Requirements for Accessing a Standard Workspace Server

Special rights are required for tasks that involve running processes on a standard (non-pooled) workspace server. In SAS Management Console, these tasks include the following:
  • validating a workspace server
  • using the Import SAS Package and Export SAS Package wizards or the batch promotion tools to import or export physical content that is associated with stored processes, tables, jobs, libraries, or external files
The requirements for performing these tasks depend on which authentication method is used and which server is being accessed:
  • If you use host (credential-based) authentication, the following requirements must be met:
    • The user's account must be known to the workspace server host. On Windows, the account must have rights to Log on as a batch job on the host machine. Typically, you would add the user to an operating system group that has this right (for example, the SAS Server Users group).
    • The user's account must correspond to a metadata identity that has the ReadMetadata permission for the server definition.
  • If you use Integrated Windows authentication (IWA), the following requirements must be met:
    • The user's account must be known to the workspace server host. It is not necessary to have rights to Log on as a batch job.
    • The user's account must correspond to a metadata identity that has the ReadMetadata permission for the server definition.
    • Integrated Windows authentication must be selected in the connection profile that the user uses to log on to SAS Management Console. In addition, Integrated Windows authentication must be fully configured on the workspace server.
  • If the workspace server is configured to use SAS token authentication, then no credentials on the workspace server host are necessary. The user can log on to SAS Management Console with either an internal account or an external account. The account must correspond to a metadata identity that has the ReadMetadata permission for the server definition.
  • If you are using a workspace server that is part of the metadata server context (for example, SASMeta), then the user must also be a member of the SAS Administrators group. The use of this server is limited to special metadata server administration tasks.
For detailed information about configuring and using the authentication methods for SAS servers, see the SAS Intelligence Platform: Security Administration Guide.
Copyright © SAS Institute Inc. All rights reserved.