BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
wjsnyder
Fluorite | Level 6

Hello,

 

I am new application administrator at my institue and have been told I will be working with our SAS softwar.  I have two co-workers who have been at the institue through the first phase (SAS is brand new to our institue) of installation SAS.  Currenlty the tech that our institue talking with is helping a department set up an appropriate file structure.  What I am trying to wrap my head around are the user permissions.  We currenlty are using PUBLIC type users that receieve their sign on from our Active Directory.  Problem I am running into is every one can see every one else's folders and information.  I have looked over several documents but can't wrap my head around the permissions.  

 

These are the doucuments I have been looking at. We are using SAS Managment Console 9.4

1. http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#p03h42tf0s7ogyn1pq...

2.http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#p0soxnjm1vtia9n10f...

3.http://support.sas.com/documentation/cdl/en/bisag/68240/HTML/default/viewer.htm#n0sopkld74t0wyn1b3wr...

4.http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n1gwrrpfx9ujqun17s...

5.http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#n1onkjqqkpz6fin1k0...

 

 

I have found that Roles allow me to limit groups or user to which applications they can see be I don't understand how I can limit groups into seeing only certain folders.

 

If someone could assist me into breaking this infromation down to more easily digestable information or provide me with an example of how do I make one person not be able to look at another person's file that would be great.

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
JuanS_OCS
Amethyst | Level 16

Hi,

 

probably you are giving too many permissions to the SASUSERS or PUBLIC groups.

 

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0pt0r7u55rqu2n1cd...

 

- PUBLIC should have deny on all the metadata. (on the Default ACT would make life much easier to you).

- SASUSERS should have allow read metadata by default (on the Default ACT), the other permissions should be denied.

- Then, on the folders, SASUSERS and PUBLIC should have Denied all.

- Ensure the SAS Administrators have full permissions on each folder.

- Ensure the SAS System Services can have the required permissions: SAS System Services group a grant of ReadMetadata permission on the folders.

- Then provide the required permissions to groups on the root folders.

- Deny the permissions to groups should not access on the root folders.

 

And again, if you can implement this with ACTs, this is a bit more time in the begining, it requires some design, but afterwards your life will be easier 🙂

http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#p0vhii6t8n64a0n154...

http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/viewer.htm#a003271263.htm

 

I hope this can help you a bit.

View solution in original post

3 REPLIES 3
JuanS_OCS
Amethyst | Level 16

Hi,

 

probably you are giving too many permissions to the SASUSERS or PUBLIC groups.

 

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0pt0r7u55rqu2n1cd...

 

- PUBLIC should have deny on all the metadata. (on the Default ACT would make life much easier to you).

- SASUSERS should have allow read metadata by default (on the Default ACT), the other permissions should be denied.

- Then, on the folders, SASUSERS and PUBLIC should have Denied all.

- Ensure the SAS Administrators have full permissions on each folder.

- Ensure the SAS System Services can have the required permissions: SAS System Services group a grant of ReadMetadata permission on the folders.

- Then provide the required permissions to groups on the root folders.

- Deny the permissions to groups should not access on the root folders.

 

And again, if you can implement this with ACTs, this is a bit more time in the begining, it requires some design, but afterwards your life will be easier 🙂

http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#p0vhii6t8n64a0n154...

http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/viewer.htm#a003271263.htm

 

I hope this can help you a bit.

JuanS_OCS
Amethyst | Level 16

Hi @wjsnyder

 

I would like to follow up the progress of your question. Was your question resolved ?

 

Thank you in advance,

Best regards,

Juan

wjsnyder
Fluorite | Level 6

Juan,

 

It was these references pointed me to where I need to go to be able to get a sound foundational understanding of the environment in front of me.  

 

Thank you.

 

Wayne

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 1882 views
  • 1 like
  • 2 in conversation