Metacoda Security Plug-ins: ACE Reviewer

The ACE Reviewer is one of the components included in our Metacoda Security Plug-ins software. This component provides comprehensive whole-of-server views of the use of Access Control Entries (ACEs or explicit permissions) in your SAS® metadata security implementation.

You can use the ACE Reviewer to easily and efficiently review all of the Access Control Entries in your metadata: the objects they have been applied to, and the permissions they impart.

Applications

Some of the common types of questions administrators ask, which are easily answered with the ACE Reviewer, include:

• “In the past our SAS metadata security has been managed in a very ad-hoc fashion using ACEs. Now that we know more about SAS metadata security, we would prefer to use a methodical approach based on ACTs. How do we find all of the ACEs that have previously been applied so we can work on removing or replacing them?”
• “Our SAS metadata security model is based on a combination of both general purpose ACTs and specific ACEs. We want to ensure all of our ACEs are based on groups rather than individual users. How can we find any and all existing ACEs which refer to individual users?”
• “How do we find all of the OLAP member level security permission conditions that have been applied in our SAS metadata?”
• “We have just finished a project to implement a new metadata security plan. How do we easily document the current implementation to verify against our plan. How do we document the implementation again at a later date to compare with the plan and see what has changed since the initial implementation?”

Features

These are some of the major features in the ACE Reviewer:

• ACEs Table: displays a list of all ACEs present in metadata together with information about associated protected objects, participating user and group identities, and the explicit permissions granted or denied. Various columns provide details and indicators relating to object folder paths, identities, permissions and permission conditions. The table can be customized by hiding or showing from the set of available table columns, re-ordering or re-sizing columns, and sorting rows by any of the available columns. The filter bar allows you to quickly find a specific ACE protected object of interest.
• Exclusions: a customizable exclusion list allows you to hide ACEs on objects in specific folder locations or under specific folder branches. The exclusion list contains an initial set of folder locations, such as private user folders, where SAS applications automatically manage ACEs. By excluding these ACEs you can focus on those administrator managed ACEs instead.
• HTML Export: all of the information available in the ACE Reviewer can be easily exported in HTML format for documentation, audit and troubleshooting purposes.

Screenshots

Click on a thumbnail below to view a full size screenshot of the Metacoda Security Plug-ins: ACE Reviewer.

For More Information…

If you’d like to find out more about the ACE Reviewer, or Metacoda Security Plug-ins in general, then please contact us with any further questions you might have. Additionally, you can also request a free one month evaluation license to try the software out for yourself with your own SAS metadata.