https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415061#M11290 <P>Are the users asked for their SAS credentials when they change the Excel sheet?</P> Tue, 21 Nov 2017 08:04:26 GMT Kurt_Bremser 2017-11-21T08:04:26Z https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415057#M11287 <P>&nbsp;</P> <P>Hi,</P> <P>&nbsp;</P> <P>I've an excel file under a folder on server that only a group of users have access to this folder. This excel file has connection to a dataset on server that whenever we change it the dataset will be updated.</P> <P>Now I need to restrict the access to this excel sheet(and dataset)&nbsp;to only some users.</P> <P>Should I create a group or role in SAS MC for that or both?</P> Tue, 21 Nov 2017 07:54:35 GMT https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415057#M11287 Riana 2017-11-21T07:54:35Z https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415061#M11290 <P>Are the users asked for their SAS credentials when they change the Excel sheet?</P> Tue, 21 Nov 2017 08:04:26 GMT https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415061#M11290 Kurt_Bremser 2017-11-21T08:04:26Z https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415063#M11291 <P>No.</P> <P>But can you please tell me the difference in both cases(asking and not asking for credentials)</P> <P>and how could the solution be different? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 21 Nov 2017 08:12:14 GMT https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415063#M11291 Riana 2017-11-21T08:12:14Z https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415066#M11292 <P>- SMC groups is just an additional layer of security provided for the Metadata registered.</P><P>- I would suggest to remove the write permission for the file for others so that only the Owner/Members part of the file owned group can change/edit it.</P><P>- In-case you do not wish even the members of the same group to change it then remove write permissions for the group members as well.</P><P>- You can also use ACL for more complex security.</P><P>&nbsp;</P><P>Hope this helps.</P><P>&nbsp;</P><P>Thanks&nbsp;</P> Tue, 21 Nov 2017 08:18:38 GMT https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415066#M11292 AnandVyas 2017-11-21T08:18:38Z https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415067#M11293 <P>The question is: can SAS know who is making the change in Excel? If that is somehow managed through IWA, you might have a chance. But if the Excel file simply uses a generic user in SAS, then you have no means to check who's really doing it.</P> Tue, 21 Nov 2017 08:20:07 GMT https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415067#M11293 Kurt_Bremser 2017-11-21T08:20:07Z https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415299#M11302 <P>If you don't align OS permissions for the Excel file with the SAS metadata permissions then users could simply bypass SAS metadata and access the Excel file directly either with a SAS LIBNAME in code (which bypasses metadata) or by opening the file directly in Excel - is this an issue?</P> Tue, 21 Nov 2017 19:41:22 GMT https://communities.sas.com/t5/Administration-and-Deployment/Restricting-access-to-a-file/m-p/415299#M11302 SASKiwi 2017-11-21T19:41:22Z