Technoleros

I have had to add Group Content Administrators to my SAS 9.2 Intelligence Platform a few times now, and it didn’t work as smoothly the last time due to my inability to read ALL of the steps and accompanying notes.  The process of configuring a Group Content Administrator in the Information Delivery Portal is well documented in the SAS 9.2 Intelligence Platform: Web Application Administration Guide, Third Edition and Angela Hall blogged about the process here, so I should have had enough information to correctly make this happen, right?  Well, there is a handy tip that I want to point out.  I had some developers who have read/write access to much of the metadata in our system.  I added some of these users to be Group Content Creators of the Public group following Steps 1-10 below.  Since these developers had inherited Read/Write Metadata permissions from higher up the tree in metadata, they already had implicit WriteMetadata ability.  When they attempted to add new portal pages for the Public group, Public not not available to share the page to.  Why?  Well, after Step 9 there is an important note titled “Important Note” that I somehow missed.  The note states to ensure the WriteMetadata permission is explicit.  To change this permission from implicit to explicit, an administrator merely needs to click the check the WriteMetadata checkbox one more time (it is already checked, but needs to be checked again).  In my defense, I was originally working from the First Edition of the Web Application Administration Guide, where “Important” was not in front of the word note and it was also not in bold text!

from support.sas.com:

Configure a Group Content Administrator

A group content administrator is a user who has WriteMetadata permission for the respective group, and the group’s Portal permission tree. A group content administrator can share personal content with the group, and can edit or remove content that has been shared with the group. (The SAS administrator and the SAS Trusted User has WriteMetadata permission for all group permission trees that are defined in metadata.)

Prerequisites: Before you can assign a content administrator for a group, all of the following must be true:

• The person who will be a content administrator must have a user identity that is defined in SAS metadata.
• This user identity must be a member of the group that the person will administer.
• A group permission tree folder must exist in metadata for the group. To verify that a permission tree folder exists, or to create one, see Overview of Permission Tree Folders.

To configure a group content administrator for the Portal Application Permissions tree, follow these steps:

1. Log on to SAS Management Console as the SAS Administrator (sasadm).
2. On the Plug-ins tab in SAS Management Console, navigate to Environment Management –> Authorization Manager –> Resource Management –> By Type –> Tree.
3. Right-click on the permissions tree for the group and select Properties.
4. In the permissions tree properties dialog box, select the Authorization tab.
5. Select the Add button to display the Add Users and Groups dialog box.
6. In the Add Users and Groups dialog box, select and move the group content administrator under Available Identities to Selected Identities. Note that the group content administrator must be a person, and not a group.
7. Click OK to exit the dialog box.
8. When you return to the Authorization tab, make sure the appropriate user is selected in the Users and Groups list box.
9. To modify the permissions for the selected user, in the permissions list row for the WriteMetadata permission, select Grant.
   Important Note: Ensure that the permission is explicit. The check box for a permission that comes from a directly assigned access control entry (ACE) has no added background color. If the check box for a permission has a background color, to remove the background color and designate the permission as a directly assigned permission, click the check box again.
10. In the properties dialog box, click OK to save your changes.

The user that was configured as a group content administrator can now log on to the portal and share personal content with that group.