Security for the DataFlux Data Management Server is implemented
as follows:
-
Authentication takes place in the
operating environment, as managed by the SAS Metadata Server.
-
Authorization is managed and implemented
entirely on the DataFlux Data Management Server. Permissions (access
control lists) are managed in the server’s administrative interface
in DataFlux Data Management Studio, or in configuration files. Any
job, service, command, or data can be assigned an access control list
by an administrator.
-
Access to all server resources
can be explicitly allowed or denied by IP address. This permission
overrides the access control lists.
-
Access to all server resources
can be explicitly allowed or denied to specified users or groups.
This permission overrides the access control lists.
-
By enabling the DataFlux Secure software, client
SOAP connections can be protected with
OpenSSL.
-
The encryption algorithm for connections
to the SAS Metadata Server and the SAS Federation Server are determined
by those servers. By default, the encryption algorithm is 56-bit SAS
Proprietary. By enabling the DataFlux Secure software, the encryption
algorithm can be upgraded to the American Encryption Standard (AES,
up to 256-bit.) In turn, AES can be configured to be compliant with
the Federal Information Processing Standard 140-2. To learn about
the implementation of encryption between SAS servers, see Encryption
in SAS 9.4. To enable and configure the DataFlux Secure
software, see the DataFlux Secure: Administrator’s
Guide.
The DataFlux Data Management
Server can run in unsecured mode, without authentication or authorization.
In this mode, jobs cannot request authentication, and the DataFlux
Data Management Server cannot connect to a SAS Federation Server.
When security is not
enabled, you cannot run jobs that request authentication, and you
cannot run jobs that access a SAS Federation Server.
All data sources (DSNs)
needed by jobs and services must be defined on the Data Management
Server.