I am stuck and need a magic wand today.
We are working with highly restricted data, for which we had to set up a seperate ringfenced work area, storage etc.
I was advised by SAS Tech Support to create a new custom Workspace Server for them, and then set up separate Metadata User profiles.
Separate Workspace Server
Separate Windows dataset folder located on separate file server
Separate Windows AD User Groups x 2 (LibraAdmins + LibraUsers)
Separate /SASWork folder defined in config file
Restrict access to all other SAS Users / SAS Groups in Metadata to this location and allow only the 2 Groups listed above access to the new Workspace Server SASAppLibra.
I have now set up SASAppLibra.
How do I proceed from here to grant access to the 2 User Groups to this SASApp, and restrict all other Groups from seeing / accessing SASAppLibra?
Is there some documentation available anywhere on this?
I'd spend some time on setting up your access using ACTs. Have a read through the SAS documentation to understand how this can be achieved http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#about.htm
You may also like to read @CecilyHoffritz's 2011 SAS Global Forum paper, Best Practice Implementation of SAS® Metadata Security at Customer Sites in Denmark: http://support.sas.com/resources/papers/proceedings11/376-2011.pdf
Furthermore @angieh presented at SAS Global Forum last week a paper that you may find helpful, Getting Started with Designing and Implementing a SAS 9.4 Metadata and File System Security Design: https://communities.sas.com/t5/SAS-Global-Forum-2017/If-you-are-interested-in-SAS-Metadata-Security-...
Deny broadly, grant selectively... as suggested at http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#p12rsiojalls90n17o...
View solution in original post
Yes - it seems ACT's will be the solution here, and I agree with the policy of Deny broadly and grant selectively.
Thanks for your help.
My pleasure. Please mark the question as solved so that it may help others in future too.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.
Find more tutorials on the SAS Users YouTube channel.