As administrators, ensuring your users have the right tools to get their jobs done is what drives your day to day. So how do you know if you should be using SAS 9.4 or SAS Viya – or both?
Join us for a complimentary webinar on Tuesday, Oct. 9, at 2-3 p.m. ET.
We'll cover common management tasks like:
|
Thanks to everyone who joined us for the live event.
The recording can be found here. And the slides are attached as a PDF.
There were two questions that Darrell answered at the conclusion of the event:
Q: Can you speak about SAS Viya and high availability. Which components can have a secondary server.
A. Refer to this paper from SAS Global Forum this year:
https://www.sas.com/content/dam/SAS/support/en/sas-global-forum-proceedings/2018/1835-2018.pdf
Q: Is there an unrestricted user in Viya?
A. The closest you get is the members of the SAS Administrators Custom Group and sasboot. However, they will be under control of the General Authorization. Their access to content and functionality is controlled using rules.
Thanks to everyone who joined us for the live event.
The recording can be found here. And the slides are attached as a PDF.
There were two questions that Darrell answered at the conclusion of the event:
Q: Can you speak about SAS Viya and high availability. Which components can have a secondary server.
A. Refer to this paper from SAS Global Forum this year:
https://www.sas.com/content/dam/SAS/support/en/sas-global-forum-proceedings/2018/1835-2018.pdf
Q: Is there an unrestricted user in Viya?
A. The closest you get is the members of the SAS Administrators Custom Group and sasboot. However, they will be under control of the General Authorization. Their access to content and functionality is controlled using rules.
Hi @ShelleySessoms,
thank very much for sharing. This is a good follow up of the SASAdmin session hosted by SAS Canada 🙂
I wonder if I could raise a question to Darrel, otherwise I would just post in the communities as usual.
What are the best practices for working and setting Rules in Viya? By default Viya is really open, and all Authorized Users have too many permissions to the different URIs. To work with the GUI for Rules in Environment Manager is hardly workable: way too many URIs and permissions. And the list is not exportable.
So more specific questions would be:
- how to make a proper list of default and custom rules?
- best way to edit/set rules? I guess some CLI command, or Rest API. Any (editable) script for power building some defaults?
- best practices used for now (that would be enough) proposed by SAS, for setting permissions?
Thank you in advance!
Hi @JuanS_OCS, I have forwarded your questions on to Darrell. I'll post his answers here for you and everyone else to learn from.
Thanks for being such a great admin community member!
Best,
Shelley
Hi @ShelleySessoms,
excellent, thanks in advance for that! And thanks again to you, for helping and promoting us 🙂
Best,
Juan
Hi @JuanS_OCS,
Here is the information, as provided by Darrell. Hope it helps!
What are the best practices for working and setting Rules in Viya? By default Viya is really open, and all Authorized Users have too many permissions to the different URIs. To work with the GUI for Rules in Environment Manager is hardly workable: way too many URIs and permissions. And the list is not exportable.
It’s hard to establish best practices for permission policies because each organization has different priorities. You seem to want to control access to the applications. That’s accomplished using the CLI and UI as discussed in the other responses to your questions. If you are not happy with the access given to Authenticated Users for the various applications then certainly modify the rules to manage access to the functionality. You can use the CLI with the authorization plug-in to manage things programmatically or the Environment Manger UI. Here’s the CLI help.
$ /opt/sas/viya/home/bin/sas-admin authorization --help
NAME:
sas-authorization
USAGE:
sas-admin authorization command [command options] [arguments...]
COMMANDS:
authorize, grant, create-rule Creates an authorization rule to grant privileges to the specified principal.
create-rules Create a set of authorization rules.
disable-guest-access Disables guest access.
enable-guest-access, facilitate-guest Enables guest access.
explain Shows the explanations of a target object URI. For example: --target-uri /SASHome/**
get-rules-file Show the JSON file used to produce guest access.
help, h Shows a list of commands or help for one command.
list-rules Lists the authorization rules that are defined for the SAS environment.
prohibit Creates an authorization rule to prohibit privileges for the specified principal.
remove-rule, revoke Removes a specific authorization rule.
remove-rules Removes a set of authorization rules.
show-rule Shows a specific authorization rule.
update-rule Modifies a specified authorization rule.
Just filter on the rules (pipe the CLI output to the grep command to filter using the CLI, $ /opt/sas/viya/home/bin/sas-admin authorization list-rules | grep -i visual) and make changes to meet your needs. I demonstrated filtering on the rules in the UI during my session.
So more specific questions would be:
- how to make a proper list of default and custom rules?
Not sure how to separate default vs. custom, but you can use the CLI to get them all...
/opt/sas/viya/home/bin/sas-admin --output text authorization list-rules > ViyaRules.txt
- best way to edit/set rules? I guess some CLI command, or Rest API. Any (editable) script for power building some defaults?
This is totally user choice. In most cases I would use SAS Environment Manager and the Rules page. You can certainly use the CLI with the grant, prohibit, update-rule, etc. to manage the rules. See help above.
Hello @ShelleySessoms,
the info is useful indeed; unfortunately, I am getting empty lists.
I will open a new thread, that will reference this post and this other one https://communities.sas.com/t5/Administration-and-Deployment/How-to-grant-or-restrict-user-access-in...
SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!