cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
freshstarter
Quartz | Level 8 freshstarter
Quartz | Level 8

Restricting Job Scheduling Access in SAS Viya

Posted yesterday (103 views)

Hello,

 

We have a requirement in our SAS Viya environment where only a limited set of groups ( mainly SAS administrator ) should be able to schedule jobs through SAS Studio or SAS Environment Manager.

 

I tried modifying the authorization rules in SAS Environment Manager for the /scheduler and /SASjobexecution object URIs. Instead of granting permissions to the Authenticated Users group, I granted permissions only to the SAS Administrators group. However, non SAS Admin users are still able to schedule jobs through SAS Studio.

 

Could you please let me know the complete list of object URIs that need to be restricted to control job scheduling access for specific groups?

 

Thanks in advance.

0 Likes
Reply
1 REPLY 1
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Restricting Job Scheduling Access in SAS Viya

Posted 4 hours ago (14 views)  |   In reply to freshstarter
Rather than modifying the existing rules granting access you should disable them and create new ones granting the access you want, as the default rules are bootstrapped when the services start, so restarting of services would overwrite your changes.

The ability to actually schedule a job for future execution is driven by create permission on the /scheduler/jobs object URI, but this would not impact the ability to run a job "now" (/jobExecution/jobRequests/<job_request_id>/jobs, /jobExecution/jobs) or create a job (/jobExecution/jobRequests) or flow (/jobFlowScheduling/flows). Updating a flow's schedule is controlled with Update permission on on the flow /jobFlowScheduling/flows/<flow_id>, but pushing that schedule is done with a call to /jobFlowScheduling/flows/<flow_id>/scheduled, and that call would fail if you already blocked permission to /scheduler/jobs, though this could result in the flow having a schedule defined that is not reflected in scheduler.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

Learn how to explore data assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • yesterday
  • 104 views
  • 0 likes
  • 2 in conversation