BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
AllanBowe
Barite | Level 11

The following endpoint returns a list of available contexts:  `GET /compute/contexts`

 

However, not all of them can actually be used by the end user, as noted:

Only users who are allowed to use the context can create a session. This is governed by the authentication rules that are defined when the context is created.

 

Is there any way (other than spawning a session on each context) to identify which compute contexts are available to a particular user / client?

/Allan
SAS Challenges - SASensei
MacroCore library for app developers
SAS networking events (BeLux, Germany, UK&I)

Data Workflows, Data Contracts, Data Lineage, Drag & drop excel EUCs to SAS 9 & Viya - Data Controller
DevOps and AppDev on SAS 9 / Viya / Base SAS - SASjs
1 ACCEPTED SOLUTION

Accepted Solutions
joeFurbee
Community Manager

Hi @AllanBowe,

I got the following response from a developer:

Each context has a “rules” link that an admin can use to get the authorization rules that apply to POST /compute/contexts/{contextId}/sessions requests. The response you get from executing the “rules” link would show the rules added by the compute service when it created the context to govern who can use it to create a session. The rules would show the users and groups allowed to create sessions with the context, or if all authenticated users are allowed to create sessions with the context (or even if guests are allowed to). If you don’t get back any rules, then only admins can create sessions with the context.

 

This method is not fool-proof. It is always possible for a site to add a rule that the compute service knows nothing about that would influence authorization on POST /compute/contexts/{contextId}/sessions requests. For example, a site could add a rule denying certain users or groups access to POST /compute/contexts/*/sessions, and that rule would take precedence over any rules added by the compute service. The only way to take that kind of thing into account is to ask the authorization service for an explanation: https://gitlab.sas.com/petrichor/authorization#authorization-explanations.

 

I hope this helps.

 

Thanks,

Joe


Join us for SAS Community Trivia
SAS Bowl XLIII, The New SAS Developer Portal
Wednesday, August 14, 2024, at 10 a.m. ET | #SASBowl

View solution in original post

1 REPLY 1
joeFurbee
Community Manager

Hi @AllanBowe,

I got the following response from a developer:

Each context has a “rules” link that an admin can use to get the authorization rules that apply to POST /compute/contexts/{contextId}/sessions requests. The response you get from executing the “rules” link would show the rules added by the compute service when it created the context to govern who can use it to create a session. The rules would show the users and groups allowed to create sessions with the context, or if all authenticated users are allowed to create sessions with the context (or even if guests are allowed to). If you don’t get back any rules, then only admins can create sessions with the context.

 

This method is not fool-proof. It is always possible for a site to add a rule that the compute service knows nothing about that would influence authorization on POST /compute/contexts/{contextId}/sessions requests. For example, a site could add a rule denying certain users or groups access to POST /compute/contexts/*/sessions, and that rule would take precedence over any rules added by the compute service. The only way to take that kind of thing into account is to ask the authorization service for an explanation: https://gitlab.sas.com/petrichor/authorization#authorization-explanations.

 

I hope this helps.

 

Thanks,

Joe


Join us for SAS Community Trivia
SAS Bowl XLIII, The New SAS Developer Portal
Wednesday, August 14, 2024, at 10 a.m. ET | #SASBowl

SAS Innovate 2025: Call for Content

Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 25. Read more here about why you should contribute and what is in it for you!

Submit your idea!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 1 reply
  • 1126 views
  • 1 like
  • 2 in conversation