topic How to define libraries in a secure way in SAS VIYA3.5 SPRE? in Administration and Deployment

How to define libraries in a secure way in SAS VIYA3.5 SPRE?

jurlis — Mon, 30 Aug 2021 15:20:47 GMT

Hi,

Currently, we're in a migration process from SAS9.4M6 towards SAS VIYA3.5.

We're using SAS9.4 for several years now and we do use metadata extensively.
Most important are the SAS Library definitions in SAS Metadata.
These are pointing to DB2-databases ; authorizations are defined per SAS Library (groups/users imported from Active Directory) and 1 technical database user is defined per SAS Library.
Within SAS (SAS9.4M6), dataminers do use following code to access these SAS Libraries (DB2-databases) in a secure way :
LIBNAME myLib meta LIBRARY="DWH4_DB_DBSCHEMA";

In SAS VIYA3.5, one can only make use of these authorizations/pre-defined Libraries when using the CAS-server (define CAS Library).
How do you need to set these authorisations (+hide connection details for dataminers) when working only in VIYA SPRE (=SAS9.4 engine - no 'meta' engine available in SPRE)?
This will be always the first question when migrating AS IS code from SAS9.4-platform to VIYA-platform.
I assume not all SAS-code is CAS-enabled and will require SPRE-execution/authorisations.

Can you provide me some input/links to info on how to do this in SPRE?
Is this possible in SAS VIYA3.5?

Thanks in advance for your reply.

Kind Regards,

Jurgen Lisabeth

Re: How to define libraries in a secure way in SAS VIYA3.5 SPRE?

idziemianczyk — Tue, 31 Aug 2021 09:34:15 GMT

You can create an authentication domain for USER/PASSWORD, assign access to the domain for the Groups or Users

SAS Env Manager -> Domains -> New -> Select name, users and groups with access to the domain, database USER and PASSWORD

For the libname connection you should use the physical connection with predefined Authdomain. I'll give you example of Oracle, it should be the same logic for other databases:

libname v9ora oracle authdomain="<created authdomain name>" PATH="<path to oracle>";

using libname v9ora you use pass-through queries and any kind of other SPRE code

Re: How to define libraries in a secure way in SAS VIYA3.5 SPRE?

jurlis — Wed, 01 Sep 2021 15:48:54 GMT

Thanks dandycomp, this seems to work in VIYA SPRE.

I never used an authentication domain before.

After creating new Domain and set the correct Authorisation group on this domain, as being member of this authorisation group I can access the LIBNAME as :

libname test db2 authdomain="SCHULDERAuth" Datasrc=SCHULDER SCHEMA=DWSCHULDEN;

When not being member of the authorisation group on this domain, no access is allowed.

in code :

NOTE: Credential could not be obtained from Viya credentials service.

WARNING: No login information was available for authdomain SCHULDERAuth.