Metacoda Security Plug-ins: Role Reviewer

Products

The Role Reviewer is one of the components included in our Metacoda Security Plug-ins software. This component provides comprehensive whole-of-server views of roles and capabilities in your SAS® metadata security implementation.

You can use the Role Reviewer to easily and efficiently review all of your SAS metadata roles: their members, any other roles that they contribute capabilities to, any other roles that they receive capability contributions from, the capabilities they provide to their member users and group, any ACTs and ACEs that have been applied to protect them, and any external identities they may be associated with.

Applications

Some of the common types of questions administrators ask, which are easily answered with the Role Reviewer, include:

  • “Does the Custom Business Analyst role provide the Open Files from Local Computer capability?
  • “How does the Custom Business Analyst role actually provide the Open Files from Local Computer capability? Is it direct or contributed? Where is it being contributed from?”
  • “Is the Aaron Atkins user a member of Custom Power Users role? Are they directly a member, or are they a member because they are a member of a group which is a member? Which groups are they a member of that makes them a member of the role?”
  • “How come the Aaron Atkins user is still a member of the Custom Power Users role? Which groups are they a member of that are still providing them with membership of the role?”
  • “Have any of our roles been specifically protected with access controls? Which ones?”
  • “Which roles have either of the PUBLIC or SASUSERS implicit groups as members and provide their capabilities to all users?”
  • “Do we have any roles which have no members and are not being used? Which ones?”
  • “We have just finished a project to tailor our roles and capabilities for our organization. How do we easily document the current state so that we can refer back to it at a later date if things change?”

Features

These are some of the major features in the Role Reviewer:

  • Roles Table: displays a list of all roles present in metadata together with summary information and indicators for those roles. The table can be customized by hiding or showing from the set of available table columns, re-ordering or re-sizing columns, and sorting rows by any of the available columns. The filter bar allows you to quickly find a specific role of interest.
  • Members Tab: shows all of the direct and nested members of the currently selected role. The filter bar allows you to quickly determine if any user or group is a member of the selected role (regardless of the level of nesting) together with the path, or paths, by which they are a member.
  • Contributions Tab: if the selected role is a contributing role for other roles, this tab will show you which roles it contributes capabilities to, including any additional nested roles that those roles in turn contribute to.
  • Contributing Roles Tab: shows which other roles, if any, contribute capabilities to the currently selected role, including any further nested contributing roles.
  • Capabilities Tab: shows which capabilities the selected role provides to its members with information about how the capability is provided (e.g. direct or contributed) together with any contribution paths. The filter bar allows you to search for a specific capability and find out if the selected role provides it.
  • ACT Protections Tab: shows any Access Control Templates (ACTs) that may have been directly applied to the selected role to protect it.
  • ACE Protections Tab: shows any explicit permissions, or Access Control Entries (ACEs), that may have been directly applied to the selected role to protect it.
  • External Identities Tab: displays any external identities, such as Active Directory or LDAP accounts, that may have been linked to the role during enterprise directory identity synchronization.
  • HTML Export: all of the information available in the Role Reviewer can be easily exported in HTML format for documentation, audit and troubleshooting purposes.

Screenshots

Click on the thumbnails below to view full size screenshots of the Metacoda Security Plug-ins: Role Reviewer.

Metacoda Security Plug-ins: Role Reviewer (Members Tab)

Role Reviewer (Members Tab)

Metacoda Security Plug-ins: Role Reviewer (Contributions Tab)

Role Reviewer (Contributions Tab)

Metacoda Security Plug-ins: Role Reviewer (Contributing Roles Tab)

Role Reviewer (Contributing Roles Tab)

Metacoda Security Plug-ins: Role Reviewer (Capabilities Tab)

Role Reviewer (Capabilities Tab)

Metacoda Security Plug-ins: Role Reviewer (ACT Protections Tab)

Role Reviewer (ACT Protections Tab)

Metacoda Security Plug-ins: Role Reviewer (ACE Protections Tab)

Role Reviewer (ACE Protections Tab)

Metacoda Security Plug-ins: Role Reviewer (External Identities Tab)

Role Reviewer (External Identities Tab)

For More Information…

If you’d like to find out more about the Role Reviewer, or Metacoda Security Plug-ins in general, then please contact us with any further questions you might have. Additionally, you can also request a free one month evaluation license to try the software out for yourself with your own SAS metadata.