Prevent users from editing SAS® Visual Analytics reports


This SAS KB article explains how you can restrict Edit access to SAS Visual Analytics reports to specific users or groups.

An administrator can manage access to features in SAS Visual Analytics by granting permissions for Uniform Resource Identifiers (URIs). 

Instead of denying access to a user or a group, the recommendation is to choose the group that can edit reports and grant access to only them. 

The content of this article applies to SAS® Visual Analytics 8.5 (in SAS® Viya® 3.5) and later.

Set the Edit Reports Capability as an Administrator

If you want users who can only view reports (that is, not edit or create them), use a rule.

You can use the application URI /SASVisualAnalytics_capabilities/edit as rule target to control the edit functionality. 

By default, this capability is granted for Authenticated Users. As an administrator, you can decide whether to grant that rule to only the desired users or groups.

To provide Edit access to reports to only a specific group, complete the following steps, which require you to change the Principal type from Authenticated Users to the desired Group.

  1. Log on to SAS® Environment Manager as an administrator.
  2. Click Rules in the left pane. In the Rules window, search for the /SASVisualAnalytics_capabilities/edit Object URI.
  3. Right-click the /SASVisualAnalytics_capabilities/edit Object URI and select Edit

     Right-click the Object URI and select Edit

  4. Change the Principal type from Authenticated Users to Group

     Change the Principal type from Authenticated Users to Group

  5. Select the Group that you want to give the edit authorization. 
  6. Leave the rest of the settings as they are, and Save the rule:

    Select the Group and Save the rule

  7. Test with a user who should not have edit authorization and verify that they cannot enter Edit mode in SAS Visual Analytics. 

Expected Result

Only the members of the specific Group selected in the Rule can edit or modify SAS Visual Analytics reports.

For more information, see Managing Access to Functionality.

Considerations

By default, in SAS Viya, users have no permissions unless they are specifically granted them. In other words, the general authorization system implicitly denies any access that is not explicitly granted.

Note that using direct denials might make your security more complex to manage.