I have two database servers that developers will access, for each database I have defined a separate authentication domain. As the servers are related they have the same username but different passwords. I can define the username 'developer' to the first authentication domain and everything works properly. The problem come in when I try to add the same user 'developer' to the second authentication domain with a separate password. I get an error that the userid is already being user by another user or group.
Does anyone know a way around this? This shouldn't be _ problem as the authentication domains are different.
The problem I am having is assigning the user name to another group. I did test Haikuo solution by putting the same user in a single group and it works properly. The problem is that users who have access in the first authentication domain shouldn't have access in the second authentication domain.
I must have hit the different spot. I have users just like the one you have, eg. need to access multiple different database with the same login ID. It worked fine for me. The posted example is showing an user(me) to have access to 3 database, 2 Oracle, 1 SQL server, using the same user ID.
Haikuo
I agree with Haikuo. I don't have access to the metadata server environment any more, but I did the same thing that she shows with no problem. I don't really know what to suggest, if nobody has any ideas that help you out throw it over the wall to Tech. Support. I suspect you're doing something that you're not describing that is causing the problem.
Tom
The problem I am having is assigning the user name to another group. I did test Haikuo solution by putting the same user in a single group and it works properly. The problem is that users who have access in the first authentication domain shouldn't have access in the second authentication domain.
Have you tried leaving the Authentification Domain as default (DefaultAuth) and adding the domain on the front of the userid (DOMAIN1\user1, DOMAIN2\user1) in SMC? We always define our userids this way so they only authenticate in the one domain.
Hi Bream_bn,
Were you able to get it working the way you wanted it. I am in the same situation and want to add same user to a different group with a different authentication Domain. Adding same user to the same group with different authentication domain is not an option at least no tan easy one.
Hi,
As of 9.4M2 an authentication domain can be labeled as Outbound Only. That would lift the uniqueness constraint.
From the docs (SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition😞
Beginning in the second maintenance release for SAS 9.4 is support for outbound and trusted authentication domains. A login in an outbound domain is used only to provide SAS applications with seamless access to external resources, such as a third-party vendor database. These logins are not part of the SAS identity phase, which attempts to determine the current metadata user by matching their authenticated user ID to the user ID stored in a login. Therefore, for outbound domain logins, the uniqueness requirement on the user ID is not enforced.
Regards Jan
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.