Previous Page | Next Page

What to Do Next: Administration Tasks

First-Priority Setup Tasks


Summary of First-Priority Setup Tasks

The following tasks are necessary to protect the integrity of your system. Complete these steps as soon as possible after installation, before you complete any of the other tasks that are outlined in this chapter.

First-Priority Setup Tasks
Task Description
Secure the SAS configuration on each server machine. For a secure deployment, the configuration directory on each server machine must be protected by operating system controls. These controls will prevent inappropriate access to repository data sets, server scripts, server logs, and configuration files.

On Windows systems, all configuration directories, files, and scripts are owned by the user who performs the installation. You must update the permissions as shown in Recommended Operating System Protections for Windows Machines. These recommendations assume that your SAS servers and spawners run as services under the Local System account.

On UNIX and z/OS systems, the SAS Deployment Wizard automatically applies the appropriate permissions. The default permissions are shown in Default Operating System Protections for UNIX and z/OS Machines.

Establish a formal, regularly scheduled backup process. Establish a formal, regularly scheduled backup process that includes your metadata repositories as well as the associated physical files.

SAS provides backup and restore utilities that enable you to perform correct backups and restores of your metadata repositories, the repository manager, the metadata journal file, and the metadata server configuration files while minimizing disruptions in service. It is important to also back up the physical data that is associated with the metadata so that related information will be synchronized if a restore becomes necessary.

Before you back up your SAS Intelligence Platform, read Best Practices for Backing Up and Restoring Your System in the SAS Intelligence Platform: System Administration Guide.


Recommended Operating System Protections for Windows Machines

On Windows server machines, we recommend that you apply the following operating system protections to your configuration directory. All of these directories are located in SAS-configuration-directory\Levn.

Recommended Operating System Protections on Windows
Directories Users Recommended Permissions
SAS-configuration-directory

SAS-configuration-directory\Levn

\Levn subdirectories: Documents, ReportBatch, SASApp, SASMeta, Utilities, Web

SYSTEM and Administrators Full Control
All other users List Folder Contents, Read
\Levn subdirectories: ConnectSpawner, Logs, ObjectSpawner, SASApp\OLAPServer, SASMeta\MetadataServer, SASTS, ShareServer SYSTEM and Administrators Full Control


Remove all other users and groups

SASApp subdirectories : PooledWorkspaceServer, StoredProcessServer SYSTEM, Administrators, and SAS Spawned Servers (sassrv) Full Control


Remove all other users and groups

SASApp subdirectories: ConnectServer\Logs, Data\wrsdist, Data\wrstemp, PooledWorkspaceServer\Logs, PooledWorkspaceServer\sasuser, StoredProcessServer\Logs , StoredProcessServer\sasuser, and WorkspaceServer\Logs


SASMeta\WorkspaceServer\Logs

SYSTEM, Administrators, and SAS Spawned Servers (sassrv) Full Control
sasv9_meta.cfg file SYSTEM and Administrators Read and Write


Remove all other users and groups

SASMeta subdirectories: MetadataServer, MetadataServer\rposmgr, MetadataServer\MetadataRepositories\Foundation


Backup destination (for example, SASMeta\MetadataServer\SASBackup)

The user who backs up the metadata server. You can add this user to the Administrators group to provide the required access. Full Control

Note:   

  [cautionend]

For information about backups, see Using the Backup Wizard in SAS Management Console and Using the %OMABAKUP Macro to Perform Backups and Restores in the SAS Intelligence Platform: System Administration Guide.

For details about the configuration directory structure, see Overview of the Configuration Directory Structure in the SAS Intelligence Platform: System Administration Guide.


Default Operating System Protections for UNIX and z/OS Machines

The following table shows the default operating system protections that are provided automatically for configuration directories on UNIX and z/OS machines. All of these directories are located in SAS-configuration-directory/Levn.

Default Operating System Protections on UNIX and z/OS
Directories Users Default Permissions
SAS-configuration-directory

SAS-configuration-directory/Levn

/Levn subdirectories: Documents, ReportBatch, SASApp, SASMeta, Utilities, Web

SAS Installer Read, Write, and Execute
All other users Read and Execute
/Levn subdirectories: ConnectSpawner, Logs, ObjectSpawner, SASApp/OLAPServer, SASMeta/MetadataServer, SASTS, ShareServer SAS Installer Read, Write, and Execute
All other users No access
SASApp subdirectories : PooledWorkspaceServer, StoredProcessServer SAS Installer Read, Write, and Execute
sas group Read and Execute
SASApp subdirectories : ConnectServer/Logs, Data/wrsdist, Data/wrstemp, PooledWorkspaceServer/Logs, PooledWorkspaceServer/sasuser, StoredProcessServer/Logs , StoredProcessServer/sasuser, and WorkspaceServer/Logs


SASMeta/WorkspaceServer/Logs

SAS Installer Read, Write, and Execute
sas group Read, Write, and Execute
sasv9_meta.cfg file SAS Installer Read and Write
All other users no access

Note:   

  [cautionend]

Previous Page | Next Page | Top of Page