Architecting, installing and maintaining your SAS environment

Basic User Permissions: how do I restrict users with permissions

Accepted Solution Solved
Reply
New Contributor
Posts: 4
Accepted Solution

Basic User Permissions: how do I restrict users with permissions

Hello,

 

I am new application administrator at my institue and have been told I will be working with our SAS softwar.  I have two co-workers who have been at the institue through the first phase (SAS is brand new to our institue) of installation SAS.  Currenlty the tech that our institue talking with is helping a department set up an appropriate file structure.  What I am trying to wrap my head around are the user permissions.  We currenlty are using PUBLIC type users that receieve their sign on from our Active Directory.  Problem I am running into is every one can see every one else's folders and information.  I have looked over several documents but can't wrap my head around the permissions.  

 

These are the doucuments I have been looking at. We are using SAS Managment Console 9.4

1. http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#p03h42tf0s7ogyn1pq...

2.http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#p0soxnjm1vtia9n10f...

3.http://support.sas.com/documentation/cdl/en/bisag/68240/HTML/default/viewer.htm#n0sopkld74t0wyn1b3wr...

4.http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n1gwrrpfx9ujqun17s...

5.http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#n1onkjqqkpz6fin1k0...

 

 

I have found that Roles allow me to limit groups or user to which applications they can see be I don't understand how I can limit groups into seeing only certain folders.

 

If someone could assist me into breaking this infromation down to more easily digestable information or provide me with an example of how do I make one person not be able to look at another person's file that would be great.

 

Thanks!


Accepted Solutions
Solution
‎07-08-2016 11:25 AM
Trusted Advisor
Posts: 1,312

Re: Basic User Permissions: how do I restrict users with permissions

Hi,

 

probably you are giving too many permissions to the SASUSERS or PUBLIC groups.

 

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0pt0r7u55rqu2n1cd...

 

- PUBLIC should have deny on all the metadata. (on the Default ACT would make life much easier to you).

- SASUSERS should have allow read metadata by default (on the Default ACT), the other permissions should be denied.

- Then, on the folders, SASUSERS and PUBLIC should have Denied all.

- Ensure the SAS Administrators have full permissions on each folder.

- Ensure the SAS System Services can have the required permissions: SAS System Services group a grant of ReadMetadata permission on the folders.

- Then provide the required permissions to groups on the root folders.

- Deny the permissions to groups should not access on the root folders.

 

And again, if you can implement this with ACTs, this is a bit more time in the begining, it requires some design, but afterwards your life will be easier Smiley Happy

http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#p0vhii6t8n64a0n154...

http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/viewer.htm#a003271263.htm

 

I hope this can help you a bit.

View solution in original post


All Replies
Solution
‎07-08-2016 11:25 AM
Trusted Advisor
Posts: 1,312

Re: Basic User Permissions: how do I restrict users with permissions

Hi,

 

probably you are giving too many permissions to the SASUSERS or PUBLIC groups.

 

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0pt0r7u55rqu2n1cd...

 

- PUBLIC should have deny on all the metadata. (on the Default ACT would make life much easier to you).

- SASUSERS should have allow read metadata by default (on the Default ACT), the other permissions should be denied.

- Then, on the folders, SASUSERS and PUBLIC should have Denied all.

- Ensure the SAS Administrators have full permissions on each folder.

- Ensure the SAS System Services can have the required permissions: SAS System Services group a grant of ReadMetadata permission on the folders.

- Then provide the required permissions to groups on the root folders.

- Deny the permissions to groups should not access on the root folders.

 

And again, if you can implement this with ACTs, this is a bit more time in the begining, it requires some design, but afterwards your life will be easier Smiley Happy

http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#p0vhii6t8n64a0n154...

http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/viewer.htm#a003271263.htm

 

I hope this can help you a bit.

Trusted Advisor
Posts: 1,312

Re: Basic User Permissions: how do I restrict users with permissions

Hi @wjsnyder

 

I would like to follow up the progress of your question. Was your question resolved ?

 

Thank you in advance,

Best regards,

Juan

New Contributor
Posts: 4

Re: Basic User Permissions: how do I restrict users with permissions

Posted in reply to JuanS_OCS

Juan,

 

It was these references pointed me to where I need to go to be able to get a sound foundational understanding of the environment in front of me.  

 

Thank you.

 

Wayne

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 3 replies
  • 573 views
  • 1 like
  • 2 in conversation