topic Re: Hot to restrict access to SAS Studio 4.4 in Viya in SAS Viya

Hot to restrict access to SAS Studio 4.4 in Viya

BeNur — Mon, 20 May 2019 22:19:22 GMT

Hi all,

I have SAS Viya 3.4 deployed in Linux. It contains SAS Studio (v 4.4) and SAS StudioV ( v. 5.1)

I restricted access to SAS StudioV using prohibit Rule (/SAS StudioV/** ) in SAS Viya Environment Manager.

Does anybody know how to restrict access to SAS Studio 4.4?

The rule / SAS Studio/** doesn't work and I believe it shouldn't work cause SAS Studio 4.4 is not controlled by Viya.

Re: Hot to restrict access to SAS Studio 4.4 in Viya

alexal — Tue, 21 May 2019 01:18:19 GMT

@BeNur ,

The easiest way is to use pam_succeed_if module in /etc/pam.d/sasauth file.

Re: Hot to restrict access to SAS Studio 4.4 in Viya

BeNur — Tue, 21 May 2019 18:52:28 GMT

Hi @alexal,

thanks for your response. I tried to add :

auth required pam_succeed_if.so gid=1001,500001129

(where1001,500001129 my ldap groups that should be allowed to ) into the /etc/pam.d/sasauth-spre file but it didn't work

Maybe you can provide me an example of your sasauth-spre file

I want to deny access for the group with the id 222 and allow access to the group with id = 1001,500001129

Re: Hot to restrict access to SAS Studio 4.4 in Viya

alexal — Wed, 22 May 2019 12:43:07 GMT

@BeNur ,

How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

Re: Hot to restrict access to SAS Studio 4.4 in Viya

BeNur — Wed, 22 May 2019 17:17:33 GMT

thanks a lot that helped

Re: Hot to restrict access to SAS Studio 4.4 in Viya

alexal — Wed, 22 May 2019 17:23:05 GMT

@BeNur ,

You are welcome. I'm glad that the problem has been resolved.