cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
gjanuary
Calcite | Level 5 gjanuary
Calcite | Level 5
Go to Solution

SAS DI Studio 9.04 with SAS Studio Enterprise 3.6 Security question

Posted 08-22-2018 01:16 PM (851 views)

I currently have five separate databases that require completely different security. On the meta-data side of things I have security handled. My problem is with SAS Studio and its connection to my metadata server. Its not just applying the security I've setup in management console in metadata its also using security from the metadata physical server. The test user that I'm using had to be added to a security group on the physical windows server in order to even access the application. I guess I should add that the application is being accessed via browser. How is windows security overriding security from metadata. What does windows security have to do with access to SAS Studio Enterprise. I've already taken the steps in management console so that the users can't see the physical server drives in SAS Studio, but that wouldn't stop a savvy user from creating their own shortcut to a physical drive. Are we left with having to manage windows security as well as meta data security if we desire to have users using SAS Studio Enterprise. I must be missing something. If not any suggestions on windows server security groups and permissions.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
shayne
SAS Employee shayne
SAS Employee

Re: SAS DI Studio 9.04 with SAS Studio Enterprise 3.6 Security question

Posted 08-22-2018 05:03 PM (895 views)  |   In reply to gjanuary

SAS metadata is used for authorization but it's not used for authentication. It sounds like your site has configured host authentication which is why proper privileges must be assigned to users on the host operating system. 

 

SAS Studio requires that users have the correct permissions on the host operating system so that workspace server sessions (sas.exe) can be launched under each user's Windows ID. The host operating system privileges that users must have to use workspace server based clients like SAS Studio are covered in the SAS® 9.4 Intelligence Platform: Security Administration Guide under Fundamentals > User Administration > Windows Privileges. These privileges are required for any workspace server based client in a Windows environment using host authentication, including SAS Enterprise Guide and DI Studio. 

 

Usually administrators will create a Windows user group named something like "SAS Server Users", make sure the group has the necessary privileges, then add users to the group as needed.

 

 

You can also consider configuring an alternate authentication mechanism like Integrated Windows Authentication (IWA) or SAS Token Authentication.

View solution in original post

0 Likes
1 REPLY 1
shayne
SAS Employee shayne
SAS Employee

Re: SAS DI Studio 9.04 with SAS Studio Enterprise 3.6 Security question

Posted 08-22-2018 05:03 PM (896 views)  |   In reply to gjanuary

SAS metadata is used for authorization but it's not used for authentication. It sounds like your site has configured host authentication which is why proper privileges must be assigned to users on the host operating system. 

 

SAS Studio requires that users have the correct permissions on the host operating system so that workspace server sessions (sas.exe) can be launched under each user's Windows ID. The host operating system privileges that users must have to use workspace server based clients like SAS Studio are covered in the SAS® 9.4 Intelligence Platform: Security Administration Guide under Fundamentals > User Administration > Windows Privileges. These privileges are required for any workspace server based client in a Windows environment using host authentication, including SAS Enterprise Guide and DI Studio. 

 

Usually administrators will create a Windows user group named something like "SAS Server Users", make sure the group has the necessary privileges, then add users to the group as needed.

 

 

You can also consider configuring an alternate authentication mechanism like Integrated Windows Authentication (IWA) or SAS Token Authentication.

0 Likes

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • ‎08-22-2018 01:16 PM
  • 852 views
  • 0 likes
  • 2 in conversation