BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Alok_Pal
Quartz | Level 8

Hi There,

 

I recently got a request from higher authorities to prepare a report on what SAS products are accessible/ available to sas users in a given environment. I did some research on this but didn't find much help. I want a report something like this,

UserName          SAS Products

user_xyz              SAS Visual Analytics

                            SAS Enterprise Guide

                            SAS Data Integration Studio

user_123             SAS Report Viewer

user_abc             SAS Business Data Network

                            SAS DataFlux Data Management Studio

 

I know there are reports available that lists out the users roles and groups but I didn't find anything close to this one.

Any help would be greatly appreciated.

 

Thank you. 

1 ACCEPTED SOLUTION

Accepted Solutions
MichelleHomes
Meteorite | Level 14

Thanks @JuanS_OCS for the mention. 

 

@Alok_Pal, if you’d like to try out the Metacoda software to see if it meets your needs we offer a 30 day free evaluation. Please register at https://www.metacoda.com/en/evaluation/

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com

View solution in original post

10 REPLIES 10
nhvdwalt
Barite | Level 11

One quick one I can think about....

 

If you look at the Metadata server log, it will show you user x connected from IP 1.2.3.4 using application SAS Enterprise Guide, for example. You can start forming a picture from extracting those entries out of the log.

nhvdwalt
Barite | Level 11

Just bear in mind, there are two dimensions here:

 

1.) What software users have ACCESS to

2.) What software users actually USE

 

Your question seems to point to 1.), just make sure which question you're trying to answer since the answers are quite different.

 

'higher authorities' normally wants to know about 2.) since they want to chop on licencing costs. Techies normally want to know about 1.) since they want to give their users the best possible experience.

Alok_Pal
Quartz | Level 8
Yes, I understand that and I am actually looking to answer 1.) here. Because we are actually interested what products users can access regardless what they are actively using.
And, by looking at metadata logs, it would only tell us what they are currently using and not what they are capable of accessing.
SASKiwi
PROC Star

I would start by looking at what SAS products you have licensed versus those that are installed. The SETINIT and PRODUCT_STATUS procedures can provide this info. Users can only use products that are both licensed and installed.

Alok_Pal
Quartz | Level 8
Right, but in our system we have some products like Data Flux and BDN that not every one has access to.
AndyForeman
SAS Employee
Take a look at this Admin tip blog post, it looks close to what you're hoping to get: https://blogs.sas.com/content/sgf/2016/01/13/sas-administrators-tip-keeping-track-of-sas-users/

While this will show the groups that a user belongs to, not the products they can access, you can probably correlate your groups to your products relatively easily.
nhvdwalt
Barite | Level 11

Also have a look at your licensing agreement with SAS. Regardless of what the user physically have access to, there might be products and features that you are not aware of or have special conditions. Sometimes there are licensing restrictions where product X may only be used in a certain context/use case, although the product can do more technically. Engage with you SAS Account Executive on this.

JuanS_OCS
Amethyst | Level 16

Hello @Alok_Pal,

 

what you need is a list of memberships for all your metadata-defined Roles/Capabilities. I can imagine 3 ways to get this information. Let me list them from the most complex/manual to the easiest and automatic.

 

  1. You can go manually role by role in SMC, and get the memberships (users and groups) on each role. Then, perhaps this information is enough, or you may need to go to the lowest details, list of users http://support.sas.com/kb/30/682.html 
  2. You may use the SAS® 9.4 Language Interfaces to Metadata ( http://documentation.sas.com/?docsetId=lrmeta&docsetTarget=titlepage.htm&docsetVersion=9.4&locale=en ) and use your coding skills to go trough your metadata tree and get the roles, and on every role, get the memberships .
  3. Since I am a "lazy" administrator, and I do not have great skills with the Language Interface to Metadata, I need an automated way and zero-manual-error solution. For this purpose, the Metacoda tools https://www.metacoda.com/en/products/security-plug-ins/ provided by @PaulHomes and @MichelleHomes is my best friend. This tools will give you a full report of roles and their memberships (and many other things you might love). This tool can also do it the other way around: it liststhe users and show the roles and capabilities a user have.

Hope it helps.

 

Kind regards,

Juan

MichelleHomes
Meteorite | Level 14

Thanks @JuanS_OCS for the mention. 

 

@Alok_Pal, if you’d like to try out the Metacoda software to see if it meets your needs we offer a 30 day free evaluation. Please register at https://www.metacoda.com/en/evaluation/

 

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
ronan
Lapis Lazuli | Level 10

I agree with @JuanS_OCS , Metacoda SMC plug-in for Roles & capabilities is a must-have tool.

 

As pointed out by @nhvdwalt above, defining the scope of access to SAS software, to any software more generally is sometimes tricky because

there is not a single definition that applies, from broad to narrower :

 

1. "Local Installation" [in the case of desktop tools] the software is installed locally on the users PC and ready to be used 

 

=> Check with your Desktop Admin team to retrieve the list of installations

 

2. "Authorization" : the user is authorized by the SAS Administrator to run the SAS client

 

=> Use Metacoda SMC Plug-In mentioned by @JuanS_OCS

 

3. "Effective Usage" : the user has already used at least once the SAS client

 

=> Use SAS platform Audit reports and maybe soon, some Metacoda extended features 😉

 

The three scopes are never identical, at least in the real world I know 🙂

 

In terms of contract between the user's company and SAS, as far as I know, the 1st definition applies.

Then internally, the company/service might have set up deployment quotas  to further restrict the access. Eventually,

some security rule at the Directory level (AD) might also apply : an unused account is automatically revoked for instance if no access has been performed during a certain amont of time etc.

 

 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 10 replies
  • 2383 views
  • 15 likes
  • 7 in conversation