01-14-2016 01:12 AM
I want to show specific column information basis the user who logs in to see the report. Is that possible in SAS VA.
I know we can do row level security in VA using conditional grants. I dont know how to do column level security.
01-14-2016 04:27 AM
I don;t know as I don't use VA. However, if you know how to, and can do row level security (whatever that means!) then why not normalise the dataset -> i.e. wide to long, so have the columns as rows.
ID VAR1 VAR2 VAR3
1 A B C
ID VARNUM RESULT
1 1 A
1 2 B
1 3 C
To be honest though, why would you want to restrict certain columns? Doens't make much sense. Look at the process as a whole, what user levels are there. Say you want basic user, and advanced user, and basic user has a subset of advanced user. In this instance, I would have the dataset only accessible by advanced user. Then I would create a view of the data which only takes a subset. This view would be available to the basic user and they therefore would only see the restricted user. Chat with your SAS installer about this kind of setup.
01-14-2016 04:40 AM
Please clarify what you mean by "show specific column information basis" If you mean you want to see certain rows for a column that is dependent on the user who is accessing the table then this is row level security. SAS Visual Analytics only supports row level security. It does not do column level security (where you see a column or not based on a condition).
This is stated in the SAS Visual Analytics Administration Guide (you will need a userid and password from SAS Technical Support to access the document).
01-14-2016 04:55 AM
01-14-2016 05:51 AM
As I mentioned earlier, if you want certain columns to appear based on a user condition, this is column level security and not available in SAS Visual Analytics.
Only row-level security is available. Someone else asked a question about row-level security earlier today and I responded with a link to a paper with examples at https://communities.sas.com/t5/SAS-Visual-Analytics/Question-about-SAS-Roles-Security/m-p/243388#U24...
01-14-2016 07:18 AM
It's a bit awkward that this is not available in VA. It is a standard authorization concept in most tools, including SAS Metadata (via SMC), SAS Federation Server, SAS SPD Server etc.
Unless the OP can't transpose the data in some magic way, so row level security can be used, the work around would be to create duplicate LASR tables with different set of columns.
03-27-2017 02:23 AM
We have a client who has the requirement to deny access to certain columns containing personal identifiable information for selected user groups. We intend to deny the access to these column in SMC. However, based on the following statement extracted from VA Administration Guide:
If the table is loaded by a user who has access to all the columns in the table, will the grant/deny permission on the columns defined in SMC applied on the table loaded in SAS LASR Server?
For 9.4, no.
But in Viya this should be enforced, at least for CAS data: