SAS Institute. The Power to Know

SAS(R) 9.2 Intelligence Platform: System Administration Guide

PDF | Purchase
Previous Page | Next Page

Who Can Do What: Credential Requirements for SAS Management Console Tasks

Requirements for Accessing a Standard Workspace Server

Special rights are required for tasks that involve running processes on a standard (non-pooled) workspace server. In SAS Management Console, these tasks include the following:

  • validating a workspace server

  • using the Backup Wizard

  • using the Replication Wizard

  • using the Import SAS Package and Export SAS Package wizards or the batch promotion tools to import or export physical content that is associated with stored processes, tables, jobs, libraries, or external files

The requirements for performing these tasks depend on which authentication method is used and which server is being accessed:

  • If you use host (credential-based) authentication, the following requirements must be met:

    • The user's account must be known to the workspace server host. On Windows, the account must have rights to Log on as a batch job on the host machine. Typically, you would add the user to an operating system group that has this right (for example, the SAS Server Users group).

    • The user's account must correspond to a metadata identity that has the ReadMetadata permission for the server definition.

  • If you use Integrated Windows authentication (IWA), the following requirements must be met:

    • The user's account must be known to the workspace server host. It is not necessary to have rights to Log on as a batch job.

    • The user's account must correspond to a metadata identity that has the ReadMetadata permission for the server definition.

    • Integrated Windows authentication must be selected in the connection profile that the user uses to log on to SAS Management Console. In addition, Integrated Windows authentication must be fully configured on the workspace server.

  • If the workspace server is configured to use SAS token authentication, then no credentials on the workspace server host are necessary. The user can log on to SAS Management Console with either an internal account or an external account. The account must correspond to a metadata identity that has the ReadMetadata permission for the server definition.

  • If you are using a workspace server that is part of the metadata server context (for example, SASMeta), then the user must also be a member of the SAS Administrators group. The use of this server is limited to metadata server administration tasks such as replication, promotion, and backup.

For detailed information about configuring and using the authentication methods for SAS servers, see the SAS Intelligence Platform: Security Administration Guide.

Previous Page | Next Page | Top of Page

Copyright © 2009 by SAS Institute Inc., Cary, NC, USA. All rights reserved.