BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
AllanBowe
Barite | Level 11

The following endpoint returns a list of available contexts:  `GET /compute/contexts`

 

However, not all of them can actually be used by the end user, as noted:

Only users who are allowed to use the context can create a session. This is governed by the authentication rules that are defined when the context is created.

 

Is there any way (other than spawning a session on each context) to identify which compute contexts are available to a particular user / client?

/Allan
MacroCore library for app developers
Data Workflows, Data Contracts, Data Lineage, Drag & drop excel EUCs to SAS 9 & Viya - Data Controller
DevOps and AppDev on SAS 9 / Viya / Base SAS - SASjs
1 ACCEPTED SOLUTION

Accepted Solutions
joeFurbee
Community Manager

Hi @AllanBowe,

I got the following response from a developer:

Each context has a “rules” link that an admin can use to get the authorization rules that apply to POST /compute/contexts/{contextId}/sessions requests. The response you get from executing the “rules” link would show the rules added by the compute service when it created the context to govern who can use it to create a session. The rules would show the users and groups allowed to create sessions with the context, or if all authenticated users are allowed to create sessions with the context (or even if guests are allowed to). If you don’t get back any rules, then only admins can create sessions with the context.

 

This method is not fool-proof. It is always possible for a site to add a rule that the compute service knows nothing about that would influence authorization on POST /compute/contexts/{contextId}/sessions requests. For example, a site could add a rule denying certain users or groups access to POST /compute/contexts/*/sessions, and that rule would take precedence over any rules added by the compute service. The only way to take that kind of thing into account is to ask the authorization service for an explanation: https://gitlab.sas.com/petrichor/authorization#authorization-explanations.

 

I hope this helps.

 

Thanks,

Joe


Join us for SAS Community Trivia

SAS-Bowl-LII-SAS-Viya-SDK-for-JavaScript
Wednesday, June 18, 2025 at 10 am.

View solution in original post

1 REPLY 1
joeFurbee
Community Manager

Hi @AllanBowe,

I got the following response from a developer:

Each context has a “rules” link that an admin can use to get the authorization rules that apply to POST /compute/contexts/{contextId}/sessions requests. The response you get from executing the “rules” link would show the rules added by the compute service when it created the context to govern who can use it to create a session. The rules would show the users and groups allowed to create sessions with the context, or if all authenticated users are allowed to create sessions with the context (or even if guests are allowed to). If you don’t get back any rules, then only admins can create sessions with the context.

 

This method is not fool-proof. It is always possible for a site to add a rule that the compute service knows nothing about that would influence authorization on POST /compute/contexts/{contextId}/sessions requests. For example, a site could add a rule denying certain users or groups access to POST /compute/contexts/*/sessions, and that rule would take precedence over any rules added by the compute service. The only way to take that kind of thing into account is to ask the authorization service for an explanation: https://gitlab.sas.com/petrichor/authorization#authorization-explanations.

 

I hope this helps.

 

Thanks,

Joe


Join us for SAS Community Trivia

SAS-Bowl-LII-SAS-Viya-SDK-for-JavaScript
Wednesday, June 18, 2025 at 10 am.

hackathon24-white-horiz.png

The 2025 SAS Hackathon Kicks Off on June 11!

Watch the live Hackathon Kickoff to get all the essential information about the SAS Hackathon—including how to join, how to participate, and expert tips for success.

YouTube LinkedIn

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 1 reply
  • 1355 views
  • 1 like
  • 2 in conversation