BookmarkSubscribeRSS Feed
Amethyst | Level 16



the identity, authorizations and rules in SAS Viya is definetely a very exciting world. While for most of actions the GUI is OK, there are many cases where the CLI or Rest-API interfaces can help greatly. This is the area I am mostly exploring at this moment.


I have a question with Darrel, where @ShelleySessoms is helping me in communications with him.

In parallel, I saw a very related and interesting question open by @mimran and being answered by Super_FREQ @Madelyn_SAS with lots of information.


But I have a problem, after having a profile, successfully login in (with my user which has capabilities as SAS Administrator as well), I can do many operations, but the following command returns a list, but empty, only the headers

/opt/sas/viya/home/bin/sas-admin --output text authorization list-rules


Is it possible that the command won't return the rules that are set by default with a Viya installation? 

It would be great to see everything.


I feel very curious about your insights. specially Darrel's ( @ShelleySessoms ) and @Madelyn_SAS 's.


Thank you in advance!


Kind regards, 




SAS Employee



That command should list the authorization rules from /authorization/rules. What do you see if you open https://<SAS_VIYA_FQDN>/authorization/rules?

Community Manager

Darrell says, "I assume I’m doing the same things he is. I’m seeing all the rules when I run the CLI command as a SAS Administrator." He suggests contacting tech support. Since @alexal is on the thread, you're good there. Thanks!

Rhodochrosite | Level 12

Hi @JuanS_OCS,


When I was doing some work with the REST API, I was also seeing a filtered list of rules returned (dozens instead of hundreds), which appeared to be related to not opting in to the assumable group SASAdministrators. I just tried the CLI when logged in as an admin and it returned hundreds of rules. When logged in as a normal user it returned less than 50 rules. I don't see any CLI option to opt in/out of assumable groups so perhaps double check you are logged in as a member of SASAdministrators?




Amethyst | Level 16

Thank you, @ShelleySessoms@alexal and @PaulHomes !


@alexal, @PaulHomes,

From the RestAPI URI:

  • if I log in, with my user, without assuming SAS Administrator, I indeed get a fre rules.
  • if I log in, with my user, assuming SAS Administrator, I get more rules. Not sure if it is the full set. but at least larger quantity.


From the CLI:

  • When I log in, with my user, I have no option to assume SAS Administrator role.
  • The list of rules is completely empty.


@alexal, could you please check this? I checked by now 4 different installations of Viya 3.3, at customers are at my server, and all of them give same results.


@PaulHomes, agreed! A prompt or parameter in CLI to assume, or not, Custom Groups, at least SAS Administrator, would be great.

That one goes to the ballot right away.

SAS Employee



Here is what I see on my SAS Viya 3.3 server:



Amethyst | Level 16

THank you @alexal

Maybe there is a difference, on how my user is configured, or how I do log in, from what you do.


Could you please share your user set up and login process?

Amethyst | Level 16

Hi @alexal,


thank you. So I see I am doing nothing different than you, unless that loging with a created profile does make a difference.

Tried also without profile, and I am getting the same, on several Viya environments.



SAS Employee



I would like to review an output from a command shown below:


/opt/sas/viya/home/bin/sas-admin --verbose authorization list-rules

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 4 in conversation