topic Re: Using SAS Enterprise Guide security question in Administration and Deployment

Using SAS Enterprise Guide security question

sas7000 — Thu, 25 Feb 2016 21:22:43 GMT

Our users need to connect to Workspace server etc using SAS EG. How to grant access to the users on the server without adding them under server administrators? Thanks in advance.

Re: Using SAS Enterprise Guide security question

ChrisHemedinger — Thu, 25 Feb 2016 21:28:43 GMT

The users need to be part of a group that has READMETADATA access to the SAS Workspace. And if using their own host account to authenticate, that account needs "Log on as a batch job" privileges (Windows-specific) on the OS. They could be part of an Active Directory group with that right.

Others in the group might share their own best practices.

Re: Using SAS Enterprise Guide security question

JuanS_OCS — Thu, 25 Feb 2016 21:34:46 GMT

I think you covered all the bases on a great simple way Chris 🙂

Re: Using SAS Enterprise Guide security question

jakarman — Thu, 25 Feb 2016 21:54:09 GMT

Define a security approach as documented at http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm

Re: Using SAS Enterprise Guide security question

sas7000 — Thu, 25 Feb 2016 21:59:53 GMT

Thank you. they also need to write. I guess There shoud be an option to write also. Let me try this out. Thanks again.

Re: Using SAS Enterprise Guide security question

ChrisHemedinger — Thu, 25 Feb 2016 22:03:45 GMT

They don't need WRITE on the SAS Workspace definition in order to use it. READMETADATA should be enough to read the server definition and allow them to connect. Any work they do while connected (writing programs, creating data) is NOT governed by the permissions on this server definition.

If you have administered libraries in metadata that they need to add content to, they would need WRITE and WRITEMETADATA on those.

Re: Using SAS Enterprise Guide security question

sas7000 — Fri, 26 Feb 2016 03:29:49 GMT

Users meaning developers. They are writing code saving and running on stored process servers etc. I assume they need some kind of write access? does readmetadata permission gives that kind of ability? sorry I am new so, kind of dumb question?

Thanks in advance.

Re: Using SAS Enterprise Guide security question

Kurt_Bremser — Fri, 26 Feb 2016 06:58:17 GMT

Metadata permissions are stored per object for users/groups.

So you have a group of users that develop apps.

Their group should have READMETADATA defined in the Authorization panel of the Workspace Server (that's all they need so that their Enterprise Guide - or SAS Studio - can connect to it),

but they will need WRITEMETADATA and WRITE permissions on other objects (libraries, folders)

Re: Using SAS Enterprise Guide security question

sas7000 — Fri, 26 Feb 2016 14:47:02 GMT

would they be able to run stored procs with this setup? Thanks in advance.

Re: Using SAS Enterprise Guide security question

LinusH — Fri, 26 Feb 2016 16:43:57 GMT

I would just like to add the possibility to configure IWA. It's user friendly and removes the requirement for the log on as batch job privilege. Many sites don't like granting this.

Re: Using SAS Enterprise Guide security question

Kurt_Bremser — Fri, 26 Feb 2016 21:16:34 GMT

If you grant them access to the stored process server and the stored processes, yes.

Re: Using SAS Enterprise Guide security question

sas7000 — Tue, 08 Mar 2016 16:22:26 GMT

Unfortunately none of these are working correctly. They are able to make connection with granting access to workspace server by giving READMETADATA. Then EG shows readonly when a program is opened locally. Appreciae any help.

Re: Using SAS Enterprise Guide security question

anja — Tue, 08 Mar 2016 16:30:38 GMT

Hi there,

when you say "EG shows read only", what exactly do you mean?

Are users trying to access tables in EG and get an error message? If so, what kind of error message?

Do you receive an authorization error right at the beginning when a user logs on?

Could you provide some more info please?

If you look at the Metadata Server log and Object Spawner log, do you see any error messages?

Thanks

Re: Using SAS Enterprise Guide security question

Kurt_Bremser — Wed, 09 Mar 2016 06:55:59 GMT

By "program", do you mean a (extension .sas) SAS program (text file) or an Enterprise Guide project file?

Where are the files stored (local on the PC, in metadata, in "Files" on the workspace server, on a networked drive)?

How do you notice that the file is read-only (messsage when opening, or error when trying to save)?