cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
pavelr
Obsidian | Level 7 pavelr
Obsidian | Level 7

Warning icon near principal when adding an access control for a caslib using accessControl action

Posted 12-24-2020 11:07 AM (1120 views)

When I add a Custom Group access control for a caslib using code I get a warning icon near that Custom Group in the "View Authorization" window (Environment Manager-Users-Data Sources-CASLIB-View Authorization) for that caslib. The Custom group exists. Why am I getting this warning (Alert) icon (a triangle with an !) ? The code looks like this:

proc cas;
accessControl.updSomeAcsCaslib /
acs={
{caslib="MYCASLIB",
identityType="group",
identity="My Custom Group",
permType="Grant",
permission="READINFO"}};
run;

quit;

0 Likes
Reply
9 REPLIES 9
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 12-24-2020 02:39 PM (1084 views)  |   In reply to pavelr
Is the custom group's ID also "My Custom Group" or just the name? You can check the ID by selecting the group in Environment Manager, or you can visit the /identities/groups?providerId=local REST endpoint for a list of custom groups and their IDs.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
pavelr
Obsidian | Level 7 pavelr
Obsidian | Level 7

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 12-28-2020 03:11 AM (964 views)  |   In reply to gwootton

It's both the name and the ID. 

And the users of this custom group cannot access a caslib though access rules are there - only with this triangle alert. If I create the same rule manually - it works. What's wrong with creating these rules using accessControl action?

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 01-04-2021 09:19 AM (395 views)  |   In reply to pavelr

The warning icon indicates the defined identity is not found. While Environment Manager will only let you select from a list, the code lets you specify any string so the discrepancy is likely with the group name you are providing.

 

The permission isn't working for the same reason, the rule is defined for a non-existent identity.

 

You may wish to use the sas-admin cli to check the name and ID of the group:

sas-admin identities list-groups
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 01-04-2021 10:00 AM (379 views)  |   In reply to pavelr
You may wish to copy and paste the name from the sas-admin output or Environment Manager, it could be there are extra white space characters in your code or the group name causing the failure.
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply
pavelr
Obsidian | Level 7 pavelr
Obsidian | Level 7

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 01-12-2021 08:28 AM (362 views)  |   In reply to gwootton

No there are no extra white space characters in the code. I literally copied the Custom Group ID from the Environment Manager and pasted it in the code. And got the same alert.

 

But it looks like the problem was found. When the group ID has white spaces, I get the alert. When group ID does not have white spaces - no alerts. But why is this? On the other Viya server there is no such problem with white spaces in a Custom Group  ID - no alerts. So, maybe there is some option in Viya that allows or disallows to use IDs with white spaces?

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 01-12-2021 08:54 AM (354 views)  |   In reply to pavelr
I'm not aware of such an option. If you see this issue in one environment and not another, it sounds like this may be an issue that was corrected in an update.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
pavelr
Obsidian | Level 7 pavelr
Obsidian | Level 7

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 01-12-2021 09:08 AM (351 views)  |   In reply to gwootton

If fact, I've just tested assigning caslib rules manually by: Edit Authorization - Add Identities. I select groups with white spaces in their IDs from the list (!) and it shows this alert - "The principal was not found".

 

We do not have this issue in other environment which is older than the problematic environment.

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Warning icon near principal when adding an access control for a caslib using accessControl actio

Posted 01-12-2021 09:14 AM (347 views)  |   In reply to pavelr
I would recommend opening a technical support track then.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Watch CLI in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • ‎12-24-2020 11:07 AM
  • 1121 views
  • 1 like
  • 2 in conversation