cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
againreddy
Obsidian | Level 7 againreddy
Obsidian | Level 7
Go to Solution

Importing AD groups and users and Mapping them to SAS Metadata

Posted 04-24-2017 11:32 AM (3656 views)

Our SAs users are looking for using AD  groups in SAS 9.4 M3 linux server using utility macros(importad.sas).  As of now, Our users using PAM(Binding)  for authentication.

Please let us know, What are the risks involved using AD  groups in SAS 9.4 M3 linux server?

 

 

 

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
jklaverstijn
Rhodochrosite | Level 12 jklaverstijn
Rhodochrosite | Level 12

Re: Importing AD groups and users and Mapping them to SAS Metadata

Posted 04-24-2017 04:47 PM (4007 views)  |   In reply to againreddy

We have a strict sync process between AD and SAS metadata which works very well. If there is a risk it probably will come from a lack of discipline because manual updates can interfere with the ones coming from AD. That may yield errors and problems resulting from an incomplete sync. We just don't do manual updates; any new user or group membership change will go through an audited and monitored approval process. And that's it. So this is taken fro IT to the business, where we feel it belongs. We see or experience no downside.

 

In fact, if you take the trouble of adding Kerberos authentication to the mix, you can setup a authentication and authorization process that runs itself and extends beyond the metadata to the filesystems and back-end database management systems (we extend it to the Teradata realm). Users, admins and security officers will benefit equally. No more password resets or locked out users. And very clear reporting. In short, highly recommended.

 

If you want syncing managed from SAS Management Console have a look at the Metadatcoda plug-ins. They have done wonders in this field.

 

Regards,

- Jan.

View solution in original post

3 REPLIES 3
jklaverstijn
Rhodochrosite | Level 12 jklaverstijn
Rhodochrosite | Level 12

Re: Importing AD groups and users and Mapping them to SAS Metadata

Posted 04-24-2017 04:47 PM (4008 views)  |   In reply to againreddy

We have a strict sync process between AD and SAS metadata which works very well. If there is a risk it probably will come from a lack of discipline because manual updates can interfere with the ones coming from AD. That may yield errors and problems resulting from an incomplete sync. We just don't do manual updates; any new user or group membership change will go through an audited and monitored approval process. And that's it. So this is taken fro IT to the business, where we feel it belongs. We see or experience no downside.

 

In fact, if you take the trouble of adding Kerberos authentication to the mix, you can setup a authentication and authorization process that runs itself and extends beyond the metadata to the filesystems and back-end database management systems (we extend it to the Teradata realm). Users, admins and security officers will benefit equally. No more password resets or locked out users. And very clear reporting. In short, highly recommended.

 

If you want syncing managed from SAS Management Console have a look at the Metadatcoda plug-ins. They have done wonders in this field.

 

Regards,

- Jan.

MichelleHomes
Meteorite | Level 14 MichelleHomes
Meteorite | Level 14

Re: Importing AD groups and users and Mapping them to SAS Metadata

Posted 04-24-2017 05:26 PM (3619 views)  |   In reply to jklaverstijn

Thanks Jan for mentioning Metacoda Plug-ins.

 

FYI, we have an Identity Sync Plug-in that may help with you with your active directory synchronization requirements. Some background information on the plug-in can be found at the following blog that also includes a screencast on the Metacoda Identity Sync Plug-in in action. https://platformadmin.com/blogs/paul/2015/07/synchronizing-sas-platform-identities/ Please let me know if you'd like to get a 30 day free evaluation to try it out.

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
0 Likes
againreddy
Obsidian | Level 7 againreddy
Obsidian | Level 7

Re: Importing AD groups and users and Mapping them to SAS Metadata

Posted 04-27-2017 09:40 AM (3586 views)  |   In reply to jklaverstijn
Thank you Jan and Michelle for your responses..

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • ‎04-24-2017 11:32 AM
  • 3657 views
  • 5 likes
  • 3 in conversation