BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Saud
Calcite | Level 5

Grating,

We have a requirement to segregate the SMC plug-in based on the SAS admin user role. For example, SAS security user can only see (User Manager) plug-in and all other should be disabled and on the other hand, the SAS server Admin  user, can see only (server manager)

Is there any way to achieve this.

Regards

1 ACCEPTED SOLUTION

Accepted Solutions
MichelleHomes
Meteorite | Level 14

Hi @Saud,

 

As @LinusH pointed out it is with Role-based capabilities to enable this. We have a step by step description with screen shots to describe how to enable Metacoda Plug-ins in SAS Management Console at http://platformadmin.com/blogs/paul/2012/02/metacoda-security-plug-ins-role-based-access/ You may find these visual instructions useful and in step 4 is the capability tab for the SMC plug-in(s) you wish to enable.

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com

View solution in original post

4 REPLIES 4
LinusH
Tourmaline | Level 20

There are something called "Capabilities", which lets you restrict functionality in some SAS clients based on user/group membership. Not sure if there is a capability for your specific requirement, but this i definitely your starting point.

 

http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#n0s6jxhq6hmvb3n107...

 

Data never sleeps
MichelleHomes
Meteorite | Level 14

Hi @Saud,

 

As @LinusH pointed out it is with Role-based capabilities to enable this. We have a step by step description with screen shots to describe how to enable Metacoda Plug-ins in SAS Management Console at http://platformadmin.com/blogs/paul/2012/02/metacoda-security-plug-ins-role-based-access/ You may find these visual instructions useful and in step 4 is the capability tab for the SMC plug-in(s) you wish to enable.

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
jakarman
Barite | Level 11

The capabilties are for menu-tailoring in some programs like SMC. Your requiement however is looking to come by a requirement normally known as "segregation of duties" 
The do not offer real security segration as that part is not menu tailoring but of autorisation on objects.

The user-management plugin as menu is no problem for normal users as they shoudl be able and maintain their own login settings. (authdomains).

There is another reason users could easily see other  users in the metadata. There is an option of distribution output by registered mail-adresses in the SAS-metadata. Using that you must be able to read those 

 

Something strange there, as user can add uncontrolled autdomains themself but not deleting them again. Seeing groups/logins can have the impact you can also change those. Change is wanted wiht logins not wiht the groupmembership the latter is effectively sayin granting yourself any righst as you like. Wiht 9.1.3 and using DI that granting of groups by users themself was not preventable.     

 

The normal requiment would be an restricted (not the unrestricted) SAS adminsitrator is the only one responsible for user management (adding/deleting identities) and can be combined wiht granting/deleting group to users.  

---->-- ja karman --<-----
Saud
Calcite | Level 5

Jakarman Thanks a lot. I’ll discover suggested solution which's looks interesting   

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 2319 views
  • 1 like
  • 4 in conversation