For a secure deployment,
the configuration directory on each server machine must be protected
by operating system controls. These controls will prevent inappropriate
access to repository data sets, server scripts, server logs, and configuration
files.
On Windows systems,
all configuration directories, files, and scripts are owned by the
user who performs the installation. You must update the permissions
as shown in Recommended Operating System Protections for Windows Machines. These recommendations assume that your SAS servers and
spawners run as services under the Local System account.
On UNIX and z/OS systems,
the SAS Deployment Wizard automatically applies the appropriate permissions.
The default permissions are shown in Default Operating System Protections for UNIX and z/OS Machines.
|
|
Establish a formal,
regularly scheduled backup process that includes your metadata repositories
as well as the associated physical files.
The SAS 9.3 Metadata
Server includes a new server-based facility that performs metadata
server backups automatically on a scheduled basis. By default, a schedule
of daily backups is configured by the SAS Deployment Wizard. As a
best practice, you should modify your backup configuration to specify
a storage device other than the device that is used to store the metadata
repositories and the server configuration files, and you should be
sure to include this backup location in your regular system backups. See Backing Up and Recovering the SAS Metadata Server.
It is important to also
back up the physical data that is associated with the metadata so
that related information will be synchronized if a restore becomes
necessary. For guidance in setting up a backup process, see Best Practices for Backing Up and Restoring Your SAS Content.
|
\Lev1
.
On Windows Vista, Windows
7, and Windows Server 2008: Special Permissions to read and execute1
On Windows XP: Read
and Execute1
|
||||||||||||||||||||||||
Windows Vista, Windows
7, and Windows Server 2008 only: Special Permissions to read and execute1
|
||||||||||||||||||||||||
On Windows Vista, Windows
7, and Windows Server 2008 only: Read & Execute, List Folder Contents,
and Read1
|
||||||||||||||||||||||||
Full Control1
|
||||||||||||||||||||||||
1Effective with the second maintenance release for SAS 9.3, the SAS Deployment Wizard automatically sets these permissions for sassrv. |
\Lev1\Logs
).
/Lev1
.
/Lev1/Logs
).