BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
thesasuser
Lapis Lazuli | Level 10

Hello
I apologize if this question is very trivial.
My question is do SAS Spawned Server Account (sassrv) and the first user account (sasdemo) need to be local administrators?
The context is of SAS 9.4 being installed on a Windows Server.
As I see in the documentation these are external accounts and the spawned server account account(sassrv) needs to be a member of the group of the sas installer account( typically sas). In addition it needs to have log in as batch privileges'.
I haven't seen any requirement that sassrv and sasdemo should have local admin rights (i.e. members of the local administrator group). 

I request  experienced administrator and superusers for their guidance.

1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ
No, these users should not be local admins.
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

2 REPLIES 2
gwootton
SAS Super FREQ
No, these users should not be local admins.
--
Greg Wootton | Principal Systems Technical Support Engineer
AllanBowe
Barite | Level 11

This account should actually have quite restricted permissions, especially if you are allowing business users to create stored processes (eg, using EG).

 

This is because - unless you configure the STP to run under the end user OS creds - you are granting those users the ability to run code under a different OS account.

 

Where you need to run SAS Apps with STPs with elevated OS credentials (such as in our product, Data Controller for SAS) then you are recommended to create a dedicated STP context and restrict the STPs that can run under that context.  More info:  https://docs.datacontroller.io/dci-stpinstance/

/Allan
SAS Challenges - SASensei
MacroCore library for app developers
SAS networking events (BeLux, Germany, UK&I)

Data Workflows, Data Contracts, Data Lineage, Drag & drop excel EUCs to SAS 9 & Viya - Data Controller
DevOps and AppDev on SAS 9 / Viya / Base SAS - SASjs

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 1811 views
  • 2 likes
  • 3 in conversation