BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Hussain
Calcite | Level 5

I have just started with SAS and am going thru the Step-by-Step guide.

 

Can a SAS program/macro; i.e. the code that I save in a .SAS file be published for anonymour users? That is to say, can a public user browse to my server and view the results of the program without logging in to SAS? I know that I can run the program myself, save the result to HTML file and then publish that file, but that's not what I want done. I am trying to publish the program so that it runs with live data every time a user accesses it.

1 ACCEPTED SOLUTION

Accepted Solutions
PaulHomes
Rhodochrosite | Level 12

If you have SAS Web Report Studio then you most likely have the SAS Stored Process Web Application too. You can look at converting your .sas program to a SAS Stored Process - have a read of the SAS 9.4 Stored Processes: Developer's Guide at https://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#titlepage.htm

 

Assuming that your license from SAS allows it (best to talk to your SAS account manager to find out), the SAS Stored Process Web Application can be configured to allow anonymous access to stored processes. Read the Authentication in the SAS Stored Process Web Application section at http://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#n0ax7wadghvldwn1bbar...

 

If you are configuring anonymous access you will want to take even more care that you have an appropriately secured SAS installation and be very familiar with the content of the SAS 9.4 Intelligence Platform: Security Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm

 

You will also want to consider the topology of your SAS installation with respect to security too. The SAS 9.4 Intelligence Platform: Middle-Tier Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm is another resource for you to read. Have a look at the Sample Middle-Tier Deployment Scenarios section at https://support.sas.com/documentation/cdl/en/bimtag/68217/HTML/default/viewer.htm#p0xqadgjuegzsnn173... and review your own installation. The Scenario 2: Web Applications Deployed across a Web Application Server Cluster shows you a setup that includes SAS components deployed in an environment with a DMZ and domain/protocol firewalls.

You didn't mention whether your anonymous users were internal within the organization or external/public internet users. If it is the latter you will want to be even more diligent with your security setup. If this is not something you are familiar with I would strongly recommend you consult with your local SAS Professional Services or a local SAS Partner and of course involve your internal security team in the design and deployment plans. I hope it goes without saying that an internet-facing anonymously-executable SAS stored process would have to be carefully reviewed for its exploitability (such as code injection) and the programmers within the organization would have to have this top of mind whilst developing and maintaining it. After consulting with available local SAS experts, and describing the business problem to be solved, they may be able to offer alternative solutions with lower risk.

View solution in original post

7 REPLIES 7
RW9
Diamond | Level 26 RW9
Diamond | Level 26

Thats a tad advanced for someone just starting out.  You would need a server, server SAS, then some setup to ensure validated people only can acces the web page, then SAS code would be stored on the server, it runs and sends results back as a web page.  Once you do need ot get to that, browse the SAS products as there are specific things for such requests, SAS Web report Studio is one.

Reeza
Super User
You need infrastructure to support this type of activity, not to mention the correct license. For example, there's definitely no mechanism to allow the general public to do that. For internal users though, it's possible, but since set ups vary its best to talk to people in your company to determine how you should publish a program.
Hussain
Calcite | Level 5

I do have a SAS Server available along with SAS Web Report. It is an installation for a client. They bought it without any training (long story) and I got volunteered to bootstrap myself into how to set it up for them. The client has a number of staticians on their staff who would/should be able to take over once the basic setup has been done for them.

 

Your point on licensing: Only authenticated users can view reports? I came across references that mention allowing anonymous users. Wasn't clear on the specifics. The idea here is to embed SAS report results as pages or framesets within their website.

Reeza
Super User
Bootstrapping several different technologies is going to be fun. Since it's a client, I would wonder why you would take a contract where you don't have the skill set to deliver? Take the SAS training courses - via the web or read some papers at Lexjansen.com on how to get started.

Hussain
Calcite | Level 5

My boss took on this contract. Ours is not to reason why...

PaulHomes
Rhodochrosite | Level 12

If you have SAS Web Report Studio then you most likely have the SAS Stored Process Web Application too. You can look at converting your .sas program to a SAS Stored Process - have a read of the SAS 9.4 Stored Processes: Developer's Guide at https://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#titlepage.htm

 

Assuming that your license from SAS allows it (best to talk to your SAS account manager to find out), the SAS Stored Process Web Application can be configured to allow anonymous access to stored processes. Read the Authentication in the SAS Stored Process Web Application section at http://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#n0ax7wadghvldwn1bbar...

 

If you are configuring anonymous access you will want to take even more care that you have an appropriately secured SAS installation and be very familiar with the content of the SAS 9.4 Intelligence Platform: Security Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm

 

You will also want to consider the topology of your SAS installation with respect to security too. The SAS 9.4 Intelligence Platform: Middle-Tier Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm is another resource for you to read. Have a look at the Sample Middle-Tier Deployment Scenarios section at https://support.sas.com/documentation/cdl/en/bimtag/68217/HTML/default/viewer.htm#p0xqadgjuegzsnn173... and review your own installation. The Scenario 2: Web Applications Deployed across a Web Application Server Cluster shows you a setup that includes SAS components deployed in an environment with a DMZ and domain/protocol firewalls.

You didn't mention whether your anonymous users were internal within the organization or external/public internet users. If it is the latter you will want to be even more diligent with your security setup. If this is not something you are familiar with I would strongly recommend you consult with your local SAS Professional Services or a local SAS Partner and of course involve your internal security team in the design and deployment plans. I hope it goes without saying that an internet-facing anonymously-executable SAS stored process would have to be carefully reviewed for its exploitability (such as code injection) and the programmers within the organization would have to have this top of mind whilst developing and maintaining it. After consulting with available local SAS experts, and describing the business problem to be solved, they may be able to offer alternative solutions with lower risk.

Hussain
Calcite | Level 5

Paul

 

Thank you for a detailed reply. I should be able to manage given the references that you have provided.

 

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 7 replies
  • 1326 views
  • 1 like
  • 4 in conversation