Exploring, modeling, predicting and reporting with SAS Visual Analytics and SAS Visual Statistics

Column Level Security

Reply
New Contributor
Posts: 2

Column Level Security

Hi,

 

I want to show specific column information basis the user who logs in to see the report. Is that possible in SAS VA.

 

I know we can do row level security in VA using conditional grants. I dont know how to do column level security.

Esteemed Advisor
Esteemed Advisor
Posts: 6,726

Re: Column Level Security

I don;t know as I don't use VA.  However, if you know how to, and can do row level security (whatever that means!) then why not normalise the dataset -> i.e. wide to long, so have the columns as rows.  

data have:

ID   VAR1   VAR2   VAR3

1     A        B         C

 

data want:

ID   VARNUM   RESULT

1     1              A

1      2             B

1      3             C

 

To be honest though, why would you want to restrict certain columns?  Doens't make much sense.  Look at the process as a whole, what user levels are there.  Say you want basic user, and advanced user, and basic user has a subset of advanced user.  In this instance, I would have the dataset only accessible by advanced user.  Then I would create a view of the data which only takes a subset.  This view would be available to the basic user and they therefore would only see the restricted user.  Chat with your SAS installer about this kind of setup.

 

Super User
Posts: 1,209

Re: Column Level Security

Hi @biyania,

 

Please clarify what you mean by "show specific column information basis" If you mean you want to see certain rows for a column that is dependent on the user who is accessing the table then this is row level security. SAS Visual Analytics only supports row level security. It does not do column level security (where you see a column or not based on a condition).

 

This is stated in the SAS Visual Analytics Administration Guide (you will need a userid and password from SAS Technical Support to access the document).

 

Kind Regards,

Michelle

New Contributor
Posts: 2

Re: Column Level Security

Thanks Michelle,


Yes, I want certain columns basis user id. Exploring how to do this.

any clues ? I am thinking if fetching userid from sysuserid from storedproc could lead me somewhere


what do you think ?
Super User
Posts: 1,209

Re: Column Level Security

Hi @biyania,

 

As I mentioned earlier, if you want certain columns to appear based on a user condition, this is column level security and not available in SAS Visual Analytics.

 

Only row-level security is available. Someone else asked a question about row-level security earlier today and I responded with a link to a paper with examples at https://communities.sas.com/t5/SAS-Visual-Analytics/Question-about-SAS-Roles-Security/m-p/243388#U24...

 

Kind Regards,

Michelle

Esteemed Advisor
Posts: 5,100

Re: Column Level Security

It's a bit awkward that this is not available in VA. It is a standard authorization concept in most tools, including SAS Metadata (via SMC), SAS Federation Server, SAS SPD Server etc.

 

Unless the OP can't transpose the data in some magic way, so row level security can be used, the work around would be to create duplicate LASR tables with different set of columns.

Data never sleeps
New Contributor
Posts: 3

Re: Column Level Security

We have a client who has the requirement to deny access to certain columns containing personal identifiable information for selected user groups. We intend to deny the access to these column in SMC. However, based on the following statement extracted from VA Administration Guide:

 

  • SAS Visual Analytics uses the platform’s metadata authorization layer to manage access to objects such as reports, explorations, tables, libraries, servers, and folders.
  • SAS Visual Analytics supports row-level security. SAS Visual Analytics does not support column-level security. NoteSmiley Very Happyo not set denials of the ReadMetadata permission on individual columns within a table. If a table is loaded by a user who lacks access to one or more columns, duplicate metadata entries are created for the unavailable columns.

 

If the table is loaded by a user who has access to all the columns in the table, will the grant/deny permission on the columns defined in SMC applied on the table loaded in SAS LASR Server?

SAS Super FREQ
Posts: 384

Re: Column Level Security

SAS Visual Analytics does not support column-level security. There is no workaround for this.

 

Post a Question
Discussion Stats
  • 7 replies
  • 667 views
  • 0 likes
  • 6 in conversation