Hi @JuanS_OCS,
Here is the information, as provided by Darrell. Hope it helps!
What are the best practices for working and setting Rules in Viya? By default Viya is really open, and all Authorized Users have too many permissions to the different URIs. To work with the GUI for Rules in Environment Manager is hardly workable: way too many URIs and permissions. And the list is not exportable.
It’s hard to establish best practices for permission policies because each organization has different priorities. You seem to want to control access to the applications. That’s accomplished using the CLI and UI as discussed in the other responses to your questions. If you are not happy with the access given to Authenticated Users for the various applications then certainly modify the rules to manage access to the functionality. You can use the CLI with the authorization plug-in to manage things programmatically or the Environment Manger UI. Here’s the CLI help.
$ /opt/sas/viya/home/bin/sas-admin authorization --help
NAME:
sas-authorization
USAGE:
sas-admin authorization command [command options] [arguments...]
COMMANDS:
authorize, grant, create-rule Creates an authorization rule to grant privileges to the specified principal.
create-rules Create a set of authorization rules.
disable-guest-access Disables guest access.
enable-guest-access, facilitate-guest Enables guest access.
explain Shows the explanations of a target object URI. For example: --target-uri /SASHome/**
get-rules-file Show the JSON file used to produce guest access.
help, h Shows a list of commands or help for one command.
list-rules Lists the authorization rules that are defined for the SAS environment.
prohibit Creates an authorization rule to prohibit privileges for the specified principal.
remove-rule, revoke Removes a specific authorization rule.
remove-rules Removes a set of authorization rules.
show-rule Shows a specific authorization rule.
update-rule Modifies a specified authorization rule.
Just filter on the rules (pipe the CLI output to the grep command to filter using the CLI, $ /opt/sas/viya/home/bin/sas-admin authorization list-rules | grep -i visual) and make changes to meet your needs. I demonstrated filtering on the rules in the UI during my session.
So more specific questions would be:
- how to make a proper list of default and custom rules?
Not sure how to separate default vs. custom, but you can use the CLI to get them all...
/opt/sas/viya/home/bin/sas-admin --output text authorization list-rules > ViyaRules.txt
- best way to edit/set rules? I guess some CLI command, or Rest API. Any (editable) script for power building some defaults?
This is totally user choice. In most cases I would use SAS Environment Manager and the Rules page. You can certainly use the CLI with the grant, prohibit, update-rule, etc. to manage the rules. See help above.
