BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
paterd2
Quartz | Level 8

Viya Experts,

 

can we block the access to /identities/users and /identities/groups without breaking the applications in sas viya ?

every authenticated user can list all users and groups in our environment.

Or maybe even better are there hardening advices on the rules in sas viya.

 

Regards,

 

Dik

1 ACCEPTED SOLUTION

Accepted Solutions
germhm
SAS Employee

Hi Dik,

maybe this is helpful:

endpoints.secured.groups:

not enabled by default

When enabled, limits non-administrative users’ Read access for groups.

endpoints.secured.members:

not enabled by default

When enabled, limits non-administrative users’ Read access for group members.

endpoints.secured.memberships:

not enabled by default

When enabled, limits non-administrative users’ Read access for group and user memberships.

endpoints.secured.users:

not enabled by default

When enabled, limits non-administrative users’ Read access for other users.

 

SAS Help Center: Service Configuration Properties: Reference

 

best
Mike

View solution in original post

1 REPLY 1
germhm
SAS Employee

Hi Dik,

maybe this is helpful:

endpoints.secured.groups:

not enabled by default

When enabled, limits non-administrative users’ Read access for groups.

endpoints.secured.members:

not enabled by default

When enabled, limits non-administrative users’ Read access for group members.

endpoints.secured.memberships:

not enabled by default

When enabled, limits non-administrative users’ Read access for group and user memberships.

endpoints.secured.users:

not enabled by default

When enabled, limits non-administrative users’ Read access for other users.

 

SAS Help Center: Service Configuration Properties: Reference

 

best
Mike