SAS Federation Server for GDPR - Security
According to the GDPR, personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing. SAS Federation Server security services ensure that both the server and its data are protected against unauthorized access. SAS Federation Server supports configurable authorization processes and other security features, including encryption.
Authentication
SAS Federation Server works with SAS Metadata Server to perform authentication for users and groups. When a user connects to SAS Federation Server to access data, the user’s authenticating credentials are passed to the SAS Metadata Server for validation. Once the credentials are validated, the SAS Metadata Server will identify the user based on the submitted credentials and get information including logins and group memberships.
If a user is authenticated but cannot be identified in the SAS Metadata Server, that user becomes a member of the PUBLIC group.
Authorization
Authorization determines what privileges a user or group has to access the data sources. Authorization can happen at two distinct locations:
- Data Source Authorization (for example: an Oracle database, provides its own layer of security for its data. Of course, data source authorization cannot be bypassed by SAS Federation Server)
- Federation Server Authorization.
Privileges/permissions are the list of actions a user can be authorized/denied to perform, including in that case SELECT, INSERT, ALTER, DROP, etc.
Privileges/permissions can be assigned at different layers: server, data service, DSN, catalog, schema, table, etc. up to the column level. For example, a user/group can be granted SELECT permissions on a data service, but denied SELECT on specific tables or columns on a table.
Row-level security (RLS) for SAS Federation Server provides additional security on tables and views by restricting data access on a row-by-row basis.
Server encryption
SAS Federation Server supports two methods of encryption strength: SAS Proprietary Encryption and encryption with DataFlux Secure. The SAS Proprietary Encryption algorithm provides a medium level of security, it is strong enough to protect your data from casual viewing.
With DataFlux Secure, you have a high level of security, it provides three high-assurance features:
- Enhanced encryption for network communication and passwords. Multiple encryption algorithms are supported, up to and including the 256-bit private keys of AES.
- The Secure Sockets Layer (SSL) protects HTTPS connections.
- FIPS compliance to help ensure that your site meets regulatory requirements.
