topic Re: Access to SAS VA reports from a custom website in SAS Visual Analytics

Access to SAS VA reports from a custom website

chettiarnishu — Wed, 06 Dec 2017 11:23:31 GMT

We have a customized website where the users will login with their windows id and password.

Upon successful login, the user will see a link that will grant the access to the VA reports.

What we want to achieve:

Once the user successfully logs into the site, he should be able to access only the VA reports that are assigned to his metadata group.
Create Metadata Scripts to synch the users into the SAS Metadata

Questions for you:

How will we authorize the user via the SAS Metadata, given that he is authenticated on the website via AD authentication

Kindly advise

Re: Access to SAS VA reports from a custom website

JuanS_OCS — Wed, 06 Dec 2017 11:38:41 GMT

Hello @chettiarnishu,,

yours is a very good question. Let me summarise and then we can go into details.

Good idea to get User sync scripts. I would get the users from an AD or LDAP server, however you can get them from a csv file as well http://support.sas.com/kb/40/628.html http://documentation.sas.com/?docsetId=bisecag&docsetTarget=n0l2hp5m00a1z2n1b598q4pknfih.htm&docsetVersion=9.4&locale=en

I would recommend to greate what is call shadow groups for your SAS-related groups, to protect your SAS security against important group changes or deletion https://communities.sas.com/t5/tkb/articleprintpage/tkb-id/library/article-id/2223

Ensure you grant the SAS permissions and SAS roles to the shadow groups.

General recommendation: include the groups in SAS ACTs and the ACTs in SAS folders. See the Danish Golden rules https://communities.sas.com/t5/SAS-Communities-Library/Golden-Rules-for-Security-Model-Design/ta-p/373542

My own advise, while not necessary, get a good tool to have visibility on your Authorizations. SAS Management Console it is good, but not always clear to a lot of people. The Metacoda plug-ins to SMC are simply the best to me https://www.metacoda.com/en/products/security-plug-ins/

Additionally, for what you would like to achieve, I recommend very much a technical configuration called IWA single sign on, on your VA middle-tier. This is achieved through:

Web Authentication: http://documentation.sas.com/?docsetId=bimtag&docsetTarget=n1bhp608f0hsoen10i1vi0p9l5f7.htm&docsetVersion=9.4&locale=en
and Support for Integrated Windows Authentication: http://documentation.sas.com/?docsetId=bimtag&docsetTarget=p1871e69gmwdr0n1o182krslc10p.htm&docsetVersion=9.4&locale=en

Re: Access to SAS VA reports from a custom website

chettiarnishu — Fri, 08 Dec 2017 05:04:41 GMT

Thanks for your response Juan.

I will go through the links that you have provided. The thing that I am confused about is:

The user will login into the custom website. Here he will be authenticated by the ASP code and LDAP authentication

Once he gets access to the website, how can I get him authorized via the SAS Metadata Roles or ACT.

Thanks,

Sandip

Re: Access to SAS VA reports from a custom website

JuanS_OCS — Fri, 08 Dec 2017 08:37:19 GMT

Hello @chettiarnishu,

I am afraid I cannot help you much more on that side, I believe I provided you with all the information I could think of. Single Sign On might be your solution, or just let the users to log in for second time when redirected to SAS VA (although it can result annoying).

Perhaps some references might help you: