BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
BeNur
Obsidian | Level 7

Hi all,

 

I have SAS Viya 3.4 deployed in Linux. It contains SAS Studio (v 4.4) and SAS StudioV ( v. 5.1) 

I restricted access to SAS StudioV using prohibit Rule (/SAS StudioV/** ) in SAS Viya Environment Manager. 

 

Does anybody know how to restrict access to SAS Studio 4.4?

The rule / SAS Studio/** doesn't work and I believe it shouldn't work cause SAS Studio 4.4 is not controlled by Viya.

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

View solution in original post

5 REPLIES 5
alexal
SAS Employee

@BeNur ,

 

The easiest way is to use pam_succeed_if module in /etc/pam.d/sasauth file.

BeNur
Obsidian | Level 7

Hi @alexal,

 

thanks for your response. I tried to add :

auth required pam_succeed_if.so gid=1001,500001129

(where1001,500001129 my ldap groups that should be allowed to ) into the /etc/pam.d/sasauth-spre file but it didn't work

 

Maybe you can provide me an example of your sasauth-spre file 

I want to deny access for the group with the id 222 and allow access to the group with id = 1001,500001129

alexal
SAS Employee

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

BeNur
Obsidian | Level 7
thanks a lot that helped
alexal
SAS Employee

@BeNur ,

 

You are welcome. I'm glad that the problem has been resolved.

sas-innovate-2024.png

Don't miss out on SAS Innovate - Register now for the FREE Livestream!

Can't make it to Vegas? No problem! Watch our general sessions LIVE or on-demand starting April 17th. Hear from SAS execs, best-selling author Adam Grant, Hot Ones host Sean Evans, top tech journalist Kara Swisher, AI expert Cassie Kozyrkov, and the mind-blowing dance crew iLuminate! Plus, get access to over 20 breakout sessions.

 

Register now!

Discussion stats
  • 5 replies
  • 1390 views
  • 1 like
  • 2 in conversation