Trusted User

vanisas — Sun, 03 Jun 2018 14:36:57 GMT

Using SAS 9.4 and JDK1.7.1 for java application.

Got NonTrustedUser Exception when using GetCredentials method of ISecurity_1_1 object.

Connected to metadataServer using makeISecurityConnection method of MdOMRConnection object from Java application.

I tried by adding loginid in "trustUsers.txt" file on the metadata server, but throwing the same exception.

Is it sufficient to make an user into an trusted user ?

Code:

public void isInRole() throws Exception
{
try
{
// Define a two-dimensional string array for options
final String[][] options ={{"",""}};
System.out.println("");
System.out.println("<<<< Begin isInRole() >>>>" );

// Define a holder for the credential handle
StringHolder credHandle = new StringHolder();
System.out.println("After StringHolder");

// Define a holder for the method output
BooleanHolder inRole = new BooleanHolder();
System.out.println("After booleanHolder");
String UGAdminRole = "N_Admin";

// Get a credential handle
iSecurity.GetCredentials("LOGINID:SAS.ADMIN", credHandle); // <----------Throwing exception here.
System.out.println("credHandle = " + credHandle);

// Execute the method
iSecurity.IsInRole(credHandle.value,"ROLE_OBJNAME:" + UGAdminRole,options,inRole);

// Print information about the method call and results
System.out.println();
System.out.println("<<<<<< isInRole() call parameters with results >>>>>>");
System.out.print("credHandle=" + credHandle.value + ", ");
System.out.print("roleSpecification=" + "ROLE_OBJNAME:" + UGAdminRole + ", ");
System.out.print("isInRole=" + inRole.value);
System.out.println();

// Free the credentials
iSecurity.FreeCredentials(credHandle.value);
System.out.println("");
System.out.println("<<<< End isInRole() >>>>" );
}
catch (Exception e)
{
System.out.println("IsInRole: GetInfo: Exceptions");
e.printStackTrace();
throw e;
}
}

// method for establishing connection

public boolean connectToServer()
{
String serverName = "111.219.61.95";
String serverPort = "8561";
String serverUser = "SAS.ADMIN";
String serverPass = "enter";
try
{
MdOMRConnection connection = _factory.getConnection();
// This statement makes the connection to the server.
//connection.makeOMRConnection(serverName, serverPort, serverUser, serverPass);
iSecurity = connection.makeISecurityConnection(serverName, serverPort, serverUser, serverPass);
System.out.println("iSecurity = " + iSecurity);
// The following statements define error handling and error
// reporting messages.
}
catch (MdException e)
{
Throwable t = e.getCause();
if (t != null)
{
String ErrorType = e.getSASMessageSeverity();
String ErrorMsg = e.getSASMessage();
if (ErrorType == null)
{
// If there is no SAS server message, write a Java/CORBA message.
}
else
{
// If there is a message from the server:
System.out.println(ErrorType + ": " + ErrorMsg);
}
if (t instanceof org.omg.CORBA.COMM_FAILURE)
{
// If there is an invalid port number or host name:
System.out.println(e.getLocalizedMessage());
}
else if (t instanceof org.omg.CORBA.NO_PERMISSION)
{
// If there is an invalid user ID or password:
System.out.println(e.getLocalizedMessage());
}
}
else
{
// If we cannot find a nested exception, get message and print.
System.out.println(e.getLocalizedMessage());
}
// If there is an error, print the entire stack trace.
e.printStackTrace();
return false;
}
catch (RemoteException e)
{
// Unknown exception.
e.printStackTrace();
return false;
}
// If no errors occur, then a connection is made.
return true;
}

Re: Trusted User

sunfly818 — Fri, 15 Jun 2018 14:06:03 GMT

Hi! Just curious are you trying to have the user act on behalf of others? Is this a service account? This might help with trying to solve who you are trying to define in the metadata. See the description of what a trusted user is in SAS. It also has other user types as well.

SAS Trusted User

The user account that can impersonate other users on connections to the metadata server. Some SAS processes use this account to communicate with the metadata server on a client's behalf. Defining User types in SAS

You can define the user in the metadata without putting it in trustUsers.txt as well. If it is a service account, you might want to think about what capabilities it would be.

topic Re: Trusted User in Administration and Deployment

Trusted User

Re: Trusted User