cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
StephenOverton
Fluorite | Level 6 StephenOverton
Fluorite | Level 6

Trying to Contain Users Inside of a Workspace Server Path

Posted 11-09-2010 02:41 PM (848 views)
I am trying to give SAS a general read/write access to the OS and manage what users can read/write through metadata. Enterprise Guide users (and any programmers for that matter) are the only ones I worry about because the workspace server gives direct access to the file system. I've actually got this covered by setting the workspace server path to where I want the users to read/write their data. BUT lets say a user is smart enough to figure out the directory structure and potentially write their own libname statement to another directory outside their workspace server, they could access data they shouldn't be able to.

Anybody have ideas? I would hope there is an option for the workspace server to limit what users can read/write depending on if it is outside the path defined for the workspace server.
0 Likes
Reply
4 REPLIES 4
twocanbazza
Quartz | Level 8 twocanbazza
Quartz | Level 8

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-09-2010 10:50 PM (838 views)  |   In reply to StephenOverton
If you are worried about security that much, i suggest using using the OS permisisions as well as the MD permission, I believe that is the 'Best Practise'.

I am not sure what you mean by "setting the workspace server path " can you expand?

also what OS, what version of sas etc...

Barry
0 Likes
Reply
ChrisHemedinger
Community Manager ChrisHemedinger
Community Manager

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-10-2010 04:08 PM (838 views)  |   In reply to twocanbazza
Steve is referring to the File Navigation path that you can set in the workspace server properties, which serves as a cue for how to allow the end user to navigate the server file system from within EG.

The advice is correct though: lock down the OS file system to prevent unauthorized access to areas the end user shouldn't get to. Creative SAS programmers can find programmatic methods to access content that is open, if they want to.

Chris
It's time to register for SAS Innovate! Join your SAS user peers in Las Vegas on April 16-19 2024.
0 Likes
Reply
StephenOverton
Fluorite | Level 6 StephenOverton
Fluorite | Level 6

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-10-2010 04:42 PM (838 views)  |   In reply to ChrisHemedinger
We're going to investigate the use of ACLs to take it a step further...

http://support.sas.com/kb/33/961.html
0 Likes
Reply
Patrick
Opal | Level 21 Patrick
Opal | Level 21

Re: Trying to Contain Users Inside of a Workspace Server Path

Posted 11-10-2010 05:12 PM (838 views)  |   In reply to StephenOverton
Hi
To set security on OS level will be the safest way.
User "sassrv" (EG) would then have only write access to the directories you want, user "sas" would be used for batch job with write access to much more directories.
Have "sas" and "sassrv" in the same group (I assume OS is UNIX) and set ACL appropriate (setfacl, getfacl). I have seen something like this already set-up and working.
There is also some possibility to suppress SAS commands (i.e. a Libname statement) and I've worked on one site where this was implemented. I don't know exactly how this was done and I also feel it's kind of a "brute force" method.
HTH
Patrick
0 Likes
Reply

sas-innovate-2024.png

Don't miss out on SAS Innovate - Register now for the FREE Livestream!

Can't make it to Vegas? No problem! Watch our general sessions LIVE or on-demand starting April 17th. Hear from SAS execs, best-selling author Adam Grant, Hot Ones host Sean Evans, top tech journalist Kara Swisher, AI expert Cassie Kozyrkov, and the mind-blowing dance crew iLuminate! Plus, get access to over 20 breakout sessions.

 

Register now!

SAS Enterprise Guide vs. SAS Studio

What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.

Watch SAS Enterprise Guide vs. SAS Studio on YouTube

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 4 replies
  • ‎11-09-2010 02:41 PM
  • 849 views
  • 0 likes
  • 4 in conversation