As already stated SAS cannot manage or bypass or superceed the OS security.
Still it is the best approach to have the OS securtiy well defined and rely on that. It can be secured to the higest requirements under the condition of cooperation and real support of that part of IT-staff.
When you have a central security approach you can get to RBAC and password propagation. When using Unix (Linux) systems the best thing arround is LDAP and LDAP being connected to a central password updata approach.
AD of Windows is also a LDAP implemtation, but that one can not be used for Unix. The reason is: it is missing the required id/gid definitions for users/groups used by Unix. This implies the need of a identity system for just propagating the password.
Remember that SAS is not aware of some user/security as seen with SSH. A password pop-up for change eg is impossible. You could have the situation that SAS is still working and SSH fails or the other way arround.
---->-- ja karman --<-----