Hello @Analyticguru_09,

with metadata groups and authorizations, by setting explicit denials.

1. Create SAS groups and split your users

Say, you create the metadata groups "SAS Access to SASApp Group" and "SAS Access to SASEM Group"  and you include your users on those groups.

Question: is there any user that access SAS EG and SAS miner? Very important concern

2. Create ACTs

Then you can create the ACTs: "SAS Access to SASApp ACT" and "SAS Access to SASEM ACT"

3. Add the groups that you will deny permissions to the ACTs

• For the "SAS Access to SASApp ACT", you include the "SAS Access to SASEM ACT" and set Deny for Read Metadata.
• For the "SAS Access to SASEM ACT", you include the "SAS Access to SASEM App" and set Deny for Read Metadata.

4.Attach the ACTs to your SAS Application Servers.

Then, the last step is to add those Access Control Templates intro the metadata of the SASApp and SASEM.

• Into SASApp: attach "SAS Access to SASApp ACT"
• Into SASEM: attach "SAS Access to SASEM ACT"

So, this should answer your question, related to the SAS application servers access/visibility, from the metadata point of view.

Hi,

Which solution you use depends on how & where you want to manage this configuration in your environment.

[Note: I don't have a SAS Grid Server environment on hand at the moment, so the suggestion below is memory-based, and may require adjusting..]

Juan's solution is a simple & excellent way to achieve your desired result using metadata security settings rather than Grid Options Sets, particularly if the EG & EM users are in mutually exclusive metadata groups. However, if a user has a valid reason to be both an EM user and an EG user, they would belong to both groups, and as such both Application Server contexts would be available to both clients. I have yet to come up with a way to overcome this using security settings, and it's one reason why I'm a fan of Grid Options sets.

If you do wish to manage this with Grid Options Sets (assuming both share the one SAS Application Context, create 2 queues (using SAS RTM) - one default (used by EM), the other designed to use EG. Set one as the default queue in the Logical Grid Server, and set up an alternate Grid Options Sets for users of the EG client.

I hope that helps.

Thanks Juan & Andrew.

Andrew,

As we have users who uses both Eguide & Eminer, I would like to go the SAS Grid options way.

Could you explain it little more clearly

"f you do wish to manage this with Grid Options Sets (assuming both share the one SAS Application Context, create 2 queues (using SAS RTM) - one default (used by EM), the other designed to use EG. Set one as the default queue in the Logical Grid Server, and set up an alternate Grid Options Sets for users of the EG client."

What do you mean by "assuming both share the one SAS App Context."?

Agreed, the SAS Grid options sets, and to use the full stack of options from LSF is the best option, indeed.

While my option requires to have good knowledge of SAS Metadata authorizations (and still applies when users can use SAS EG and EM, just by adding a 3rd group and tuning a bit the previous 2 permissions), the SAS Grid options can help very much, just by managing properly the resouces and options lists.

@Analyticguru_09, did you had the chance to read @AndrewHowell paper from last year? https://communities.sas.com/t5/SAS-Communities-Library/Easier-Platform-Administration-using-SAS-9-4-...