cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
BeNur
Obsidian | Level 7 BeNur
Obsidian | Level 7
Go to Solution

Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-20-2019 06:19 PM (2241 views)

Hi all,

 

I have SAS Viya 3.4 deployed in Linux. It contains SAS Studio (v 4.4) and SAS StudioV ( v. 5.1) 

I restricted access to SAS StudioV using prohibit Rule (/SAS StudioV/** ) in SAS Viya Environment Manager. 

 

Does anybody know how to restrict access to SAS Studio 4.4?

The rule / SAS Studio/** doesn't work and I believe it shouldn't work cause SAS Studio 4.4 is not controlled by Viya.

 

 

 

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 08:42 AM (2190 views)  |   In reply to BeNur

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

View solution in original post

5 REPLIES 5
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-20-2019 09:18 PM (2225 views)  |   In reply to BeNur

@BeNur ,

 

The easiest way is to use pam_succeed_if module in /etc/pam.d/sasauth file.

0 Likes
BeNur
Obsidian | Level 7 BeNur
Obsidian | Level 7

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-21-2019 02:52 PM (2205 views)  |   In reply to alexal

Hi @alexal,

 

thanks for your response. I tried to add :

auth required pam_succeed_if.so gid=1001,500001129

(where1001,500001129 my ldap groups that should be allowed to ) into the /etc/pam.d/sasauth-spre file but it didn't work

 

Maybe you can provide me an example of your sasauth-spre file 

I want to deny access for the group with the id 222 and allow access to the group with id = 1001,500001129

0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 08:42 AM (2191 views)  |   In reply to BeNur

@BeNur ,


How high is that module is in the stack? The module should be before pam_unix or any other modules you are using for the authentication. Also, the following command will help you debug it:

 

sudo grep sasauth /var/log/secure

If you see no pam_succeed_if in the output, that means you have to place that module higher in the stack.

BeNur
Obsidian | Level 7 BeNur
Obsidian | Level 7

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 01:17 PM (2178 views)  |   In reply to alexal
thanks a lot that helped
0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: Hot to restrict access to SAS Studio 4.4 in Viya

Posted 05-22-2019 01:23 PM (2177 views)  |   In reply to BeNur

@BeNur ,

 

You are welcome. I'm glad that the problem has been resolved.

0 Likes

sas-innovate-white.png

Our biggest data and AI event of the year.

Don’t miss the livestream kicking off May 7. It’s free. It’s easy. And it’s the best seat in the house.

Join us virtually with our complimentary SAS Innovate Digital Pass. Watch live or on-demand in multiple languages, with translations available to help you get the most out of every session.

 

Register now!

Discussion stats
  • 5 replies
  • ‎05-20-2019 06:19 PM
  • 2242 views
  • 1 like
  • 2 in conversation