COMMUNITIES

Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos

Documentation

Learn
Brand
PartnerNet
Merchandise

Administration and Deployment

Installing and maintaining your SAS environment
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
JuanS_OCS
Azurite | Level 17 JuanS_OCS
Azurite | Level 17

Rules and authorizations in SAS Viya

Posted 10-17-2018 06:16 AM (2774 views)

Hi,

 

the identity, authorizations and rules in SAS Viya is definetely a very exciting world. While for most of actions the GUI is OK, there are many cases where the CLI or Rest-API interfaces can help greatly. This is the area I am mostly exploring at this moment.

 

I have a question with Darrel, where @ShelleySessoms is helping me in communications with him. 

https://communities.sas.com/t5/Administration-and-Deployment/Join-us-for-our-next-SUGA-Webinar-on-Oc...

In parallel, I saw a very related and interesting question open by @mimran and being answered by Super_FREQ @Madelyn_SAS with lots of information.

https://communities.sas.com/t5/Administration-and-Deployment/How-to-grant-or-restrict-user-access-in...

 

But I have a problem, after having a profile, successfully login in (with my user which has capabilities as SAS Administrator as well), I can do many operations, but the following command returns a list, but empty, only the headers

/opt/sas/viya/home/bin/sas-admin --output text authorization list-rules

 

Is it possible that the command won't return the rules that are set by default with a Viya installation? 

It would be great to see everything.

 

I feel very curious about your insights. specially Darrel's ( @ShelleySessoms ) and @Madelyn_SAS 's.

 

Thank you in advance!

 

Kind regards, 

Juan

 

 

0 Likes
Reply
9 REPLIES 9
alexal
SAS Employee alexal
SAS Employee

Re: Rules and authorizations in SAS Viya

Posted 10-17-2018 08:24 AM (2755 views)  |   In reply to JuanS_OCS

@JuanS_OCS,

 

That command should list the authorization rules from /authorization/rules. What do you see if you open https://<SAS_VIYA_FQDN>/authorization/rules?

0 Likes
Reply
ShelleySessoms
Community Manager ShelleySessoms
Community Manager

Re: Rules and authorizations in SAS Viya

Posted 10-17-2018 08:28 AM (2752 views)  |   In reply to JuanS_OCS

Darrell says, "I assume I’m doing the same things he is. I’m seeing all the rules when I run the CLI command as a SAS Administrator." He suggests contacting tech support. Since @alexal is on the thread, you're good there. Thanks!

0 Likes
Reply
PaulHomes
Rhodochrosite | Level 12 PaulHomes
Rhodochrosite | Level 12

Re: Rules and authorizations in SAS Viya

Posted 10-17-2018 08:53 PM (2727 views)  |   In reply to JuanS_OCS

Hi @JuanS_OCS,

 

When I was doing some work with the REST API, I was also seeing a filtered list of rules returned (dozens instead of hundreds), which appeared to be related to not opting in to the assumable group SASAdministrators. I just tried the CLI when logged in as an admin and it returned hundreds of rules. When logged in as a normal user it returned less than 50 rules. I don't see any CLI option to opt in/out of assumable groups so perhaps double check you are logged in as a member of SASAdministrators?

 

Cheers
Paul

 

Reply
JuanS_OCS
Azurite | Level 17 JuanS_OCS
Azurite | Level 17

Re: Rules and authorizations in SAS Viya

Posted 10-18-2018 03:03 AM (2717 views)  |   In reply to PaulHomes

Thank you, @ShelleySessoms@alexal and @PaulHomes !

 

@alexal, @PaulHomes,

From the RestAPI URI:

  • if I log in, with my user, without assuming SAS Administrator, I indeed get a fre rules.
  • if I log in, with my user, assuming SAS Administrator, I get more rules. Not sure if it is the full set. but at least larger quantity.

 

From the CLI:

  • When I log in, with my user, I have no option to assume SAS Administrator role.
  • The list of rules is completely empty.

 

@alexal, could you please check this? I checked by now 4 different installations of Viya 3.3, at customers are at my server, and all of them give same results.

 

@PaulHomes, agreed! A prompt or parameter in CLI to assume, or not, Custom Groups, at least SAS Administrator, would be great.

That one goes to the ballot right away.

0 Likes
Reply
alexal
SAS Employee alexal
SAS Employee

Re: Rules and authorizations in SAS Viya

Posted 10-18-2018 08:20 AM (2702 views)  |   In reply to JuanS_OCS

@JuanS_OCS,

 

Here is what I see on my SAS Viya 3.3 server:

 

1____sas-admin_authorization_list-rules__ssh_.png

0 Likes
Reply
JuanS_OCS
Azurite | Level 17 JuanS_OCS
Azurite | Level 17

Re: Rules and authorizations in SAS Viya

Posted 10-19-2018 04:26 AM (2683 views)  |   In reply to alexal

THank you @alexal

Maybe there is a difference, on how my user is configured, or how I do log in, from what you do.

 

Could you please share your user set up and login process?

0 Likes
Reply
alexal
SAS Employee alexal
SAS Employee

Re: Rules and authorizations in SAS Viya

Posted 10-19-2018 06:52 AM (2678 views)  |   In reply to JuanS_OCS

@JuanS_OCS,

 

Sure.

 

2____sas-admin_authorization_list-rules__ssh_.png

0 Likes
Reply
JuanS_OCS
Azurite | Level 17 JuanS_OCS
Azurite | Level 17

Re: Rules and authorizations in SAS Viya

Posted 10-21-2018 10:58 AM (2648 views)  |   In reply to alexal

Hi @alexal,

 

thank you. So I see I am doing nothing different than you, unless that loging with a created profile does make a difference.

Tried also without profile, and I am getting the same, on several Viya environments.

 

 

0 Likes
Reply
alexal
SAS Employee alexal
SAS Employee

Re: Rules and authorizations in SAS Viya

Posted 10-23-2018 07:25 AM (2622 views)  |   In reply to JuanS_OCS

@JuanS_OCS,

 

I would like to review an output from a command shown below:

 

/opt/sas/viya/home/bin/sas-admin --verbose authorization list-rules
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • ‎10-17-2018 06:16 AM
  • 2775 views
  • 2 likes
  • 4 in conversation
Top