We’re smarter together. Learn from this collection of community knowledge and add your expertise.

Five papers on Recommended SAS 9.4 Security Model Design (part 1 of 2)

by SAS Employee DavidStern ‎05-25-2017 08:57 AM - edited ‎05-26-2017 03:42 AM (2,971 Views)

About these papers: This is a series of five papers which together present a set of recommended practices for security model design in SAS 9.4.


In this part 1 of 2, you can find the overview and the main core principles and practices paper.

In part 2 of 2, you will find papers on core artefacts, and artefacts for deployments which include SAS Data Integration Studio and SAS Visual Analytics.


The central core principles and practices paper describes concepts which are fundamental to good security model design, such as:

  • What a security model is
  • How to plan your security model design work
  • The Golden Rules of security model design
  • How to design your security model
  • Testing your security model
  • Security and SAS Environment Manager
  • Maintaining your security model
  • Additional considerations

The other papers in the series provide a brief overview, and describe artefacts that should be included in a SAS 9.4 implementation which includes SAS Data Integration Studio or SAS Visual Analytics.


About the author: David Stern is a Principal Technical Architect in SAS’s Global Enablement and Learning (GEL) team. He focuses on platform administration, especially security model design, and promotion and migration between SAS deployments.


About the GEL Recommended SAS 9.4 Security Model Design series of papers: This and the other papers in the series are a collection of principles and practical design recommendations which were developed over several years. Considerable portions of content were developed by SAS consultants in Denmark and the wider Nordic region, with contributions from the UK, Australia, the US and Germany. These papers have been widely reviewed and distributed within SAS, and we are delighted to share them with our community of users.

by Trusted Advisor
on ‎05-25-2017 07:11 PM

A highly resourceful series of papers @DavidStern containing a wealth of advice, tips and experience. Thanks for sharing them with the wider SAS community! Thanks also for mentioning where Metacoda software can assist. :smileyhappy:


Kind Regards,


by Occasional Contributor HrZiller
on ‎05-26-2017 02:57 AM

hi David,


great to see you got the papers out in the community!! Wondering if Michelle is sleeping with the blog under the pillow - fast update from downunder :-)

Going out next week to visit a customer to discuss security model!




by Trusted Advisor
on ‎05-27-2017 06:49 PM

You know me too well @HrZiller! :smileywink:

by Trusted Advisor
on ‎06-28-2017 01:56 AM

Looking for a way to enforce the recommended rules listed in these papers? Have a look at how Metacoda Security Testing Framework can help at https://platformadmin.com/blogs/paul/2017/06/sas-gel-security-rules-with-metacoda-security-tests/ 



Your turn
Sign In!

Want to write an article? Sign in with your profile.

Looking for the Ask the Expert series? Find it in its new home: communities.sas.com/askexpert.