BookmarkSubscribeRSS Feed

SAS Federation Server for GDPR - Security

Started ‎05-22-2018 by
Modified ‎05-22-2018 by
Views 1,880

According to the GDPR, personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing. SAS Federation Server security services ensure that both the server and its data are protected against unauthorized access. SAS Federation Server supports configurable authorization processes and other security features, including encryption.

 

Authentication

 

SAS Federation Server works with SAS Metadata Server to perform authentication for users and groups. When a user connects to SAS Federation Server to access data, the user’s authenticating credentials are passed to the SAS Metadata Server for validation. Once the credentials are validated, the SAS Metadata Server will identify the user based on the submitted credentials and get information including logins and group memberships.

 


1.Metadata.png

 

If a user is authenticated but cannot be identified in the SAS Metadata Server, that user becomes a member of the PUBLIC group.

 

Authorization

 

Authorization determines what privileges a user or group has to access the data sources. Authorization can happen at two distinct locations:

  • Data Source Authorization (for example: an Oracle database, provides its own layer of security for its data. Of course, data source authorization cannot be bypassed by SAS Federation Server)
  • Federation Server Authorization.

 

Privileges/permissions are the list of actions a user can be authorized/denied to perform, including in that case SELECT, INSERT, ALTER, DROP, etc.

 

2.Administration.png

 

Privileges/permissions can be assigned at different layers: server, data service, DSN, catalog, schema, table, etc. up to the column level. For example, a user/group can be granted SELECT permissions on a data service, but denied SELECT on specific tables or columns on a table.

 

3.ColumnAdmin.png

 

4.ColumnAdmin.png

 

Row-level security (RLS) for SAS Federation Server provides additional security on tables and views by restricting data access on a row-by-row basis.

 

5.RLS.png

 

 

Server encryption

 

SAS Federation Server supports two methods of encryption strength: SAS Proprietary Encryption and encryption with DataFlux Secure. The SAS Proprietary Encryption algorithm provides a medium level of security, it is strong enough to protect your data from casual viewing.

 

With DataFlux Secure, you have a high level of security, it provides three high-assurance features:

  • Enhanced encryption for network communication and passwords. Multiple encryption algorithms are supported, up to and including the 256-bit private keys of AES.
  • The Secure Sockets Layer (SSL) protects HTTPS connections.
  • FIPS compliance to help ensure that your site meets regulatory requirements.

 

Version history
Last update:
‎05-22-2018 09:13 AM
Updated by:
Contributors

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Labels
Article Tags