cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
StephenOverton
Fluorite | Level 6 StephenOverton
Fluorite | Level 6

Trying to Contain Users Inside of a Workspace Server Path

Posted 11-09-2010 02:41 PM (1690 views)
I am trying to give SAS a general read/write access to the OS and manage what users can read/write through metadata. Enterprise Guide users (and any programmers for that matter) are the only ones I worry about because the workspace server gives direct access to the file system. I've actually got this covered by setting the workspace server path to where I want the users to read/write their data. BUT lets say a user is smart enough to figure out the directory structure and potentially write their own libname statement to another directory outside their workspace server, they could access data they shouldn't be able to.

Anybody have ideas? I would hope there is an option for the workspace server to limit what users can read/write depending on if it is outside the path defined for the workspace server.
0 Likes
Reply
4 REPLIES 4
twocanbazza
Quartz | Level 8 twocanbazza
Quartz | Level 8

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-09-2010 10:50 PM (1680 views)  |   In reply to StephenOverton
If you are worried about security that much, i suggest using using the OS permisisions as well as the MD permission, I believe that is the 'Best Practise'.

I am not sure what you mean by "setting the workspace server path " can you expand?

also what OS, what version of sas etc...

Barry
0 Likes
Reply
ChrisHemedinger
Community Manager ChrisHemedinger
Community Manager

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-10-2010 04:08 PM (1680 views)  |   In reply to twocanbazza
Steve is referring to the File Navigation path that you can set in the workspace server properties, which serves as a cue for how to allow the end user to navigate the server file system from within EG.

The advice is correct though: lock down the OS file system to prevent unauthorized access to areas the end user shouldn't get to. Creative SAS programmers can find programmatic methods to access content that is open, if they want to.

Chris
SAS For Dummies 3rd Edition! Check out the new edition, covering SAS 9.4, SAS Viya, and all of the modern ways to use SAS!
0 Likes
Reply
StephenOverton
Fluorite | Level 6 StephenOverton
Fluorite | Level 6

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-10-2010 04:42 PM (1680 views)  |   In reply to ChrisHemedinger
We're going to investigate the use of ACLs to take it a step further...

http://support.sas.com/kb/33/961.html
0 Likes
Reply
Patrick
Opal | Level 21 Patrick
Opal | Level 21

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-10-2010 05:12 PM (1680 views)  |   In reply to StephenOverton
Hi
To set security on OS level will be the safest way.
User "sassrv" (EG) would then have only write access to the directories you want, user "sas" would be used for batch job with write access to much more directories.
Have "sas" and "sassrv" in the same group (I assume OS is UNIX) and set ACL appropriate (setfacl, getfacl). I have seen something like this already set-up and working.
There is also some possibility to suppress SAS commands (i.e. a Libname statement) and I've worked on one site where this was implemented. I don't know exactly how this was done and I also feel it's kind of a "brute force" method.
HTH
Patrick
0 Likes
Reply

hackathon24-white-horiz.png

The 2025 SAS Hackathon has begun!

It's finally time to hack! Remember to visit the SAS Hacker's Hub regularly for news and updates.

Latest Updates

Creating Custom Steps in SAS Studio

Check out this tutorial series to learn how to build your own steps in SAS Studio.

Watch Creating Custom Steps in SAS Studio on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 4 replies
  • ‎11-09-2010 02:41 PM
  • 1691 views
  • 0 likes
  • 4 in conversation