BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Rama_s
Calcite | Level 5

Hi,

We have to two metadata servers for maintaining SAS metadata security  (One Metadata server for developing data, and the other Metadata for Visual Analytics). Basically, we have two servers. It has become a very tedious process to maintain multiple metadata security. 

 

I have been recently working on Dataflux Management Studio, I would like to deploy the jobs on the Data Mangement Server, I did see there is Authorization Server too, but it is not running due to license issue. 

 

Is this Authorization Server helps in maintaining multiple SAS environment security? I would not like to see another security model just for Data management Server. 

 

Any help would be appreciated.

 

Thanks

Rama

1 ACCEPTED SOLUTION

Accepted Solutions
JuanS_OCS
Amethyst | Level 16

You are welcome @Rama_s.

 

That last question, I am not sure how to answer it, since it looks quite general.

Only with that, I would say that it depends basically on the security policies within your company. How do you want to secure data and the processes? Which are the requirements? All of this, is what is called the Security Model. Once you get this, you can go to the authorizations matrix and the implementations on each system such as on the metadata, databases, filesystem,, etc.

 

If you feel a bit lost with this task, I would strongly recommend you to get a SAS consultant or partner to investigate your requirements and advise you with the process to define and implement proper security on your data.

View solution in original post

4 REPLIES 4
JuanS_OCS
Amethyst | Level 16

Hello @Rama_s,

 

I think your question is related to the Metadata server, rather than on the Authorization Server of the dataflux components.

 

Technically, you could have a single metadata server for all your SAS products. Only requirements is that all the products have to remain on the same SAS major version and same maintenanve level (eg SAS 9.4 M3). Of course, the consideration here, is that you will have dependencies and probably the most interesting one is that you cannot upgrade SAS VA to the latest version, since VA lyfecycle goes quicker than other SAS solutions.

 

All of this said, that is an option. Another option for you, is to have a single authorization model for both servers and simplify your work. And together with this option, I believe the right tools might help you too, as the Metacoda ones (you can contact @MichelleHomes or @PaulHomes ) for additional information. I am sure they can make your life much easier.

 

Best regards,

Juan

PaulHomes
Rhodochrosite | Level 12

Hi @Rama_s,

 

As @JuanS_OCS mentioned, to reduce the maintenance overhead of managing 2 environments you could consider a merged environment based on a single metadata server. However, I believe it is common practice to run them independantly so you can take advantage of the faster product release cycles for VA.

 

One of the Metacoda products Juan mentioned that might be of interest to you is a Metadata Security Testing Framework. This is a commercial product we developed to assist with managing consistent SAS metadata security across multiple metadata environments. This can be for consistency in a single environment over time, across different environments (such as dev, testing, staging, prod, BI, VA etc), and across different versions (such as for 9.3 to 9.4 migrations).  Tests scripts for metadata security implementation can be generated from a source environment and then automated to test multiple target environments, generating alerts when discrepancies are detected. I presented a paper at SAS Global Forum 2014 on the concept Test for Success: Automated Testing of SAS® Metadata Security Implementations and have written some blog posts about it too e.g. SAS Metadata Security Testing and Testing Conditional Grants in SAS Visual Analytics.

 

If you're interested in a commercial product to help in this situation, please message me and we can discuss further.

 

Kind regards,

Paul

 

Rama_s
Calcite | Level 5

Thanks @PaulHomes and @JuanS_OCS for the response regarding multiple metadata servers.

 

What do you suggest for Data Management Server security? 

JuanS_OCS
Amethyst | Level 16

You are welcome @Rama_s.

 

That last question, I am not sure how to answer it, since it looks quite general.

Only with that, I would say that it depends basically on the security policies within your company. How do you want to secure data and the processes? Which are the requirements? All of this, is what is called the Security Model. Once you get this, you can go to the authorizations matrix and the implementations on each system such as on the metadata, databases, filesystem,, etc.

 

If you feel a bit lost with this task, I would strongly recommend you to get a SAS consultant or partner to investigate your requirements and advise you with the process to define and implement proper security on your data.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 1601 views
  • 3 likes
  • 3 in conversation