• Contents
  • About
  • Title Page
  • What's New in Security Administration in SAS 9.3
  • Accessibility
  • About This Document
  • Fundamentals
    • Security Overview
      • Introduction to Security Features
      • Support for Encryption
      • Support for Single Sign-On
      • Auditing of Security Events
      • Metadata-Based Authorization
      • Support for Authorization Reporting
      • Role-Based Access to Application Features
    • User Administration
      • About User Administration
      • Users
      • Groups
      • Roles
      • Passwords
      • Identity Hierarchy
      • External Identities
      • Windows Privileges
      • Windows User ID Formats
      • Uniqueness Requirements
    • Access Management
      • About Access Management
      • Basics of Metadata Authorization
      • WriteMetadata and WriteMemberMetadata
      • Review: Key Points about Authorization
    • Selected Tasks
      • About Security Task Instructions
      • Create Metadata User Definitions
      • Update a Managed Password
      • Unlock an Internal Account
      • Adjust Initial Access
  • Authorization
    • Authorization Model
      • Authorization Overview
      • Three Levels of Granularity
      • Two Relationship Networks
      • Object Inheritance
      • Permissions by Object Type
      • Permissions by Task
      • Types of Access Controls
      • Authorization Decisions
      • Fine-Grained Controls for Data
      • Use and Enforcement of Each Permission
    • Permissions on Folders
      • Baseline ACTs
      • Example: Business Unit Separation
      • Variation 1: Regional Separation, Designated Content Creators
      • Variation 2: Functional Separation
      • Key Points about the Baseline ACT Approach
      • Further Considerations for Permissions on Folders
    • Permissions on Servers
      • Protect Server Definitions
      • Hide Server Definitions
    • Security Report Macros
      • Overview of Authorization Reporting
      • Authorization Data Sets
      • Additional Resources for Building Authorization Data Sets
      • %MDSECDS
  • Authentication
    • Authentication Model
      • Introduction to the Authentication Model
      • Authentication to the Metadata Server
      • Authentication to Data Servers and Processing Servers
      • Mixed Providers
      • Credential Gaps
      • How Logins Are Used
      • Authentication Domains
      • PUBLIC Access and Anonymous Access
    • Authentication Mechanisms
      • Introduction to Authentication Mechanisms
      • Credential Management
      • Direct LDAP Authentication
      • Host Authentication
      • Integrated Windows Authentication
      • Pluggable Authentication Modules (PAM)
      • SAS Internal Authentication
      • SAS Token Authentication
      • Trusted Peer Connections
      • Trusted User Connections
      • Web Authentication
      • Summary of Methods for LDAP Integration
      • Summary for Single Sign-On
      • Summary by Server Type
    • Authentication Tasks
      • How to Facilitate Authentication
      • How to Configure SAS Token Authentication
      • How to Configure Web Authentication
      • How to Configure Direct LDAP Authentication
      • How to Configure Integrated Windows Authentication
      • How to Store Passwords for the Workspace Server
      • How to Store Passwords for a Third-Party Server
      • How to Change Internal Account Policies
      • How to Reduce Exposure of the SASTRUST Password
      • About the Workspace Server's Options Tab
    • Server Configuration, Data Retrieval, and Risk
      • About This Chapter
      • Identity Passing
      • Launch Credentials
      • Host Access to SAS Tables
      • Choices in Workspace Server Pooling
  • Encryption
    • Encryption Model
      • Encryption Strength and Coverage
      • Default Settings for On-Disk Encryption
      • Default Settings for Over-the-Wire Encryption
      • About SAS/SECURE
    • Encryption Tasks
      • How to Change Over-the-Wire Encryption Settings for SAS Servers
      • How to Increase Encryption Strength for Passwords at Rest
      • How to Increase Encryption Strength for Outbound Passwords in Transit
      • How to Configure SSL between the Metadata Server and an LDAP Server
  • Appendix
    • User Import Macros
      • Overview of User Bulk Load and Synchronization
      • Canonical Tables
      • User Bulk Load
      • User Synchronization
      • Sample Code for User Synchronization
      • Sample Code for Generic Bulk Load
      • About the Sample Code for UNIX /etc/passwd
      • About the Sample Code for Active Directory
      • Location of the User Bulk Load and Synchronization Macros
      • %MDUIMPC
      • %MDUIMPLB
      • %MDUEXTR
      • %MDUCMP
      • %MDUCHGV
      • %MDUCHGLB
    • Checklists
      • Checklist for a More Secure Deployment
      • Distribution of Selected Privileges
      • Permission Patterns of Selected ACTs
      • Who's Who in the SAS Metadata
  • Recommended Reading
  • Glossary


ProductRelease
SAS Enterprise BI Server9.3
Type
Administration
Copyright Date
July 2011
Last Updated
07Aug2012