https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/515230#M15045 <P>Thank you, <a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/19750">@MichelleHomes</a>. I'll check it out.</P><P>&nbsp;</P><P>Regards.</P> Wed, 21 Nov 2018 20:11:58 GMT DeaT 2018-11-21T20:11:58Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514623#M15024 <P>Hi--</P><P>&nbsp;</P><P>Currently we have three different Lasr servers, all running under the same version of SAS VA (9.4). We would like to give some users admin privileges but only to one of the servers. Is there a setup to obtain this permission structure?</P><P>&nbsp;</P><P>Thank you in advance.</P><P>Regards.</P> Mon, 19 Nov 2018 23:06:12 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514623#M15024 DeaT 2018-11-19T23:06:12Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514690#M15025 <P>Hello&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/80694">@DeaT</a>;</P> <P>&nbsp;</P> <P>what kind of administrative permissions would you like to grant? Do you have a list?</P> <P>&nbsp;</P> <P>If the LASR servers are running under the same metadata server, the set up could become more complex. If the LASR servers are on different servers/metadata servers, then the setup is easier. I guess you are talking about the first option.</P> <P>&nbsp;</P> <P>I think you are talking about full multi-tenancy, but LASR is not fully ready to be multi-tenant, SAS Viya and CAS are better in that sense.</P> <P>In 9.4 your options is to play with:</P> <P>- Giving Administrative and read/write metadata permissions to the right metadata locations.</P> <P>- And to create copies of the VA Data admin and VA Admin groups, putting the permissions for the right groups ... but this could be a dangerous change and I would like to suggest you to align with SAS Technical Support or a SAS Consultant that is expert in the topic. beware that it might not be supported officially.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 20 Nov 2018 08:12:53 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514690#M15025 JuanS_OCS 2018-11-20T08:12:53Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514755#M15030 <P>Hi @<SPAN class="UserName lia-user-name lia-user-rank-Trusted-Advisor"><A href="https://communities.sas.com/t5/user/viewprofilepage/user-id/35204" target="_self"><SPAN class="login-bold">JuanS_OCS</SPAN></A></SPAN>,</P><P>&nbsp;</P><P>Thank you for your feedback! Unfortunately all three servers run under the same metadata server. SAS Viya is not yet an option for us due to security concerns coming from the upper management.</P><P>&nbsp;</P><P>As about the permissions, we would like to get this group to be self-sufficient: so their admin should be able to create auto-load processes, grant permissions to their own users to read, write, read metadata, create reports, etc., grant permissions to folders as needed and so forth. Basically we would like the representative of this group to have full admin privileges for one server only.</P><P>&nbsp;</P><P>Is there any technical documentation you believe might be relevant? We might have to contact their Tech Support, but we wanted to try to solve it on our own first.</P><P>&nbsp;</P><P>Thank you again.</P><P>Best.</P> Tue, 20 Nov 2018 14:18:51 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514755#M15030 DeaT 2018-11-20T14:18:51Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514796#M15031 <P>Hi&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/80694">@DeaT</a>,</P> <P>&nbsp;</P> <P>there is some documentation out there, from SAS and from customers that wrote a SAS Paper:</P> <P>&nbsp;</P> <P><A href="https://support.sas.com/resources/papers/proceedings16/11684-2016.pdf" target="_blank">https://support.sas.com/resources/papers/proceedings16/11684-2016.pdf</A></P> <P><A href="http://support.sas.com/resources/papers/proceedings15/SAS1682-2015.pdf" target="_blank">http://support.sas.com/resources/papers/proceedings15/SAS1682-2015.pdf</A></P> <P><A href="http://support.sas.com/resources/papers/proceedings15/3046-2015.pdf" target="_blank">http://support.sas.com/resources/papers/proceedings15/3046-2015.pdf</A></P> <P><A href="https://communities.sas.com/t5/SAS-Communities-Library/Five-papers-on-Recommended-SAS-9-4-Security-Model-Design-part-1/ta-p/361569" target="_blank">https://communities.sas.com/t5/SAS-Communities-Library/Five-papers-on-Recommended-SAS-9-4-Security-Model-Design-part-1/ta-p/361569</A></P> <P>&nbsp;</P> <P>Most of them work around the idea of permissions on Visual Analytics, multi-tenancy, quite in general, but none proposes a specific global solution. Still, good ones on each specific area.</P> <P>&nbsp;</P> <P>However, I have worked with those documents and they became very useful to me, to adapt this information to my requirements. Took ideas from there and there, and it works fine.&nbsp;</P> <P>&nbsp;</P> <P>Of course, it needs a lot of testing.&nbsp;</P> <P>&nbsp;</P> <P>I would like to also suggest you, in case you are not using it yet, the Metacoda tool (&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/19750">@MichelleHomes</a>&nbsp;,&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/18432">@PaulHomes</a>&nbsp;I would like to summon you here). If you have the chance, give it a look, it reduces the times you can break your head agains a wall <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> Tue, 20 Nov 2018 15:54:44 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514796#M15031 JuanS_OCS 2018-11-20T15:54:44Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514827#M15032 <P>Much appreciated!</P> Tue, 20 Nov 2018 16:36:56 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514827#M15032 DeaT 2018-11-20T16:36:56Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514959#M15034 <P>Thanks <a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/35204">@JuanS_OCS</a> for the mention.</P> <P>&nbsp;</P> <P><a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/80694">@DeaT</a> - as Juan mention, we have tools to help SAS administrators troubleshoot SAS metadata related security issues quickly and easily. Please have a look at our website, <A href="https://www.metacoda.com" target="_blank">https://www.metacoda.com</A> for details and if you have any questions or would like a 30 day free evaluation, please let us know.</P> <P>&nbsp;</P> <P>Kind Regards,</P> <P>Michelle</P> Wed, 21 Nov 2018 01:04:03 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/514959#M15034 MichelleHomes 2018-11-21T01:04:03Z https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/515230#M15045 <P>Thank you, <a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/19750">@MichelleHomes</a>. I'll check it out.</P><P>&nbsp;</P><P>Regards.</P> Wed, 21 Nov 2018 20:11:58 GMT https://communities.sas.com/t5/Administration-and-Deployment/Admin-privileges-to-Lasr-servers/m-p/515230#M15045 DeaT 2018-11-21T20:11:58Z