11-21-2017 02:54 AM
I've an excel file under a folder on server that only a group of users have access to this folder. This excel file has connection to a dataset on server that whenever we change it the dataset will be updated.
Now I need to restrict the access to this excel sheet(and dataset) to only some users.
Should I create a group or role in SAS MC for that or both?
11-21-2017 03:04 AM
Are the users asked for their SAS credentials when they change the Excel sheet?
11-21-2017 03:11 AM - edited 11-21-2017 03:12 AM
But can you please tell me the difference in both cases(asking and not asking for credentials)
and how could the solution be different? :-)
11-21-2017 03:20 AM
The question is: can SAS know who is making the change in Excel? If that is somehow managed through IWA, you might have a chance. But if the Excel file simply uses a generic user in SAS, then you have no means to check who's really doing it.
11-21-2017 03:18 AM
- SMC groups is just an additional layer of security provided for the Metadata registered.
- I would suggest to remove the write permission for the file for others so that only the Owner/Members part of the file owned group can change/edit it.
- In-case you do not wish even the members of the same group to change it then remove write permissions for the group members as well.
- You can also use ACL for more complex security.
Hope this helps.
11-21-2017 02:41 PM
If you don't align OS permissions for the Excel file with the SAS metadata permissions then users could simply bypass SAS metadata and access the Excel file directly either with a SAS LIBNAME in code (which bypasses metadata) or by opening the file directly in Excel - is this an issue?