For accountability, we recommend that you create an individual SAS identity for each person who uses the SAS environment. This enables you to make access distinctions and audit individual actions in the metadata layer. This also provides a personal folder for each user. To create a SAS identity for someone, make a SAS copy of the ID with which that person logs on to SAS applications.
Note: The metadata server maintains its own copy of each ID but doesn't keep copies of passwords for identification purposes. As an alternative to using the following instructions, you can batch import users from a provider such as LDAP into the SAS metadata. See User Import Macros.
Log on to SAS Management Console as someone who has user administration capabilities (for example, sasadm@saspw).
On the Plug-ins tab, select User Manager (in the foundation repository).
For each user:
Right-click and select New User.
On the General tab, enter a name.
On the Accounts tab, click New. In the New Login dialog box, select DefaultAuth and enter the user ID for the user's external account. In the standard configuration, this can be any type of account that is known to the metadata server's host (an LDAP, Active Directory, host, or other type of account).
Note: For a Windows account, qualify the ID (for example, WIN\myID or myID@mycompany.com).
Note: If your site uses Web authentication, you might create some logins in a different authentication domain. See Logins for Users Who Participate in Web Authentication.
Note: In a specialized configuration where you set -authpd LDAP: , you must append a suffix to each user ID that is authenticated by your LDAP provider. See Direct LDAP Authentication.
Click OK to save the new login (it is not necessary to include a password in this login). Click OK again to save the new user definition.
If the workspace server is on Windows, give anyone who accesses that server using credential-based host authentication the Log on as a batch job privilege. See Windows Privileges.
Here are some details and tips:
These instructions create registered users who automatically belong to PUBLIC (everyone who can access the metadata server) and SASUSERS (those members of PUBLIC who have a well-formed user definition).
A user who doesn't have a well-formed definition can still log on to most applications. However, the user has only the PUBLIC identity. In the standard configuration, a PUBLIC-only user can't access any resources.
You don't have to make changes on a user's Authorization tab. This tab has no effect on what a user can do.