SAS Studio displays files and folders from file system according to file system permissisons that are controlled on operating system (OS). If certain files or folders should be hidden it should be done on operating system / file system level. It would probably be good to discuss it with an administrator of your environment.

Hi Alexey.   From what we have seen your statement is not true, which seems to be corroborated by the response to my initial support case.  I am an administrator of our environment.  We have many folders created on the OS (Linux in this case) that are associated to many different AD groups.  Any user can see ALL of those folders in SAS Studio.  If they are not a member of the AD group associated to a given folder, they get an error if they try to open it in SAS Studio, but the folder itself is always visible for them to try to open.   Our request is the make those folders literally disappear from view if a user is not a member of the group.  If there is a way to do that which is documented, can you please point me to that documentation?

That is not how Unix works.  If they have permission to read the parent directory then they can see the name of the child directory.  If they do not have permission to read the read the child directory then attempts to see what is in it will fail.

Are you asking SAS to modify SAS/Studio to hide directories where the user does not have read permission? Note that would take a lot of individual function calls to implement since each users access is different.  They might have access because they are the owner.  Or because the world is allowed to read.  Or they might have access because they are a member of the group assigned to the directory and the group as read access.  Or that might have permission via file access control list  (FACL) settings.

"Are you asking SAS to modify SAS/Studio to hide directories where the user does not have read permission? "   Yes, that is exactly what we are asking.

However, that does not mean it needs to be implemented based on the Unix permissions.  Those same AD groups are pulled into Viya and can be used for granting permissions to compute contexts, etc.  It would be nice if we could hide the folders in SAS Studio based on those AD groups, or even based on compute context.  I have heard there are ways to hide compute contexts from the dropdown (although we haven't gotten that far yet).  The goal of this request is to have something similar implemented for the folder structures under SAS Server inside SAS Studio.

@bmcclelland 

>>>> "Are you asking SAS to modify SAS/Studio to hide directories where the user does not have read permission? "   Yes, that is exactly what we are asking.

If you would be logged in operating system with such a user that does not have read permission for certain directories in current folder and would execute a command to list directories in this folder, would you be able to see directories that the user does not have read permission?

@Alexey_Vodilin  No, if the user could get to the OS on the Linux server the user would get "permission denied" if they tried to look into a directory for which they do not have read permission.  We have confirmed that by connecting directly into the users compute pod via ssh.  This behavior is controlled by the AD groups that are synced into Viya and whose identifiers are then used to set permissions on the file system folders.  The "permission denied" message also appears in SAS Studio when a user tries to open a folder they do not have permission to read.  What we are asking for is a way to hide that folder from the user in SAS Studio so that it is not even visible for them to try to open.

@bmcclelland right, thank you for confirming on OS level. As far as I understand though, permissions on OS do allow users to see such directories (directories that they do not have read permissions for), correct? Is it something that you cannot / would prefer not to configure on OS level? (i.e., configure permissions on OS in way that users cannot see such directories).

@Alexey_Vodilin You are correct that on the OS level, if a user has read permissions to a given directory, they can open it and see the names of all the files and next-level subdirectories within it.  If they do not have read permissions to a file or next-level subdirectory they are given a permission error if they try to open it - even though they can see it.   SAS Studio presents the file systems to the users the same way - they can see a folder or file that they do not have permission to read, and if they try to open it, they are given a permission error.   We would like to be able to prevent a user in SAS Studio from even seeing that file or folder that they do not have permission to open.

@bmcclelland If you want to hide something from someone, you must put it in a place where that someone can't go.

Even if you can't open the bank vault, you can still see it if you are allowed to stand in front of it.

@Kurt_Bremser Understood.  And I may be able to explain the reason for this product suggestion by carrying your statement a bit further.   Some of our users will have full access to the bank, including the vault.  Other users need to be able to enter the bank and have access only to the teller window.  But if the "other users" can see the vault, they may also try to enter it - only to be prevented.   The desire of this product suggestion is the ability to selectively put an "invisibility cloak" over the vault so that the "other users" can enter the bank and do their business without even knowing that the vault exists.