topic Re: Column Level Security in SAS Visual Analytics

Column Level Security

biyania — Thu, 14 Jan 2016 06:12:52 GMT

Hi,

I want to show specific column information basis the user who logs in to see the report. Is that possible in SAS VA.

I know we can do row level security in VA using conditional grants. I dont know how to do column level security.

Re: Column Level Security

RW9 — Thu, 14 Jan 2016 09:27:24 GMT

I don;t know as I don't use VA. However, if you know how to, and can do row level security (whatever that means!) then why not normalise the dataset -> i.e. wide to long, so have the columns as rows.

data have:

ID VAR1 VAR2 VAR3

1 A B C

data want:

ID VARNUM RESULT

1 1 A

1 2 B

1 3 C

To be honest though, why would you want to restrict certain columns? Doens't make much sense. Look at the process as a whole, what user levels are there. Say you want basic user, and advanced user, and basic user has a subset of advanced user. In this instance, I would have the dataset only accessible by advanced user. Then I would create a view of the data which only takes a subset. This view would be available to the basic user and they therefore would only see the restricted user. Chat with your SAS installer about this kind of setup.

Re: Column Level Security

MichelleHomes — Thu, 14 Jan 2016 09:40:10 GMT

Hi @biyania,

Please clarify what you mean by "show specific column information basis" If you mean you want to see certain rows for a column that is dependent on the user who is accessing the table then this is row level security. SAS Visual Analytics only supports row level security. It does not do column level security (where you see a column or not based on a condition).

This is stated in the SAS Visual Analytics Administration Guide (you will need a userid and password from SAS Technical Support to access the document).

Kind Regards,

Michelle

Re: Column Level Security

biyania — Thu, 14 Jan 2016 09:55:41 GMT

Thanks Michelle,

Yes, I want certain columns basis user id. Exploring how to do this.

any clues ? I am thinking if fetching userid from sysuserid from storedproc could lead me somewhere

what do you think ?

Re: Column Level Security

MichelleHomes — Thu, 14 Jan 2016 10:51:12 GMT

Hi @biyania,

As I mentioned earlier, if you want certain columns to appear based on a user condition, this is column level security and not available in SAS Visual Analytics.

Only row-level security is available. Someone else asked a question about row-level security earlier today and I responded with a link to a paper with examples at https://communities.sas.com/t5/SAS-Visual-Analytics/Question-about-SAS-Roles-Security/m-p/243388#U243388

Kind Regards,

Michelle

Re: Column Level Security

LinusH — Thu, 14 Jan 2016 12:18:02 GMT

It's a bit awkward that this is not available in VA. It is a standard authorization concept in most tools, including SAS Metadata (via SMC), SAS Federation Server, SAS SPD Server etc.

Unless the OP can't transpose the data in some magic way, so row level security can be used, the work around would be to create duplicate LASR tables with different set of columns.

Re: Column Level Security

yichin — Mon, 27 Mar 2017 06:23:35 GMT

We have a client who has the requirement to deny access to certain columns containing personal identifiable information for selected user groups. We intend to deny the access to these column in SMC. However, based on the following statement extracted from VA Administration Guide:

SAS Visual Analytics uses the platform’s metadata authorization layer to manage access to objects such as reports, explorations, tables, libraries, servers, and folders.
SAS Visual Analytics supports row-level security. SAS Visual Analytics does not support column-level security. Note:Do not set denials of the ReadMetadata permission on individual columns within a table. If a table is loaded by a user who lacks access to one or more columns, duplicate metadata entries are created for the unavailable columns.

If the table is loaded by a user who has access to all the columns in the table, will the grant/deny permission on the columns defined in SMC applied on the table loaded in SAS LASR Server?

Re: Column Level Security

Madelyn_SAS — Tue, 28 Mar 2017 00:23:19 GMT

SAS Visual Analytics does not support column-level security. There is no workaround for this.

Re: Column Level Security

Gustave — Wed, 22 Nov 2017 10:05:19 GMT

Hello,

Any updates on this topic?

Is there a solution?

Thanks

Re: Column Level Security

LinusH — Wed, 22 Nov 2017 13:15:26 GMT

For 9.4, no.

But in Viya this should be enforced, at least for CAS data:

http://documentation.sas.com/?cdcId=calcdc&cdcVersion=3.2&docsetId=calauthzcas&docsetTarget=n1bf0cwn6ae85gn1b64x2j0czu24.htm&locale=en&showBanner=walkup#p0uelekjo1z7ean1u8r4bj8n06cq