cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
shirishkamath
Obsidian | Level 7 shirishkamath
Obsidian | Level 7

SAS Studio security setup

Posted 08-02-2018 03:29 PM (1681 views)

Hi All,

 

We are currently running SAS 9.4 M5 (For Linux) and SAS Studio 3.71. We also have users who use batch sas and SAS interactive. We use grid with x nodes and the integration of SAS infra with grid is through LSF 9. Assuming a user logs into SAS Studio , he/she would be routed to one of the x grid nodes and the root directory (along with sub-dirs) are made available in the left palette of SAS Studio. Our current security setup is such that any user who would like to access SAS Studio application, has to -

1) His/ her unix ID needs to have access to SAS servers as well as the x Grid nodes

2) needs to be part of SAS Metadata (PAM auth verification)

 

Now whenever the user logs into SAS Studio, we see 2 processes spawned under his/ her ID. Now we would like to configure te security in such a way that these jobs should not be spawned under the user's ID, rather there should be a common service account. So irrespective of whoever logs into SAS Studio (after the system authenticates him/ her), all processes should be owned by a service account.

 

How do we go about this? Any thoughts? 

0 Likes
Reply
4 REPLIES 4
PaulHomes
Rhodochrosite | Level 12 PaulHomes
Rhodochrosite | Level 12

Re: SAS Studio security setup

Posted 08-02-2018 07:10 PM (1664 views)  |   In reply to shirishkamath

To launch SAS Workspace Servers using a service account instead of the requesting user account you can configure it for SAS Token Authentication - see SAS Token Authentication and How to Configure SAS Token Authentication in the SAS 9.4 Intelligence Platform: Administration Security Administration Guide.


Reply
shirishkamath
Obsidian | Level 7 shirishkamath
Obsidian | Level 7

Re: SAS Studio security setup

Posted 08-03-2018 09:38 AM (1643 views)  |   In reply to PaulHomes
Thanks Paul. I'll read the artifact you shared! 🙂
0 Likes
Reply
shayne
SAS Employee shayne
SAS Employee

Re: SAS Studio security setup

Posted 08-03-2018 11:49 AM (1622 views)  |   In reply to shirishkamath

As @Kurt_Bremser correctly mentions in his reply, the limitation of configuring SAS Token Authentication is that you lose granularity of host access on the workspace servers. You'll need to be very aware of the privileges assigned to the service account on the host operating system - if it's configured to have generous privileges, than any user's workspace server session will also have that generous access to the host OS (although you can apply some access restrictions via SAS metadata). 

 

I'm interested in understanding the business value / reason behind the type of configuration you are asking about. Can you give us more info about why this configuration is desired at your site?

0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎08-02-2018 03:29 PM
  • 1682 views
  • 2 likes
  • 4 in conversation