Metacoda Security Plug-ins: Capability Reviewer

The Capability Reviewer is one of the components included in our Metacoda Security Plug-ins software. This component provides comprehensive whole-of-server views of capabilities in your SAS® metadata security implementations, and their relationship to roles, group and users.

You can use the Capability Reviewer to easily and efficiently review all of the SAS application capabilities as registered in your metadata: the roles that provide those capabilities and the members they provide those capabilities to, including all of the multiple nested role/group membership and contribution paths.

Applications

Some of the common types of questions administrators ask, which are easily answered with the Capability Reviewer, include:

• “Is the Open Files from Local Computer capability provided to the Custom Business Analyst role?”
• “Is the Open Files from Local Computer capability provided to the Business Analysts group?”
• “Is the Open Files from Local Computer capability provided to the Aaron Atkins user?”
• “How is the Open Files from Local Computer capability actually provided to the the Aaron Atkins user? Is it through a direct membership of a single role, or direct membership of multiple roles? Is it through indirect membership via heavily nested multiple group memberships? Is it through implicit membership of the SASUSERS and PUBLIC groups?”
• “What are all of the paths by which the Aaron Atkins user is provided the Open Files from Local Computer capability? How many different ways is he provided this capability?”
• “We removed the Aaron Atkins user from the Business Analysts group but he is still provided the Open Files from Local Computer capability? Where is this coming from?”
• “We have just finished a project to tailor our roles and capabilities for our organization. How do we easily document the current state so that we can refer back to it at a later date if things change?”

Features

These are some of the major features in the Capability Reviewer:

• Capabilities Table: displays a list of all application capabilities registered in metadata together with summary information and indicators for those capabilities. The table can be customized by hiding or showing from the set of available table columns, re-ordering or re-sizing columns, and sorting rows by any of the available columns. The filter bar allows you to quickly find a specific capability of interest.
• Roles & Members Tab: shows all of paths by which the selected capability is provided to groups, users and other roles. It displays the roles that provide the selected capability directly to their members, together with any roles that contribute the selected capability to other roles. It shows all of groups and users, including nested memberships, that acquire the selected capability through membership of those roles. The filter bar allows you to quickly find specific roles, groups or users of interest that participate in a capability access path.
• HTML Export: all of the information available in the Capability Reviewer can be easily exported in HTML format for documentation, audit and troubleshooting purposes.

Screenshots

Click on the thumbnail below to view a full size screenshot of the Metacoda Security Plug-ins: Capability Reviewer.

For More Information…

If you’d like to find out more about the Capability Reviewer, or Metacoda Security Plug-ins in general, then please contact us with any further questions you might have. Additionally, you can also request a free one month evaluation license to try the software out for yourself with your own SAS metadata.

Paul Homes provided a more in-depth look at the use of the Capability Reviewer in his April 2011 platformadmin.com blog post Capability Reviewer Preview: who has access to a capability and how?.