- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
the identity, authorizations and rules in SAS Viya is definetely a very exciting world. While for most of actions the GUI is OK, there are many cases where the CLI or Rest-API interfaces can help greatly. This is the area I am mostly exploring at this moment.
I have a question with Darrel, where @ShelleySessoms is helping me in communications with him.
In parallel, I saw a very related and interesting question open by @mimran and being answered by Super_FREQ @Madelyn_SAS with lots of information.
But I have a problem, after having a profile, successfully login in (with my user which has capabilities as SAS Administrator as well), I can do many operations, but the following command returns a list, but empty, only the headers
/opt/sas/viya/home/bin/sas-admin --output text authorization list-rules
Is it possible that the command won't return the rules that are set by default with a Viya installation?
It would be great to see everything.
I feel very curious about your insights. specially Darrel's ( @ShelleySessoms ) and @Madelyn_SAS 's.
Thank you in advance!
Kind regards,
Juan
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
That command should list the authorization rules from /authorization/rules. What do you see if you open https://<SAS_VIYA_FQDN>/authorization/rules?
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Darrell says, "I assume I’m doing the same things he is. I’m seeing all the rules when I run the CLI command as a SAS Administrator." He suggests contacting tech support. Since @alexal is on the thread, you're good there. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi @JuanS_OCS,
When I was doing some work with the REST API, I was also seeing a filtered list of rules returned (dozens instead of hundreds), which appeared to be related to not opting in to the assumable group SASAdministrators. I just tried the CLI when logged in as an admin and it returned hundreds of rules. When logged in as a normal user it returned less than 50 rules. I don't see any CLI option to opt in/out of assumable groups so perhaps double check you are logged in as a member of SASAdministrators?
Cheers
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, @ShelleySessoms, @alexal and @PaulHomes !
From the RestAPI URI:
- if I log in, with my user, without assuming SAS Administrator, I indeed get a fre rules.
- if I log in, with my user, assuming SAS Administrator, I get more rules. Not sure if it is the full set. but at least larger quantity.
From the CLI:
- When I log in, with my user, I have no option to assume SAS Administrator role.
- The list of rules is completely empty.
@alexal, could you please check this? I checked by now 4 different installations of Viya 3.3, at customers are at my server, and all of them give same results.
@PaulHomes, agreed! A prompt or parameter in CLI to assume, or not, Custom Groups, at least SAS Administrator, would be great.
That one goes to the ballot right away.
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
THank you @alexal
Maybe there is a difference, on how my user is configured, or how I do log in, from what you do.
Could you please share your user set up and login process?
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
Hi @alexal,
thank you. So I see I am doing nothing different than you, unless that loging with a created profile does make a difference.
Tried also without profile, and I am getting the same, on several Viya environments.
- Mark as New
- Bookmark
- Subscribe
- Mute
- RSS Feed
- Permalink
- Report Inappropriate Content
I would like to review an output from a command shown below:
/opt/sas/viya/home/bin/sas-admin --verbose authorization list-rules