cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
BeNur
Obsidian | Level 7 BeNur
Obsidian | Level 7
Go to Solution

Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-20-2019 06:19 PM (1816 views)

Hi all,

 

I have SAS Viya 3.4 deployed in Linux. It contains SAS Studio (v 4.4) and SAS StudioV ( v. 5.1) 

I restricted access to SAS StudioV using prohibit Rule (/SAS StudioV/** ) in SAS Viya Environment Manager. 

 

Does anybody know how to restrict access to SAS Studio 4.4?

The rule / SAS Studio/** doesn't work and I believe it shouldn't work cause SAS Studio 4.4 is not controlled by Viya.

 

 

 

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 08:42 AM (1765 views)  |   In reply to BeNur

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

View solution in original post

5 REPLIES 5
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-20-2019 09:18 PM (1800 views)  |   In reply to BeNur

@BeNur ,

 

The easiest way is to use pam_succeed_if module in /etc/pam.d/sasauth file.

0 Likes
BeNur
Obsidian | Level 7 BeNur
Obsidian | Level 7

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-21-2019 02:52 PM (1780 views)  |   In reply to alexal

Hi @alexal,

 

thanks for your response. I tried to add :

auth required pam_succeed_if.so gid=1001,500001129

(where1001,500001129 my ldap groups that should be allowed to ) into the /etc/pam.d/sasauth-spre file but it didn't work

 

Maybe you can provide me an example of your sasauth-spre file 

I want to deny access for the group with the id 222 and allow access to the group with id = 1001,500001129

0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 08:42 AM (1766 views)  |   In reply to BeNur

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

BeNur
Obsidian | Level 7 BeNur
Obsidian | Level 7

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 01:17 PM (1753 views)  |   In reply to alexal
thanks a lot that helped
0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 01:23 PM (1752 views)  |   In reply to BeNur

@BeNur ,

 

You are welcome. I'm glad that the problem has been resolved.

0 Likes

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

Discussion stats
  • 5 replies
  • ‎05-20-2019 06:19 PM
  • 1817 views
  • 1 like
  • 2 in conversation