Prerequisites for Running a Job When a DataFlux Server Is Used for Authentication

These prerequisites apply if you want to incorporate a DataFlux data job, process job, data service, or profile into the flow for a SAS Data Integration Studio job. The job, service, or profile must be deployed to a DataFlux Data Management Server. It is assumed that this server is secured with a DataFlux Authentication Server, as described in the next section.

SAS Data Integration Studio can access DataFlux jobs, services, or profiles if they have been deployed to a DataFlux Data Management Server. In production environments, this server is usually secured. It can be secured with either a DataFlux Authentication Server or a SAS Metadata Server. SAS offerings that include SAS Data Integration Studio 4.8 and later typically use the SAS Metadata Server to authenticate users on a DataFlux Data Management Server. The administrator who maintains your data management environment should know which authentication method is being used to secure the server where the DataFlux jobs, services, or profiles have been deployed.

If authentication is handled by a DataFlux Authentication Server, then follow the steps in the next sections. If authentication is handled by a SAS Metadata Server, then see Prerequisites for Running a DataFlux Job or Profile in a SAS Data Integration Studio Job.

A DataFlux Data Management Studio user deploys jobs, services, or profiles to a DataFlux Data Management Server. He or she should ensure that the objects can be executed on the server and that they deliver the expected results. The next display shows a job, Sort Emp, that has been deployed to a server called DM Server 1.

For information about deploying jobs, services, and profiles to a Data Management Studio, see the chapters for data jobs, process jobs, and profiles in the DataFlux Data Management Studio User’s Guide.

This task is performed on the Administration riser in DataFlux Data Management Studio. The administrator for the DataFlux Authentication Server adds a user account to that server. This user account must have credentials that can be authenticated by the DataFlux Authentication Server. Later, these login credentials are added to the SAS Data Integration Studio user’s account in SAS Management Console. These login credentials enable the SAS Data Integration Studio user to list and execute the deployed objects on the DataFlux Data Management Server. The example account that is shown in the next display is for a user called disuser.

(Optional but recommended). On the DataFlux Authentication Server, create a group for SAS Data Integration Studio users. Add these users to that group. Having a group for SAS Data Integration Studio users make it easier to grant privileges to deployed objects. The example group that is shown in the next display is called SAS Data Integration Group. Note that disuser is a member of this group.

For details about adding users and groups, see the DataFlux Authentication Server User's Guide and the DataFlux Authentication Server Administrator's Guide.

This task is performed on the Data Management Servers riser in DataFlux Data Management Studio. It is performed by the administrator for the DataFlux Data Management Server where jobs, services, or profiles have been deployed. This administrator grants the appropriate users or group the general permission to list and execute deployed objects on the data management server. He or she also grants the appropriate user or group access to these specific objects.

For example, you can grant List and Execute permissions to the SAS Data Integration Group, as shown in the next display.

Next, identify the individual jobs, services, or profiles on the server that SAS Data Integration Studio users should be able to execute. Grant the appropriate user or group access to these specific objects. For example, you can grant permissions so that the SAS Data Integration Group can access Sort Emp, as shown in the next display.

For more information about these tasks, see the “Security Administration” chapter in the DataFlux Data Management Server Administrator’s Guide.

This task is performed in SAS Management Console. It is performed by the administrator who is in change of maintaining server definitions and other metadata for SAS Data Integration Studio. If the SAS Data Quality Server and the DataFlux Data Management Studio were installed on your site as part of a SAS offering, a server definition is automatically created in SAS Management Console for the DataFlux Data Management Server. An administrator should review this definition and check the following items:

This definition enables SAS Data Integration Studio to connect to the DataFlux Data Management Server. An example definition is shown in the next display.

For more information about updating or adding server definitions, see the Help for the Server Manager in SAS Management Console. See also the SAS Data Integration Studio chapter of the SAS Intelligence Platform: Desktop Administration Guide.

This task is performed in SAS Management Console by the administrator who is in change of maintaining metadata for SAS Data Integration Studio. The administrator updates the user account for the SAS Data Integration Studio user who must execute DataFlux Data Management Studio jobs and other deployed objects. Add an appropriate DataFlux Authentication Server user and login for this user, such as the disuser account that is described in Register a User on the DataFlux Authentication Server. Specify the SAS authentication domain from the HTTP Server definition above, such as the DataFluxAuth domain that is shown in the next display.

For more information about adding logins to a user definition, see the Help for the User Manager in SAS Management Console.

A user logs in to SAS Data Integration Studio as usual. If he or she tries to connect to the DataFlux Data Management Server, the HTTP Server definition for that server is accessed. Since this definition specifies the DataFluxAuth domain, the connection searches the user’s account in SAS Management Console and finds the login for that domain, and the connection is made to the DataFlux Data Management Server.

The DataFlux Data Management Server checks for the appropriate permissions, and if the appropriate permissions have been granted to this user, the job, service, or profile is executed.

After you have met the prerequisites above, you can do the following tasks: