Getting Information About a User :: SAS(R) 9.3 Management Console: Guide to Users and Permissions

What Groups is This User In?

This list explains how group memberships are displayed for a user named Joe:

direct groups

If Joe is directly assigned to any groups, those assignments are displayed in the Member of list box on the Groups and Roles tab in Joe's Properties dialog box.

indirect groups

If Joe is a member of a group that is a member of another group, Joe is an indirect member of the second group. Because indirect membership is not displayed in Joe's Member of list box, you must check the properties of each group that Joe belongs to in order to determine whether that group is a member of another group.

implicit groups

If Joe has a well-formed user definition, he automatically belongs to both the PUBLIC and SASUSERS groups. These implicit memberships are not reflected in Joe's Member of list box.

What Roles is This User In?

This list explains how role memberships are displayed for a user named Joe:

direct roles

If Joe is directly assigned to any roles, those assignments are displayed in the Member of list box on the Groups and Roles tab in Joe's Properties dialog box.

indirect roles

If Joe is a member of a group that is assigned to a role, Joe is an indirect member of that role. Because indirect membership is not displayed in Joe's Member of list box, you must check the properties of each group that Joe belongs to in order to determine whether that group is a member of any roles. Remember that Joe's Member of list box does not reflect his implicit membership in SASUSERS and PUBLIC. Users get most of their non-administrative capabilities through implicit membership in these groups.

contributing roles

If Joe is in a role that has contributing roles, Joe has the capabilities of the contributing roles. To determine whether a role has contributing roles, access the role's Properties dialog box and select the Contributing Roles tab.

What Can This User Do?

Which Items Can This User Access?

Joe's access is not displayed as part of his user definition. Instead, Joe's permissions for a particular item are displayed on that item's Authorization tab.

Tip

SAS programmers can create reports that document access to resources. See the discussion of security report macros in the SAS Intelligence Platform: Security Administration Guide.

Which Application Features are Visible to This User?

Joe has all of the capabilities that are provided by any of his roles. This list highlights key points about a role's Capabilities tab:

Some roles provide implicit capabilities, which are not displayed. For example, the ability to create users is provided by the Metadata Server: User Administration role, but there is no Create Users check box on the Capabilities tab.
A capability that has a gray check box comes from a contributing role.
These icons indicate the status of the items beneath a node in the tree:
- A full tree icon indicates that all of the capabilities are assigned.
- An empty tree icon indicates that none of the capabilities are assigned.
- A partial tree icon indicates that some of the capabilities are assigned.

What Logins Are Available to This User?

This list explains how the logins that are available to a user named Joe are displayed:

personal logins

Joe's personal logins are displayed on the Accounts tab in his Properties dialog box. Only Joe and users who have user administration capabilities can see Joe's logins.

group logins

A login that is assigned to a group can be used by any member of that group. Because Joe's group logins are not displayed on his Accounts tab, you must check the properties of each group that Joe belongs to in order to determine whether any of those groups have logins.

Note: On an Accounts tab, logins are visible only if you have user administration capabilities, you are looking at your own user definition, or you are looking at a group that you belong to.

Does This User Have an External Identity?

To determine whether a user has an external identity, click the External Identities button on the user's General tab.

Does This User Have an Internal Account?

To determine whether a user has an internal account, examine the bottom of the user's Accounts tab. If a user has an internal account, their internal ID is listed in that location. Regular users usually do not have internal accounts.

Note: Internal accounts are visible only if you have user administration capabilities or you are looking at your own user definition.