I don;t know as I don't use VA.  However, if you know how to, and can do row level security (whatever that means!) then why not normalise the dataset -> i.e. wide to long, so have the columns as rows.  

data have:

ID   VAR1   VAR2   VAR3

1     A        B         C

data want:

ID   VARNUM   RESULT

1     1              A

1      2             B

1      3             C

To be honest though, why would you want to restrict certain columns?  Doens't make much sense.  Look at the process as a whole, what user levels are there.  Say you want basic user, and advanced user, and basic user has a subset of advanced user.  In this instance, I would have the dataset only accessible by advanced user.  Then I would create a view of the data which only takes a subset.  This view would be available to the basic user and they therefore would only see the restricted user.  Chat with your SAS installer about this kind of setup.

Hi @biyania,

Please clarify what you mean by "show specific column information basis" If you mean you want to see certain rows for a column that is dependent on the user who is accessing the table then this is row level security. SAS Visual Analytics only supports row level security. It does not do column level security (where you see a column or not based on a condition).

This is stated in the SAS Visual Analytics Administration Guide (you will need a userid and password from SAS Technical Support to access the document).

Kind Regards,

Michelle

Hi @biyania,

As I mentioned earlier, if you want certain columns to appear based on a user condition, this is column level security and not available in SAS Visual Analytics.

Only row-level security is available. Someone else asked a question about row-level security earlier today and I responded with a link to a paper with examples at https://communities.sas.com/t5/SAS-Visual-Analytics/Question-about-SAS-Roles-Security/m-p/243388#U24...

Kind Regards,

Michelle

It's a bit awkward that this is not available in VA. It is a standard authorization concept in most tools, including SAS Metadata (via SMC), SAS Federation Server, SAS SPD Server etc.

Unless the OP can't transpose the data in some magic way, so row level security can be used, the work around would be to create duplicate LASR tables with different set of columns.

We have a client who has the requirement to deny access to certain columns containing personal identifiable information for selected user groups. We intend to deny the access to these column in SMC. However, based on the following statement extracted from VA Administration Guide:

• SAS Visual Analytics uses the platform’s metadata authorization layer to manage access to objects such as reports, explorations, tables, libraries, servers, and folders.
• SAS Visual Analytics supports row-level security. SAS Visual Analytics does not support column-level security. Note:Do not set denials of the ReadMetadata permission on individual columns within a table. If a table is loaded by a user who lacks access to one or more columns, duplicate metadata entries are created for the unavailable columns.

If the table is loaded by a user who has access to all the columns in the table, will the grant/deny permission on the columns defined in SMC applied on the table loaded in SAS LASR Server?

SAS Visual Analytics does not support column-level security. There is no workaround for this.

Hello,

Any updates on this topic?

Is there a solution?

Thanks

For 9.4, no.

But in Viya this should be enforced, at least for CAS data:

http://documentation.sas.com/?cdcId=calcdc&cdcVersion=3.2&docsetId=calauthzcas&docsetTarget=n1bf0cwn...