cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
0 Likes

Implement "Identity Type" Option on SAS Viya Batch Contexts

Status: Suggestion Under Review Submitted by Fluorite | Level 6 Friday
1 Comment (1 New)

Viya Compute Contexts have an "Identity Type" option, which allows restrictions on who is allowed to use the context.  Batch Contexts can be allowed to run-as under specific identities, and so there should also be the option to restrict user access to the context via an "Identity Type" option...because the run-as user may have more privileges than all users on the system should have access to, and there currently isn't an option to prevent them from using any batch context on the system.

See more ideas labeled with:
1 Comment
prasadpz
SAS Employee
SAS Employee
Tuesday
Tuesday
Status changed to: Suggestion Under Review

Hi @MichaelShealy Thanks for the suggestion. We will consider it as a future roadmap item. In the meantime, there is a manual way of restricting the access. 
Please review the following steps if you prefer to test/use it. 

  1. Get all batch context IDs (This needs to be done via batch CLI)
  2. Disable the /batch/contexts/* rule for 'Authenticated Users'
  3. For each batch context ID
    1. Create auth rule in SASEV / Rules for "/batch/contexts/<context-id>" with the following
      1. Setting: Grant
      2. Permissions: Read
      3. Principal type: User|Group|Authenticated Users
      4. Principal: 
        1. For User - the username
        2. For Group - the group name

Let me know if you have any questions.