Hello @DeaT;

what kind of administrative permissions would you like to grant? Do you have a list?

If the LASR servers are running under the same metadata server, the set up could become more complex. If the LASR servers are on different servers/metadata servers, then the setup is easier. I guess you are talking about the first option.

I think you are talking about full multi-tenancy, but LASR is not fully ready to be multi-tenant, SAS Viya and CAS are better in that sense.

In 9.4 your options is to play with:

- Giving Administrative and read/write metadata permissions to the right metadata locations.

- And to create copies of the VA Data admin and VA Admin groups, putting the permissions for the right groups ... but this could be a dangerous change and I would like to suggest you to align with SAS Technical Support or a SAS Consultant that is expert in the topic. beware that it might not be supported officially.

Hi @JuanS_OCS,

Thank you for your feedback! Unfortunately all three servers run under the same metadata server. SAS Viya is not yet an option for us due to security concerns coming from the upper management.

As about the permissions, we would like to get this group to be self-sufficient: so their admin should be able to create auto-load processes, grant permissions to their own users to read, write, read metadata, create reports, etc., grant permissions to folders as needed and so forth. Basically we would like the representative of this group to have full admin privileges for one server only.

Is there any technical documentation you believe might be relevant? We might have to contact their Tech Support, but we wanted to try to solve it on our own first.

Thank you again.

Best.

Hi @DeaT,

there is some documentation out there, from SAS and from customers that wrote a SAS Paper:

https://support.sas.com/resources/papers/proceedings16/11684-2016.pdf

http://support.sas.com/resources/papers/proceedings15/SAS1682-2015.pdf

http://support.sas.com/resources/papers/proceedings15/3046-2015.pdf

https://communities.sas.com/t5/SAS-Communities-Library/Five-papers-on-Recommended-SAS-9-4-Security-M...

Most of them work around the idea of permissions on Visual Analytics, multi-tenancy, quite in general, but none proposes a specific global solution. Still, good ones on each specific area.

However, I have worked with those documents and they became very useful to me, to adapt this information to my requirements. Took ideas from there and there, and it works fine. 

Of course, it needs a lot of testing. 

I would like to also suggest you, in case you are not using it yet, the Metacoda tool ( @MichelleHomes , @PaulHomes I would like to summon you here). If you have the chance, give it a look, it reduces the times you can break your head agains a wall 🙂 

Much appreciated!

Thanks @JuanS_OCS for the mention.

@DeaT - as Juan mention, we have tools to help SAS administrators troubleshoot SAS metadata related security issues quickly and easily. Please have a look at our website, https://www.metacoda.com for details and if you have any questions or would like a 30 day free evaluation, please let us know.

Kind Regards,

Michelle

Thank you, @MichelleHomes. I'll check it out.

Regards.