cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

Let's ACE this! DataFlux Data Management Server adds 4 new Access Control Entry options

Started ‎12-21-2015 by
Modified ‎12-21-2015 by
Views 1,761

ACE in this case stands for Access Control Entry. Four new configuration options were added for DataFlux Data Management Server 2.6 with respect to ACE.  The options are:

     DMSERVER/SECURE/DEFAULT_ACE_USERS_ALLOW

     DMSERVER/SECURE/DEFAULT_ACE_USERS_DENY

     DMSERVER/SECURE/DEFAULT_ACE_GROUPS_ALLOW

     DMSERVER/SECURE/DEFAULT_ACE_GROUPS_DENY

 

These options set “ALLOW” or “DENY’ Access Control Entry (ACE) for each user/group in the configured list when the Data Management Server creates the access control list (ACL) for a job, as it is uploaded to the server. These options are set in the dfmserver.cfg file. After you make these changes in the config file, you must restart the DataFlux Data Management Server service for them to take effect.

 

Here is an example of using these settings in the dmserver.cfgNote:  Multiple user and group names are separated by “ | “.

DMSERVER.CFG ACE Settings

With these settings, when a job is uploaded to the DataFlux Data Management Server, the Permissions (Access Control List (ACL)) for the job will look like this:

Access Control List

 

These new options are a great enhancement and certainly will help with setting permissions for the jobs on a secure DataFlux Data Management Server. However, you do need to be careful when setting these options. If a user or group shows up more than once within or across options or you refer to a group or user name that does not exist in SAS Management Console, then the Data Management Server will not allow any logins to the server until the issue is fixed. For example, say you have the following settings where you have listed a group called Data Management Users which does exist in the group listing in the SAS Management Console:

dmserver_cfg_ACE_settings2.png

This causes an error when someone tries to access the server. If anyone tries to log on to the Data Management Server, they will receive this message.

connection_failed.png

And the message “error resolving configured default ACEs” is written to the dmserver.log.

 

 

Note:  These new options supersede the deprecated options of DMSERVER/SECURE/DEFAULT_ACE_USERS and DMSERVER/SECURE/DEFAULT_ACE_PUBLIC. These two old options are still recognized and if present, will be combined with the values of the four new options. If one of these old options is used -- and you also add USERS or PUBLIC as groups in the new options -- the group names will show up more than once and cause an error when trying to access to the Data Management Server. Therefore, it is recommended to remove these old options from your dmserver.cfg, if you plan to take advantage of these new options.

 

Refer the Data Management Server 2.6: Administrator’s Guide for more information about these options as well as others you can set.

Version history
Last update:
‎12-21-2015 10:19 AM
Updated by:
Community Manager
Contributors

Ready to join fellow brilliant minds for the SAS Hackathon?

Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.

Register today!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Labels
Article Tags