Add an Explicit Grant or Denial

  1. Navigate to the item that you want to protect or make available.
  2. On the item's Authorization tab, select a user or group. Or, if you want to assign a permission to someone who is not listed, click Add. Each restricted identity that you add gets an explicit clear check box grant of the ReadMetadata permission.
  3. In the Effective Permissions list box, select check boxes to adjust the settings for the currently selected identity. Each click adds an explicit control to the item's protections (except that clicking an explicit clear check box control removes that control and reveals an underlying grant or denial).
    Note: If the identity that is selected in the Users and Groups list box has the unrestricted role, all permissions are granted and you cannot change the settings.
  4. Repeat steps 2 and 3 for any other identities whose access to this item you want to adjust.
  5. Review the settings for each identity in the Users and Groups list box. This is important because settings that you add for a group can affect access for all members of that group. For example, a denial that you add for the PUBLIC group blocks access for all restricted users, unless there are other explicit clear check box or ACT green check box (green) grants. You must offset a broad explicit denial with explicit or ACT grants for any restricted identities whose access you want to preserve.
  6. In the Properties dialog box, click OK to save your changes.
Tip
It is easy to set explicit grants and denials on each item that you want to protect or make available. However, managing a large number of individual permission settings can be cumbersome. See Tips for Efficiently Using Permissions.

See Also

Use and Enforcement of Each Permission
How to Interpret the Authorization Tab
What Happens When I Select a Check Box?
Who Can Set Permissions?
Copyright © SAS Institute Inc. All rights reserved.