BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
D_e_n_n_i_s
Obsidian | Level 7

(Edit by Shelley Sessoms, community manager: Thanks, everyone, for such great feedback. I encourage anyone reading this to read through the entire thread to get the valuable information provided by our members. I'd also suggest looking at the admin section of support.sas.com. It's a wealth of information.)

 

Great feedback and solid point - I want anyone doing any part of administration to provide feedback regardless of your actual title.  If you were creating users and managing groups, then I certainly consider you an "Admin" for the discussion here.  Soooo, if you do any SAS administration, regardless of your title, please jump in on this conversation.  It's about sharing what works, not about titles.  Thanks for the terrific feedback again.  I had a HUGE learning curve with the way that SAS does inheritance, whose applicable truth in the field was challenging even for a paid consultant, where it behaved differently than they expected !!  So we all have a learning curve on this.

 

If something worked (or didn't work), share it with us.  If there is a tool that helps - Great !!  If there was some odd technique that seemed to make things fall in place, I'm all about anything that helps.  This is about sharing experiences and lessons learned along the way, which will help all of us.

tcooper92
Fluorite | Level 6

Quentin,

 Your follow was encouraging because I am tasked with building an internal SAS admin team from the ground up. The task is to dovetail two deparmental developments; 1. a data analytics program headed by a new Director for Healthcare Infomatics and , 2. a Data Governance program to be headed by a CDO and Data Governance team.

 We currently have no administration.

Since these topics may be of interest shall I continue in the "How do you  manage SAS" thread?

 

Obviously, I would benefit from any consult.

 

PM incharge.

mpratapwar1
Fluorite | Level 6

If you would like to setup default permission on datasets created from SAS EG then you can do so as below:

1) Go to /usr/local/opt/sas94_configurations/Aytc2Servers/Lev4/BusinessAnalytics/WorkspaceServer [This location will change as per your setup]
2) Check file WorkspaceServer_usermods.sh

3) Add below code
#
# Set file permissions to 664 
#

umask 002

4) Done 🙂

tcooper92
Fluorite | Level 6

Q,

 Much appreciated. I have much to learn. 
Thank you

MichelleHomes
Meteorite | Level 14

Thank you kindly @Quentin for mentioning Metacoda and sharing your experiences. We appreciate your feedback. As you know, we love helping SAS users be more productive in their SAS metadata related work and it delights us to learn our software helps. Thank you and hope to see you again at SASGF 2018 in Denver!

 

Smiley Embarassed <plug>

@D_e_n_n_i_s (and others), if you are interested in experiencing the benefits for yourself in your own environment, please feel free to register for the free utilities or a 30 day evaluation of the commercial Metacoda Security Plug-ins.

</plug>

 

Kind Regards,

Michelle

 

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
D_e_n_n_i_s
Obsidian | Level 7

Michelle - Thanks, I'll take a look at the tools soon.  I appreciate all of the great feedback in this thread and look forward to any admin tips offered !!!  Feel free to post any little tidbit 'cause you never know who you'll help that's in the same situation, desperately trying to reach blue sky again ...

D_e_n_n_i_s
Obsidian | Level 7

Sorry, but I've been without power until today due to Hurricane Irma.  Thanks to everyone for the terrific responses, which I hope are helpful to many others.  It sounds like there are different strategies to help with SAS Administration and I welcome anyone to add to the thread with what helps them get through their admin tasks, both initially to get things set up and moving forward with daily tasks.  Thanks again !!

D_e_n_n_i_s
Obsidian | Level 7

Michelle,

 

Thanks for the private message on your SAS Webinar, which I think contains general information that would not be limited to just the utilities you offer so I'll post a link to it here so others can download it if they like: https://communities.sas.com/t5/SAS-Communities-Library/Q-amp-A-from-SAS-Security-Design-Best-Practic...

 

Thanks,

Dennis

MichelleHomes
Meteorite | Level 14

Good point Dennis... Thanks for sharing!

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
Lenvdb
Quartz | Level 8

Very difficult in my current company.

The SAS Platform itself is a great platform.

When I first arrived it was quite unstable as there had been no Hotfixes applied or Security Patching done since installation 2 years prior.

I began a schedule of regular Security patching and Hotfixing, and it stabilised.

 

My biggest issue is that fingers are poking behind my back in places where I am not always checking, and then things break.

Also - our network is horrendously volatile with admins deploying firewalls, moving VMs around between areas etc, often breaking environments.

 

The general infrastructure is hard to maintain and much of it is in the hands of our IT dept. So I have to jump on the phone more than often to find out who fiddled with the fiirewalls, or why a Hosting server with our Metadata servers suddenly dropped off the network. It keeps me awake at night.

D_e_n_n_i_s
Obsidian | Level 7

You sound much like us, but I have the advantage of having come from IT into our Data Science Dept and have the admin rights on the virtual servers to make the changes we need.  I can't imagine what a nightmare it would be if I had to make requests of IT for all updates.  They even let me create SAS AD groups (which I must communicate to them, of course), which typically only one of our network engineers handles so I've had some nice leeway in this regard.

 

Ohhhhhh the surprise network updates, firewall and Trend Micro (antivirus) changes, domain policy changes, server updates ... the list goes on ad infinitum ...

 

I have been very cautious about giving out SAS Admin rights and have been very mindful from the start to make sure that either I'm making the changes or one of my most trusted admins is making the change and communicating with me.  Even then, it's easy to have surprises with too many irons in the fire. 

 

I think it's really difficult to manage the "too many cooks in the kitchen" issue with losing control of the SAS infrastructure security, libraries, Metadata folders, etc. - Does anyone have suggestions on how to control this?  Is there auditing that could be leveraged here - Even watching our own SAS Admins ??

PaulHomes
Rhodochrosite | Level 12

Hi Dennis,

 

When you have multiple admins making changes and you want to see who changed what and when then you could look at enabling the SAS Environment Manager Service Architecture and using the built-in Report Center or querying the data mart tables yourself.

 

Another option, especially in the area of metadata security for carefully monitoring changes to access controls, high privilege group/role membership etc, is to use the Metacoda Security Testing Framework. This allows you to export test scripts from an environment in a known-good state and then regularly run those test scripts against the environment in batch on a regular basis.  When unexpected changes occur you can get an email alert indicating test failures so you can investigate further to find out if they are due to good or bad security changes. I did a demo of some security implementation tests (for ACTs) in a webinar with @DavidStern recently. You can find a link to the webinar recording and to David's best practice papers via this blog post: SAS® Security Model Design Golden Rules, Validation, and Monitoring with Metacoda. For more background information on the testing framework I wrote a SAS Global Forum 2014 paper: Test for Success: Automated Testing of SAS® Metadata Security Implementations.

 

I hope you find this useful.

 

Cheers

Paul

MichelleHomes
Meteorite | Level 14

Hi Dennis,

 

Further to Paul's reply about using the SAS Environment Manager Service Architecture and the built-in Report Center, in @CharynF and my SAS Global Forum 2017 paper, SAS® Metadata Security 301: Auditing your SAS Environment, we step through a couple of admin audit scenarios such as "Reviewing administrative privilege assignments" and "Who has administrative access?". This paper and Charyn's other SAS metadata security papers can be accessed at the Your SAS Security Journey page.

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
D_e_n_n_i_s
Obsidian | Level 7

Paul - Thanks for the solid links on how the Metacoda product can help with security.  It looks like a great tool to help manage SAS.

 

Michelle - We had folks attend the SAS Global Forum 2017, but they must have missed your terrific presentations.  I appreciate the link to your informative papers: SAS Metadata Security 101, 201 and 301 !!  I will go through them and digest the terrific info these contain.  Thanks !!

MichelleHomes
Meteorite | Level 14

Thanks Dennis for your feedback. It’s certainly a challenge to get to all desired presentations at SASGF. @CharynF deserves the credit for her papers (we co-wrote 301). They are a great series of resourceful information. Thanks!

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 33 replies
  • 5936 views
  • 46 likes
  • 13 in conversation