https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671865#M19534 <P>You could try to do it via the WorkspaceServer_usermods.sh file of your workspace server. You can check for the userID and set one of the USERMODS_OPTIONS.</P> Thu, 23 Jul 2020 15:56:56 GMT Kurt_Bremser 2020-07-23T15:56:56Z https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671854#M19532 <P>I'm running SAS Studio on Linux - is it possible to turn on xcmd only for certain users instead of system-wide?&nbsp; If so, how is that done?</P> Thu, 23 Jul 2020 15:13:27 GMT https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671854#M19532 gothaggis 2020-07-23T15:13:27Z https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671861#M19533 <P>XCMD is a server setting, so it applies to a workspace server without regard for the user accessing the server.</P> <P>If you really need this (which I strongly doubt, a well-configured server can't be put at risk anyway), you need to define a separate application server context where XCMD is disabled, and use metadata permissions so certain users can only use this special context.</P> Thu, 23 Jul 2020 15:38:25 GMT https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671861#M19533 Kurt_Bremser 2020-07-23T15:38:25Z https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671865#M19534 <P>You could try to do it via the WorkspaceServer_usermods.sh file of your workspace server. You can check for the userID and set one of the USERMODS_OPTIONS.</P> Thu, 23 Jul 2020 15:56:56 GMT https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/671865#M19534 Kurt_Bremser 2020-07-23T15:56:56Z https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/672042#M19540 <P>In theory, yes. The documentation for XCMD option says that "it can be restricted by the administor" meaning, this option is compatible with Restriction options at SAS Foundation level.</P> <P>&nbsp;</P> <P><A href="https://go.documentation.sas.com/?cdcId=pgmsascdc&amp;cdcVersion=9.4_3.4&amp;docsetId=hostunx&amp;docsetTarget=n02699r064oqccn19vblte8xzr8m.htm&amp;locale=en">https://go.documentation.sas.com/?cdcId=pgmsascdc&amp;cdcVersion=9.4_3.4&amp;docsetId=hostunx&amp;docsetTarget=n02699r064oqccn19vblte8xzr8m.htm&amp;locale=en</A></P> <P>&nbsp;</P> <P>$SASROOT/misc/rstropts/groups</P> <P>&nbsp;</P> <P>the restriction applies selectively upon the SAS session owner account's login or - better - primary group.</P> <P>&nbsp;</P> <P>the admin creates a specific SASV9.cfg file in the directory below with the option values set accordingly</P> <P>&nbsp;</P> <P>&lt;primary group&gt;_rsasv.cfg&nbsp;</P> <P>&nbsp; &nbsp;-XCMD</P> <P>&nbsp;</P> <P>-this file will take precedence over any SASV9.cfg file globally applied</P> <P>-if the option value (not the case, here) can also be changed during the sas session, the restriction applies and the change is refused</P> <P>&nbsp;</P> <P>Never tested. I am suprised this very option is compatible with restriction since it applies only for IOM server sessions.&nbsp;</P> Fri, 24 Jul 2020 10:12:27 GMT https://communities.sas.com/t5/Administration-and-Deployment/Is-it-possible-to-limit-xcmd-to-certain-users/m-p/672042#M19540 ronan 2020-07-24T10:12:27Z