I've an excel file under a folder on server that only a group of users have access to this folder. This excel file has connection to a dataset on server that whenever we change it the dataset will be updated.
Now I need to restrict the access to this excel sheet(and dataset) to only some users.
Should I create a group or role in SAS MC for that or both?
Are the users asked for their SAS credentials when they change the Excel sheet?
The question is: can SAS know who is making the change in Excel? If that is somehow managed through IWA, you might have a chance. But if the Excel file simply uses a generic user in SAS, then you have no means to check who's really doing it.
- SMC groups is just an additional layer of security provided for the Metadata registered.
- I would suggest to remove the write permission for the file for others so that only the Owner/Members part of the file owned group can change/edit it.
- In-case you do not wish even the members of the same group to change it then remove write permissions for the group members as well.
- You can also use ACL for more complex security.
Hope this helps.
If you don't align OS permissions for the Excel file with the SAS metadata permissions then users could simply bypass SAS metadata and access the Excel file directly either with a SAS LIBNAME in code (which bypasses metadata) or by opening the file directly in Excel - is this an issue?
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.
Find more tutorials on the SAS Users YouTube channel.