BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
BeNur
Obsidian | Level 7

Hi all,

 

I have SAS Viya 3.4 deployed in Linux. It contains SAS Studio (v 4.4) and SAS StudioV ( v. 5.1) 

I restricted access to SAS StudioV using prohibit Rule (/SAS StudioV/** ) in SAS Viya Environment Manager. 

 

Does anybody know how to restrict access to SAS Studio 4.4?

The rule / SAS Studio/** doesn't work and I believe it shouldn't work cause SAS Studio 4.4 is not controlled by Viya.

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

View solution in original post

5 REPLIES 5
alexal
SAS Employee

@BeNur ,

 

The easiest way is to use pam_succeed_if module in /etc/pam.d/sasauth file.

BeNur
Obsidian | Level 7

Hi @alexal,

 

thanks for your response. I tried to add :

auth required pam_succeed_if.so gid=1001,500001129

(where1001,500001129 my ldap groups that should be allowed to ) into the /etc/pam.d/sasauth-spre file but it didn't work

 

Maybe you can provide me an example of your sasauth-spre file 

I want to deny access for the group with the id 222 and allow access to the group with id = 1001,500001129

alexal
SAS Employee

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

BeNur
Obsidian | Level 7
thanks a lot that helped
alexal
SAS Employee

@BeNur ,

 

You are welcome. I'm glad that the problem has been resolved.

SAS Innovate 2025: Call for Content

Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 16. Read more here about why you should contribute and what is in it for you!

Submit your idea!

Discussion stats
  • 5 replies
  • 1672 views
  • 1 like
  • 2 in conversation