BookmarkSubscribeRSS Feed
JuanS_OCS
Amethyst | Level 16

Hi,

 

the identity, authorizations and rules in SAS Viya is definetely a very exciting world. While for most of actions the GUI is OK, there are many cases where the CLI or Rest-API interfaces can help greatly. This is the area I am mostly exploring at this moment.

 

I have a question with Darrel, where @ShelleySessoms is helping me in communications with him. 

https://communities.sas.com/t5/Administration-and-Deployment/Join-us-for-our-next-SUGA-Webinar-on-Oc...

In parallel, I saw a very related and interesting question open by @mimran and being answered by Super_FREQ @Madelyn_SAS with lots of information.

https://communities.sas.com/t5/Administration-and-Deployment/How-to-grant-or-restrict-user-access-in...

 

But I have a problem, after having a profile, successfully login in (with my user which has capabilities as SAS Administrator as well), I can do many operations, but the following command returns a list, but empty, only the headers

/opt/sas/viya/home/bin/sas-admin --output text authorization list-rules

 

Is it possible that the command won't return the rules that are set by default with a Viya installation? 

It would be great to see everything.

 

I feel very curious about your insights. specially Darrel's ( @ShelleySessoms ) and @Madelyn_SAS 's.

 

Thank you in advance!

 

Kind regards, 

Juan

 

 

9 REPLIES 9
alexal
SAS Employee

@JuanS_OCS,

 

That command should list the authorization rules from /authorization/rules. What do you see if you open https://<SAS_VIYA_FQDN>/authorization/rules?

ShelleySessoms
Community Manager

Darrell says, "I assume I’m doing the same things he is. I’m seeing all the rules when I run the CLI command as a SAS Administrator." He suggests contacting tech support. Since @alexal is on the thread, you're good there. Thanks!

PaulHomes
Rhodochrosite | Level 12

Hi @JuanS_OCS,

 

When I was doing some work with the REST API, I was also seeing a filtered list of rules returned (dozens instead of hundreds), which appeared to be related to not opting in to the assumable group SASAdministrators. I just tried the CLI when logged in as an admin and it returned hundreds of rules. When logged in as a normal user it returned less than 50 rules. I don't see any CLI option to opt in/out of assumable groups so perhaps double check you are logged in as a member of SASAdministrators?

 

Cheers
Paul

 

JuanS_OCS
Amethyst | Level 16

Thank you, @ShelleySessoms@alexal and @PaulHomes !

 

@alexal, @PaulHomes,

From the RestAPI URI:

  • if I log in, with my user, without assuming SAS Administrator, I indeed get a fre rules.
  • if I log in, with my user, assuming SAS Administrator, I get more rules. Not sure if it is the full set. but at least larger quantity.

 

From the CLI:

  • When I log in, with my user, I have no option to assume SAS Administrator role.
  • The list of rules is completely empty.

 

@alexal, could you please check this? I checked by now 4 different installations of Viya 3.3, at customers are at my server, and all of them give same results.

 

@PaulHomes, agreed! A prompt or parameter in CLI to assume, or not, Custom Groups, at least SAS Administrator, would be great.

That one goes to the ballot right away.

alexal
SAS Employee

@JuanS_OCS,

 

Here is what I see on my SAS Viya 3.3 server:

 

1____sas-admin_authorization_list-rules__ssh_.png

JuanS_OCS
Amethyst | Level 16

THank you @alexal

Maybe there is a difference, on how my user is configured, or how I do log in, from what you do.

 

Could you please share your user set up and login process?

JuanS_OCS
Amethyst | Level 16

Hi @alexal,

 

thank you. So I see I am doing nothing different than you, unless that loging with a created profile does make a difference.

Tried also without profile, and I am getting the same, on several Viya environments.

 

 

alexal
SAS Employee

@JuanS_OCS,

 

I would like to review an output from a command shown below:

 

/opt/sas/viya/home/bin/sas-admin --verbose authorization list-rules

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 2249 views
  • 2 likes
  • 4 in conversation