Defining Groups

Overview of Defining Groups

On UNIX, adding users to a group is required to assign the necessary operating system privileges to deploy and run SAS. Using a group is one method for granting the corresponding user rights needed on Windows.

The SAS Server Users Group (Windows)

To deploy SAS on Windows, the user must have certain local user rights on the machine hosting the server. These rights are required before the user can start a process for a stored process server, a pooled workspace server, or a standard workspace server. One suggestion for giving a user these rights is to create a group, add users to the group, and then assign the rights to the group. (The scheduling user, lsfuser—which is required if you are scheduling reports—also must have this same right.)
Note: Not all of these user accounts will exist in every installation. You add only those that you have created. In addition, if you are working in a multi-machine environment and are using local groups, not all of the users that you have created need to be included in every local group. You need only include the users who will be authenticated by a stored process server, pooled workspace server, or standard workspace server on a given machine. On some machines (for example, a machine hosting middle-tier components) there might be no need for the group at all.
To set up a group, complete these steps:
  1. Create a SAS server users group. This can be a local group or a group with domain scope.
  2. Add the following users to the group:
    • SAS Spawned Servers account
    • SAS First User (optional account)
    • LSF User
    • any other external users that need to access a standard workspace server
    Note: The SAS Deployment Wizard automatically grants the Windows user right Log on as a batch job to the SAS Spawned Servers account. If you choose to have the wizard create the optional SAS First User account in metadata, the wizard also automatically grants the Log on as a batch job Windows user right to this First User account. If Integrated Windows authentication (IWA) is implemented, this user right is not required for the SAS First User and other regular SAS users who access standard workspace servers, such as SAS Data Integration Studio or SAS Enterprise Guide users.
  3. Finally, grant the user right Log on as a batch job to the group. For information about setting local user rights, see your Microsoft Windows documentation. If the users in the group need that right on more than one Windows machine, the right needs to be assigned specifically on each machine.

The sas Group (UNIX)

To deploy SAS on UNIX, you should create an operating system group and make this the primary group for the UNIX SAS Installer user. The SAS Spawned Servers account should also be made a member of the sas group. (Members of this group will be given access to certain directories and files created by the SAS Deployment Wizard.)
For information about creating groups and adding user accounts, see your UNIX documentation.

The SASGRP Group (z/OS)

To deploy SAS on z/OS, you should create a RACF group named SASGRP. This group is used to control access to directories and files in the configuration directory created in the HFS file system. The definition of this RACF group must include an OMVS segment and must be set as the default group for the SAS Installer and the SAS Spawned Servers account.
For information about creating groups and adding user accounts, see your IBM z/OS documentation.

Pre-installation Checklist for Groups for SAS on Windows and UNIX

Use the following pre-installation checklist to make sure that you have created the necessary groups to deploy and run SAS on Windows and UNIX:
Note: These checklists are superseded by more complete and up-to-date checklists that can be found at http://support.sas.com/installcenter/plans. This Web site also contains a corresponding deployment plan and an architectural diagram.
Pre-installation Checklist for Groups for SAS on Windows and UNIX
Recommended Group Name
Group Members
Operating System and Purpose
Actual Group Name
SAS Server Users1
SAS Spawned Servers account
Windows—
Suggested method for assigning the Log on as a batch job user right to the SAS Spawned Servers account for the stored process server and pooled workspace server.
SAS First User
Any other users
Suggested method for assigning the Log on as a batch job user right to the SAS First User and any other standard workspace server users.
sas2
SAS Installer
UNIX—
Primary group for the SAS Installer user. Enables the SAS Deployment Wizard to create the necessary log and configuration directories required by SAS.
SAS Spawned Servers account
Through group membership, grants Write permissions to the SAS Spawned Server account for modifying specific SAS log and configuration directories.
1Unless Integrated Windows authentication (IWA) is implemented, add any other any external users accessing standard workspace servers.
2Limit membership because this privileged group has operating system access to certain configuration files.

Pre-installation Checklist for Groups for Third-Party Software

Use the following pre-installation checklist to create the necessary groups to deploy and run third-party software.
Note: These checklists are superseded by more complete and up-to-date checklists that can be found at http://support.sas.com/installcenter/plans. This Web site also contains a corresponding deployment plan and an architectural diagram.
Pre-installation Checklist for Groups for Third-Party Software
Recommended Group Name
Group Members
Operating System and Purpose
Actual Group Name
SAS Server Users
Scheduling user (lsfuser)
Windows—
Suggested method for assigning the Log on as a batch job user right to scheduling users.
sas
SAS Installer (sas)
WebSphere Application Server Installer
UNIX—
Suggested method for assigning required permissions to write to certain installation directories.
SASGRP
SAS Installer (sas)
WebSphere Application Server Installer
z/OS
Suggested method for assigning required permissions to write to certain installation directories.

Pre-installation Checklist for Groups for SAS on z/OS

Use the following pre-installation checklist to create the necessary groups to deploy and run SAS on z/OS:
Note: These checklists are superseded by more complete and up-to-date checklists that can be found at http://support.sas.com/installcenter/plans. This Web site also contains a corresponding deployment plan and an architectural diagram.
Pre-installation Checklist for Groups for SAS on z/OS
Recommended Group Name
Group Members
Purpose(s)
Actual Group Name
SASGRP1
SAS Installer
Default group for the SAS Installer user.
SAS Spawned Servers account
Through group membership, grants Write permissions to the SAS Spawned Server account for modifying SAS log and configuration directories.
1The definition of this RACF group must include an OMVS segment. Limit membership because this privileged group has operating system access to certain configuration files.