I have just started with SAS and am going thru the Step-by-Step guide.
Can a SAS program/macro; i.e. the code that I save in a .SAS file be published for anonymour users? That is to say, can a public user browse to my server and view the results of the program without logging in to SAS? I know that I can run the program myself, save the result to HTML file and then publish that file, but that's not what I want done. I am trying to publish the program so that it runs with live data every time a user accesses it.
If you have SAS Web Report Studio then you most likely have the SAS Stored Process Web Application too. You can look at converting your .sas program to a SAS Stored Process - have a read of the SAS 9.4 Stored Processes: Developer's Guide at https://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#titlepage.htm
Assuming that your license from SAS allows it (best to talk to your SAS account manager to find out), the SAS Stored Process Web Application can be configured to allow anonymous access to stored processes. Read the Authentication in the SAS Stored Process Web Application section at http://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#n0ax7wadghvldwn1bbar...
If you are configuring anonymous access you will want to take even more care that you have an appropriately secured SAS installation and be very familiar with the content of the SAS 9.4 Intelligence Platform: Security Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm
You will also want to consider the topology of your SAS installation with respect to security too. The SAS 9.4 Intelligence Platform: Middle-Tier Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm is another resource for you to read. Have a look at the Sample Middle-Tier Deployment Scenarios section at https://support.sas.com/documentation/cdl/en/bimtag/68217/HTML/default/viewer.htm#p0xqadgjuegzsnn173... and review your own installation. The Scenario 2: Web Applications Deployed across a Web Application Server Cluster shows you a setup that includes SAS components deployed in an environment with a DMZ and domain/protocol firewalls.
You didn't mention whether your anonymous users were internal within the organization or external/public internet users. If it is the latter you will want to be even more diligent with your security setup. If this is not something you are familiar with I would strongly recommend you consult with your local SAS Professional Services or a local SAS Partner and of course involve your internal security team in the design and deployment plans. I hope it goes without saying that an internet-facing anonymously-executable SAS stored process would have to be carefully reviewed for its exploitability (such as code injection) and the programmers within the organization would have to have this top of mind whilst developing and maintaining it. After consulting with available local SAS experts, and describing the business problem to be solved, they may be able to offer alternative solutions with lower risk.
Thats a tad advanced for someone just starting out. You would need a server, server SAS, then some setup to ensure validated people only can acces the web page, then SAS code would be stored on the server, it runs and sends results back as a web page. Once you do need ot get to that, browse the SAS products as there are specific things for such requests, SAS Web report Studio is one.
I do have a SAS Server available along with SAS Web Report. It is an installation for a client. They bought it without any training (long story) and I got volunteered to bootstrap myself into how to set it up for them. The client has a number of staticians on their staff who would/should be able to take over once the basic setup has been done for them.
Your point on licensing: Only authenticated users can view reports? I came across references that mention allowing anonymous users. Wasn't clear on the specifics. The idea here is to embed SAS report results as pages or framesets within their website.
My boss took on this contract. Ours is not to reason why...
If you have SAS Web Report Studio then you most likely have the SAS Stored Process Web Application too. You can look at converting your .sas program to a SAS Stored Process - have a read of the SAS 9.4 Stored Processes: Developer's Guide at https://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#titlepage.htm
Assuming that your license from SAS allows it (best to talk to your SAS account manager to find out), the SAS Stored Process Web Application can be configured to allow anonymous access to stored processes. Read the Authentication in the SAS Stored Process Web Application section at http://support.sas.com/documentation/cdl/en/stpug/68399/HTML/default/viewer.htm#n0ax7wadghvldwn1bbar...
If you are configuring anonymous access you will want to take even more care that you have an appropriately secured SAS installation and be very familiar with the content of the SAS 9.4 Intelligence Platform: Security Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm
You will also want to consider the topology of your SAS installation with respect to security too. The SAS 9.4 Intelligence Platform: Middle-Tier Administration Guide at https://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#titlepage.htm is another resource for you to read. Have a look at the Sample Middle-Tier Deployment Scenarios section at https://support.sas.com/documentation/cdl/en/bimtag/68217/HTML/default/viewer.htm#p0xqadgjuegzsnn173... and review your own installation. The Scenario 2: Web Applications Deployed across a Web Application Server Cluster shows you a setup that includes SAS components deployed in an environment with a DMZ and domain/protocol firewalls.
You didn't mention whether your anonymous users were internal within the organization or external/public internet users. If it is the latter you will want to be even more diligent with your security setup. If this is not something you are familiar with I would strongly recommend you consult with your local SAS Professional Services or a local SAS Partner and of course involve your internal security team in the design and deployment plans. I hope it goes without saying that an internet-facing anonymously-executable SAS stored process would have to be carefully reviewed for its exploitability (such as code injection) and the programmers within the organization would have to have this top of mind whilst developing and maintaining it. After consulting with available local SAS experts, and describing the business problem to be solved, they may be able to offer alternative solutions with lower risk.
Paul
Thank you for a detailed reply. I should be able to manage given the references that you have provided.
Registration is now open for SAS Innovate 2025 , our biggest and most exciting global event of the year! Join us in Orlando, FL, May 6-9.
Sign up by Dec. 31 to get the 2024 rate of just $495.
Register now!
Learn how use the CAT functions in SAS to join values from multiple variables into a single value.
Find more tutorials on the SAS Users YouTube channel.
Ready to level-up your skills? Choose your own adventure.