Architecting, installing and maintaining your SAS environment

Has anyone used Authorization Server?

Accepted Solution Solved
Reply
Occasional Contributor
Posts: 5
Accepted Solution

Has anyone used Authorization Server?

Hi,

We have to two metadata servers for maintaining SAS metadata security  (One Metadata server for developing data, and the other Metadata for Visual Analytics). Basically, we have two servers. It has become a very tedious process to maintain multiple metadata security. 

 

I have been recently working on Dataflux Management Studio, I would like to deploy the jobs on the Data Mangement Server, I did see there is Authorization Server too, but it is not running due to license issue. 

 

Is this Authorization Server helps in maintaining multiple SAS environment security? I would not like to see another security model just for Data management Server. 

 

Any help would be appreciated.

 

Thanks

Rama


Accepted Solutions
Solution
‎11-18-2016 06:14 AM
Trusted Advisor
Posts: 1,307

Re: Has anyone used Authorization Server?

You are welcome @Rama_s.

 

That last question, I am not sure how to answer it, since it looks quite general.

Only with that, I would say that it depends basically on the security policies within your company. How do you want to secure data and the processes? Which are the requirements? All of this, is what is called the Security Model. Once you get this, you can go to the authorizations matrix and the implementations on each system such as on the metadata, databases, filesystem,, etc.

 

If you feel a bit lost with this task, I would strongly recommend you to get a SAS consultant or partner to investigate your requirements and advise you with the process to define and implement proper security on your data.

View solution in original post


All Replies
Trusted Advisor
Posts: 1,307

Re: Has anyone used Authorization Server?

Hello @Rama_s,

 

I think your question is related to the Metadata server, rather than on the Authorization Server of the dataflux components.

 

Technically, you could have a single metadata server for all your SAS products. Only requirements is that all the products have to remain on the same SAS major version and same maintenanve level (eg SAS 9.4 M3). Of course, the consideration here, is that you will have dependencies and probably the most interesting one is that you cannot upgrade SAS VA to the latest version, since VA lyfecycle goes quicker than other SAS solutions.

 

All of this said, that is an option. Another option for you, is to have a single authorization model for both servers and simplify your work. And together with this option, I believe the right tools might help you too, as the Metacoda ones (you can contact @MichelleHomes or @PaulHomes ) for additional information. I am sure they can make your life much easier.

 

Best regards,

Juan

PROC Star
Posts: 424

Re: Has anyone used Authorization Server?

Posted in reply to JuanS_OCS

Hi @Rama_s,

 

As @JuanS_OCS mentioned, to reduce the maintenance overhead of managing 2 environments you could consider a merged environment based on a single metadata server. However, I believe it is common practice to run them independantly so you can take advantage of the faster product release cycles for VA.

 

One of the Metacoda products Juan mentioned that might be of interest to you is a Metadata Security Testing Framework. This is a commercial product we developed to assist with managing consistent SAS metadata security across multiple metadata environments. This can be for consistency in a single environment over time, across different environments (such as dev, testing, staging, prod, BI, VA etc), and across different versions (such as for 9.3 to 9.4 migrations).  Tests scripts for metadata security implementation can be generated from a source environment and then automated to test multiple target environments, generating alerts when discrepancies are detected. I presented a paper at SAS Global Forum 2014 on the concept Test for Success: Automated Testing of SAS® Metadata Security Implementations and have written some blog posts about it too e.g. SAS Metadata Security Testing and Testing Conditional Grants in SAS Visual Analytics.

 

If you're interested in a commercial product to help in this situation, please message me and we can discuss further.

 

Kind regards,

Paul

 

Occasional Contributor
Posts: 5

Re: Has anyone used Authorization Server?

Posted in reply to PaulHomes

Thanks @PaulHomes and @JuanS_OCS for the response regarding multiple metadata servers.

 

What do you suggest for Data Management Server security? 

Solution
‎11-18-2016 06:14 AM
Trusted Advisor
Posts: 1,307

Re: Has anyone used Authorization Server?

You are welcome @Rama_s.

 

That last question, I am not sure how to answer it, since it looks quite general.

Only with that, I would say that it depends basically on the security policies within your company. How do you want to secure data and the processes? Which are the requirements? All of this, is what is called the Security Model. Once you get this, you can go to the authorizations matrix and the implementations on each system such as on the metadata, databases, filesystem,, etc.

 

If you feel a bit lost with this task, I would strongly recommend you to get a SAS consultant or partner to investigate your requirements and advise you with the process to define and implement proper security on your data.

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 4 replies
  • 419 views
  • 3 likes
  • 3 in conversation