• Contents
  • About
  • What's New in Security Administration for the SAS 9.2 Intelligence Platform
  • Fundamentals
    • Security Features
      • About this Document
      • Accessibility Features of the SAS Intelligence Platform
      • Security in the SAS Intelligence Platform
      • Permissions Overview
      • Roles Overview
      • Single Sign-On Overview
      • Encryption Overview
      • Security Reporting and Logging Overview
    • Security Tasks
      • Introduction to Security Tasks
      • Facilitate Authentication
      • Add Administrators
      • Add Regular Users
      • Open Up Access
      • Manage Access
      • Manage Passwords
      • Ensure Availability of Application Features
    • Users, Groups, and Roles
      • About User Administration
      • User Definitions
      • Group Definitions
      • Role Definitions
      • Main Administrative Roles
      • Differences Between Roles and Groups
      • Relationship Between Capabilities and Permissions
      • How to Create a Dual User
      • How to Unlock an Internal Account
      • How to Assign Capabilities to Roles
      • User ID Formats
      • Unique Names and IDs
      • Identity Precedence
      • Windows Privileges
      • Who Can Manage Users, Groups, and Roles?
    • Getting Started With Permissions
      • Orientation to Working With Permissions
      • The Authorization Tab
      • Explicit Settings
      • ACT Settings
      • Inherited Settings
      • Using WriteMetadata and WriteMemberMetadata Permissions
      • Key Points About Working With Permissions
  • Authorization
    • Authorization Model
      • Overview of the Metadata Authorization Model
      • Use and Enforcement of Each Permission
      • Inheritance Paths
      • Permissions by Item
      • Permissions by Task
      • Authorization Decisions
      • Fine-Grained Controls for Data
    • Permissions on Folders
      • Using Custom Folders to Manage Access
      • Baseline ACTs
      • Demonstration: Departmental and Project Separation
      • Variation 1: Add Subgroups, Designate Content Creators
      • Variation 2: Add Functional Separation
      • Key Points About the Baseline ACT Approach
      • Further Considerations for Permissions on Folders
    • Permissions on Servers
      • Managing Access to Server Definitions
      • Protecting Server Definitions
      • Hiding Server Definitions
    • BI Row-Level Permissions
      • About BI Row-Level Permissions
      • Filtering Techniques for BI Row-Level Permissions
      • How to Implement BI Row-Level Permissions
      • Example: Using BI Row-Level Permissions
      • BI Row-Level Permissions, Identity-Driven Properties, and Missing Values
    • OLAP Member-Level Permissions
      • About OLAP Member-Level Permissions
      • How to Assign an OLAP Permission Condition
      • Example: Using Member-Level Permissions
    • Security Report Macros
      • Overview of Security Reporting
      • %MDSECDS
      • Authorization Data Sets
      • Additional Resources for Building Authorization Data Sets
  • Authentication
    • Authentication Model
      • Introduction to the Authentication Model
      • Authentication to the Metadata Server
      • Authentication to Data Servers and Processing Servers
      • Authentication Scenarios
      • Mixed Providers
      • Credential Gaps
      • How Logins Are Used
      • About PUBLIC Access and Anonymous Access
    • Authentication Mechanisms
      • Introduction to Authentication Mechanisms
      • Credential Management
      • Direct LDAP Authentication
      • Host Authentication
      • Integrated Windows Authentication
      • Pluggable Authentication Modules (PAM)
      • SAS Internal Authentication
      • SAS Token Authentication
      • Trusted Peer Connections
      • Trusted User Connections
      • Web Authentication
      • Summary for Single Sign-On
      • Summary by Server Type
    • Authentication Tasks
      • How to Configure SAS Token Authentication
      • How to Configure SAS Internal Authentication
      • How to Change Internal Account Policies
      • How to Configure Web Authentication
      • How to Configure Direct LDAP Authentication
      • How to Configure Integrated Windows Authentication
      • How to Force Use of Kerberos
      • How to Store Passwords for the Workspace Server
      • How to Store Passwords for a Third-Party Server
      • How to Reduce Exposure of the SASTRUST Password
      • About the Workspace Server's Options Tab
    • Server Configuration, Data Retrieval, and Risk
      • About This Chapter
      • Identity Passing
      • Launch Credentials
      • Host Access to SAS Tables
      • Choices in Workspace Server Pooling
  • Encryption
    • Encryption Model
      • Encryption Strength and Coverage
      • Default Settings for On-Disk Encryption
      • Default Settings for Over-the-Wire Encryption
      • About SAS/SECURE
    • Encryption Tasks
      • How to Change Over-the-Wire Encryption Settings for SAS Servers
      • How to Increase Encryption Strength for Passwords at Rest
      • How to Increase Encryption Strength for Outbound Passwords in Transit
  • Appendixes
    • Checklists
      • Checklist For a More Secure Deployment
      • Distribution of Selected Privileges
      • Permission Patterns of Selected ACTs
      • Passwords That Are Managed By the SAS Deployment Manager
      • Who's Who in the SAS Metadata
    • User Import Macros
      • Overview of User Import and Synchronization
      • Canonical Tables
      • External Identities
      • User Import
      • User Synchronization
      • Sample Code for Generic File Import
      • Sample Code for User Synchronization
      • About the Sample Code for UNIX /etc/passwd Import
      • About the Sample Code for Active Directory Import
      • Reference: User Import and Synchronization Macros
      • %MDUIMPC
      • %MDUIMPLB
      • %MDUEXTR
      • %MDUCMP
      • %MDUCHGV
      • %MDUCHGLB
    • Recommended Reading
  • Glossary


ProductRelease
SAS Enterprise BI Server4.3
SAS BI Server4.3
SAS Enterprise Data Integration Server4.2
SAS Data Integration Server4.2
SAS Intelligence Storage
SAS Metadata Server9.2
Type
Administration
Copyright Date
February 2009
Last Updated
03Nov2011