately preceding state (only the Authorization Manager check box selected).
    6. Click the Authorization Manager check box to clear it.
  5. To learn how to indirectly assign capabilities, select the Contributing Roles tab:
    1. In the Available Roles list, select Management Console: Content Management. Before you make this a contributing role, verify its capabilities.
    2. Move the Management Console: Content Management role to the Current Roles list. This role now contributes all of its capabilities to your new role. If capabilities of this contributing role change, the capabilities of your test role change also.
    It is necessary to use contributing roles in these circumstances:
    • You want to extend implicit capabilities (like the capabilities of the metadata server roles) to other roles.
    • You want to provide dynamic aggregation of roles so that changes to one role propagate to other roles that have the first role as a contributing role.
  6. To learn about interactions between contributed and directly assigned capabilities, select your test role's Capabilities tab again.
    1. Under Management Consolethen selectPlug-ins, notice that capabilities from the Management Console: Content Management role are now selected. A visual indicator icon identifies these as contributed capabilities.
    2. Select the already-selected Authorization Manager check box. This adds a direct assignment on top of the contributed assignment, making the assignment independent from the underlying contributing role.
    3. Click the tree icon for the Plug-ins folder three times (stop when only the Authorization Manager check box is explicitly selected).
    4. Select the Authorization Manager check box again. It reverts back to the contributed state. You cannot incrementally remove a contributed capability.
  7. To close the dialog box (and not save the test role), click Cancel.
Copyright © SAS Institute Inc. All rights reserved.