BookmarkSubscribeRSS Feed
Analyticguru_09
Fluorite | Level 6

Hi,

 

Our SAS Grid environment is configured with SASApp & SASEM logical Workspace server context.

How do I prevent the e-guide users from selecting the "SASEM Logical Workspace server" context in the eguide?  What kind of  Grid option set changes do I need to implement in the SMC? 

Also I would like to prevent the e-miner users from selecting the "SASAPP Logical Workspace server" context too. Please let us know the settings

 

Thnx

4 REPLIES 4
JuanS_OCS
Amethyst | Level 16

Hello @Analyticguru_09,

 

with metadata groups and authorizations, by setting explicit denials.

 

1. Create SAS groups and split your users

Say, you create the metadata groups "SAS Access to SASApp Group" and "SAS Access to SASEM Group"  and you include your users on those groups.

Question: is there any user that access SAS EG and SAS miner? Very important concern

 

2. Create ACTs

Then you can create the ACTs: "SAS Access to SASApp ACT" and "SAS Access to SASEM ACT"

 

3. Add the groups that you will deny permissions to the ACTs

  • For the "SAS Access to SASApp ACT", you include the "SAS Access to SASEM ACT" and set Deny for Read Metadata.
  • For the "SAS Access to SASEM ACT", you include the "SAS Access to SASEM App" and set Deny for Read Metadata.

 

4.Attach the ACTs to your SAS Application Servers.

Then, the last step is to add those Access Control Templates intro the metadata of the SASApp and SASEM.

  • Into SASApp: attach "SAS Access to SASApp ACT"
  • Into SASEM: attach "SAS Access to SASEM ACT"

 

So, this should answer your question, related to the SAS application servers access/visibility, from the metadata point of view.

AndrewHowell
Moderator

Hi,

 

Which solution you use depends on how & where you want to manage this configuration in your environment.

 

[Note: I don't have a SAS Grid Server environment on hand at the moment, so the suggestion below is memory-based, and may require adjusting..]

 

Juan's solution is a simple & excellent way to achieve your desired result using metadata security settings rather than Grid Options Sets, particularly if the EG & EM users are in mutually exclusive metadata groups. However, if a user has a valid reason to be both an EM user and an EG user, they would belong to both groups, and as such both Application Server contexts would be available to both clients. I have yet to come up with a way to overcome this using security settings, and it's one reason why I'm a fan of Grid Options sets.

 

If you do wish to manage this with Grid Options Sets (assuming both share the one SAS Application Context, create 2 queues (using SAS RTM) - one default (used by EM), the other designed to use EG. Set one as the default queue in the Logical Grid Server, and set up an alternate Grid Options Sets for users of the EG client.

 

I hope that helps.

Analyticguru_09
Fluorite | Level 6

Thanks Juan & Andrew.

 

Andrew,

 

As we have users who uses both Eguide & Eminer, I would like to go the SAS Grid options way.

 

Could you explain it little more clearly

"f you do wish to manage this with Grid Options Sets (assuming both share the one SAS Application Context, create 2 queues (using SAS RTM) - one default (used by EM), the other designed to use EG. Set one as the default queue in the Logical Grid Server, and set up an alternate Grid Options Sets for users of the EG client."

 

What do you mean by "assuming both share the one SAS App Context."?

 

JuanS_OCS
Amethyst | Level 16

Agreed, the SAS Grid options sets, and to use the full stack of options from LSF is the best option, indeed.

 

While my option requires to have good knowledge of SAS Metadata authorizations (and still applies when users can use SAS EG and EM, just by adding a 3rd group and tuning a bit the previous 2 permissions), the SAS Grid options can help very much, just by managing properly the resouces and options lists.

 

@Analyticguru_09, did you had the chance to read @AndrewHowell paper from last year? https://communities.sas.com/t5/SAS-Communities-Library/Easier-Platform-Administration-using-SAS-9-4-...

 

 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 1717 views
  • 6 likes
  • 3 in conversation