Hello all,
i'm facing a weird situation with sas setup, we have a sas 9.4m7 installed on RHEL, everything seems to be working fine.
We use the system level folders to map some libraries to the end users, we have a set of permisions on the folder which are a ldap group assigned to the folder, and the owner is sas, normally this works fine and if you're not in the users group you cannot map the library.
The point is that we've created a new workspace server with a set of libraries (os folder) assigned to it with it's specific group, and the weird thing comes when someone tested the access to the library and got it correctly, but the group has no users assigned to it.
Then i've made some tests with this folder, for example I have 2 users that can map the folder in their eguid, 1 is a sas administrator and the other a regular end user, but none of them are in the ldap group that grants access to the folder, and I have no access to the library nor the group.
The first test i did to check the situation was to access to the server with the user directly and try to create a test file and that didn't work (as expected since the user is not in the group) but then it makes me think what is happening in eguide that lets this users to map the folder and create datasets, the only thing that comes to my mind is that eguide creates a sesion with user sas (and then impersonate as the end user) and this is why it lets the user map the library.
I've also tryied some other test like checking the users and comparing the permissions in the management console, and everything seems fine, all users are the same and have the same config as me, except 1 of them that has admin role. Also I put myself in the gruop to see if i had access to the folder and that worked fine, so it's how is supossed to be.
Does anyone have a clue of what can be happening? since we can have a posible security breach here if a user can map libraries that's not supossed to have access.
thanks
... View more
