Special rights are required for tasks that involve running
processes on a standard (non-pooled) workspace server. In SAS Management
Console, these tasks include the following:
-
validating a workspace server
-
using the Import SAS Package and
Export SAS Package wizards or the batch promotion tools to import
or export physical content that is associated with stored processes,
tables, jobs, libraries, or external files
The requirements for performing
these tasks depend on which authentication method is used and which
server is being accessed:
-
If you use host (credential-based) authentication,
the following requirements must be met:
-
The user's account must be known
to the workspace server host. On Windows, the account must have rights
to
Log on as a batch job
on the host
machine. Typically, you would add the user to an operating system
group that has this right (for example, the SAS Server Users group).
-
The user's account must correspond
to a metadata identity that has the ReadMetadata permission for the
server definition.
-
If you use Integrated Windows
authentication (IWA), the following requirements must be met:
-
The user's account must be known
to the workspace server host. It is not necessary to have rights to
Log
on as a batch job
.
-
The user's account must correspond
to a metadata identity that has the ReadMetadata permission for the
server definition.
-
Integrated Windows authentication
must be selected in the connection profile that the user uses to log
on to SAS Management Console. In addition, Integrated Windows authentication
must be fully configured on the workspace server.
-
If the workspace server is configured
to use SAS token authentication, then no credentials on the workspace
server host are necessary. The user can log on to SAS Management Console
with either an internal account or an external account. The account
must correspond to a metadata identity that has the ReadMetadata permission
for the server definition.
-
If you are using a workspace server
that is part of the metadata server context (for example, SASMeta),
then the user must also be a member of the SAS Administrators group.
The use of this server is limited to special metadata server administration
tasks.
For detailed information about configuring and using
the authentication methods for SAS servers, see the
SAS Intelligence Platform: Security Administration Guide.