cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
woo
Lapis Lazuli | Level 10 woo
Lapis Lazuli | Level 10
Go to Solution

user cannot access the cube

Posted 12-19-2017 12:31 PM (1889 views)

[have this question under SAS EG section but think of posting here]

 

hello,

we have a situation where one user can update cube and other user cannot even after having same access for the cube.

we have a sas olap cube, cube1, which is own by user1. user1 and user2 part of group1.

 

drwxr-xr-x 3 user1 group1 cube1

 

from sas side,

 

we have a group called developers where both user1 and user2 part of it. Cube1 has full explicit access (for RM/WM/R) for developers.

Now, only user1 can update the cube and not user2. is it because it is owned by user1 and not user2? I do not have much idea about cubes. anything needs to check?

 

when user2 try to update the cube using, get below error (background code start with PROC OLAP CUBE=),

 

NOTE: The cube registration was found.

ERROR: User does not have privileges for the attempted operation.  File =/.../cube1/genmeta.  System Error Code = 13.

ERROR: Insufficient authorization to access /.../cube1/genmeta.

ERROR: An error occurred when accessing the cube GENMETA file.

ERROR: The physical cube cannot be deleted.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
Kurt_Bremser
Super User Kurt_Bremser
Super User

Re: user cannot access the cube

Posted 12-20-2017 02:19 AM (1958 views)  |   In reply to woo

Yes, your problem comes from the fact that your cube was crearted by user1 and has write permission set only for the owner:

d rwx r-x r-x

d denotes that the file in question is a directory

the first triplet after that is the owner's permission (user1), who can read, write and execute (execute on a directory means that you can cd to it)

the second triplet is for the group (group1), and the third for all others.

 

If group1 is your developer group, you can try if it is sufficient to set write permission for the group on the directory; if you use a sequence of proc olap delete physical and proc olap, this might be enough. For direct updates, you should try to run

chmod -R g+w dir

where dir is the root directory of your cube. This will change the permission recursively on the whole tree.

Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
The macro for direct download as ZIP
How to post code
Please vote for Provide Sequential Search Capability for Hash Objects
How to deal with locked files on UNIX

View solution in original post

7 REPLIES 7
ShelleySessoms
Community Manager ShelleySessoms
Community Manager

Re: user cannot access the cube

Posted 12-19-2017 12:46 PM (1880 views)  |   In reply to woo

I have deleted the duplicate post in the EG community, so all communication will be centralized in this community.

It's time to register for SAS Innovate! Join your SAS user peers in Las Vegas on April 16-19 2024.
0 Likes
woo
Lapis Lazuli | Level 10 woo
Lapis Lazuli | Level 10

Re: user cannot access the cube

Posted 12-19-2017 12:48 PM (1875 views)  |   In reply to ShelleySessoms

Thanks Shelley,

0 Likes
Kurt_Bremser
Super User Kurt_Bremser
Super User

Re: user cannot access the cube

Posted 12-20-2017 02:19 AM (1959 views)  |   In reply to woo

Yes, your problem comes from the fact that your cube was crearted by user1 and has write permission set only for the owner:

d rwx r-x r-x

d denotes that the file in question is a directory

the first triplet after that is the owner's permission (user1), who can read, write and execute (execute on a directory means that you can cd to it)

the second triplet is for the group (group1), and the third for all others.

 

If group1 is your developer group, you can try if it is sufficient to set write permission for the group on the directory; if you use a sequence of proc olap delete physical and proc olap, this might be enough. For direct updates, you should try to run

chmod -R g+w dir

where dir is the root directory of your cube. This will change the permission recursively on the whole tree.

Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
The macro for direct download as ZIP
How to post code
Please vote for Provide Sequential Search Capability for Hash Objects
How to deal with locked files on UNIX
JuanS_OCS
Amethyst | Level 16 JuanS_OCS
Amethyst | Level 16

Re: user cannot access the cube

Posted 12-20-2017 03:03 AM (1823 views)  |   In reply to woo

As @Kurt_Bremser said :D. 

 

Only one more thing to add, just add: towards a final solution, you would perhaps try to set umask settings on your OLAP workspace server session

 

http://support.sas.com/kb/38/040.html

http://support.sas.com/documentation/cdl/en/mdlmgrag/67039/HTML/default/viewer.htm#n1gwhjs4v8dgy9n1s...

 

That way, you could prevent this from happening in the future.

Kurt_Bremser
Super User Kurt_Bremser
Super User

Re: user cannot access the cube

Posted 12-20-2017 03:47 AM (1815 views)  |   In reply to woo

One thing to make your work easier:

Consider creating a generic user who "owns" all your production cubes. After testing, developers should copy their cube structure to that user, and all create/update actions should be done by that user in batch. When someone needs to update the cube, they just su to the generic user and run the update. You can set that up via sudo, so that only a certain group of people is allowed to do that (without even entering a password).

 

This is basically the process we have for all our production work. If I need to run a production job "manually" (outside of the scheduler), I su to the userid that is used by the Control-M scheduler and run the batch job from the commandline. That way I also get all the goodies (error checking, log, protocol) that are built into the (custom) sasbatch.sh.

Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
The macro for direct download as ZIP
How to post code
Please vote for Provide Sequential Search Capability for Hash Objects
How to deal with locked files on UNIX
woo
Lapis Lazuli | Level 10 woo
Lapis Lazuli | Level 10

Re: user cannot access the cube

Posted 12-20-2017 08:26 PM (1788 views)  |   In reply to Kurt_Bremser

Thanks KurtBremser and JuanS for your thoughts and ideas.


I tried providing write access (775) to group at dir level where cubes are located and also write access for group for "gendata" (...cube1/gendata) where user is getting error but still user is having same authorization error. Also, at cube level from SAS MC, I provided explicit permission for RM/WM/R for group of people where both users are part of it. - not sure why its still a problem,,, 

 

 

0 Likes

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Watch CLI in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • ‎12-19-2017 12:31 PM
  • 1890 views
  • 4 likes
  • 4 in conversation