This account should actually have quite restricted permissions, especially if you are allowing business users to create stored processes (eg, using EG).
This is because - unless you configure the STP to run under the end user OS creds - you are granting those users the ability to run code under a different OS account.
Where you need to run SAS Apps with STPs with elevated OS credentials (such as in our product, Data Controller for SAS) then you are recommended to create a dedicated STP context and restrict the STPs that can run under that context. More info: https://docs.datacontroller.io/dci-stpinstance/
/Allan
SAS Challenges - SASensei
MacroCore library for app developers
SAS networking events (BeLux, Germany, UK&I)Data Workflows, Data Contracts, Data Lineage, Drag & drop excel EUCs to SAS 9 & Viya -
Data ControllerDevOps and AppDev on SAS 9 / Viya / Base SAS -
SASjs