Prerequisites for Running a Job When a DataFlux Server Is Used for Authentication

Overview

These prerequisites apply if you want to incorporate a DataFlux data job, process job, data service, or profile into the flow for a SAS Data Integration Studio job. The job, service, or profile must be deployed to a DataFlux Data Management Server. It is assumed that this server is secured with a DataFlux Authentication Server, as described in the next section.

Verify How Users Are Authenticated on the DataFlux Data Management Server

SAS Data Integration Studio can access DataFlux jobs, services, or profiles if they have been deployed to a DataFlux Data Management Server. In production environments, this server is usually secured. It can be secured with either a DataFlux Authentication Server or a SAS Metadata Server. SAS offerings that include SAS Data Integration Studio 4.8 and later typically use the SAS Metadata Server to authenticate users on a DataFlux Data Management Server. The administrator who maintains your data management environment should know which authentication method is being used to secure the server where the DataFlux jobs, services, or profiles have been deployed.
If authentication is handled by a DataFlux Authentication Server, then follow the steps in the next sections. If authentication is handled by a SAS Metadata Server, then see Prerequisites for Running a DataFlux Job or Profile in a SAS Data Integration Studio Job.

Deploy the Job, Service, or Profile

A DataFlux Data Management Studio user deploys jobs, services, or profiles to a DataFlux Data Management Server. He or she should ensure that the objects can be executed on the server and that they deliver the expected results. The next display shows a job, Sort Emp, that has been deployed to a server called DM Server 1.
Data Job Deployed to a DataFlux Data Management Server
Sort Emp Job Deployed to DM Server 1
For information about deploying jobs, services, and profiles to a Data Management Studio, see the chapters for data jobs, process jobs, and profiles in the DataFlux Data Management Studio User’s Guide.

Register a User on the DataFlux Authentication Server

This task is performed on the Administration riser in DataFlux Data Management Studio. The administrator for the DataFlux Authentication Server adds a user account to that server. This user account must have credentials that can be authenticated by the DataFlux Authentication Server. Later, these login credentials are added to the SAS Data Integration Studio user’s account in SAS Management Console. These login credentials enable the SAS Data Integration Studio user to list and execute the deployed objects on the DataFlux Data Management Server. The example account that is shown in the next display is for a user called disuser.
User Account on the DataFlux Authentication Server
Authentication Server Account for disuser
(Optional but recommended). On the DataFlux Authentication Server, create a group for SAS Data Integration Studio users. Add these users to that group. Having a group for SAS Data Integration Studio users make it easier to grant privileges to deployed objects. The example group that is shown in the next display is called SAS Data Integration Group. Note that disuser is a member of this group.
Group Account on the DataFlux Authentication Server
SAS Data Integration Group on the Authentication Server
For details about adding users and groups, see the DataFlux Authentication Server User's Guide and the DataFlux Authentication Server Administrator's Guide.

Grant Privileges on the DataFlux Data Management Server

This task is performed on the Data Management Servers riser in DataFlux Data Management Studio. It is performed by the administrator for the DataFlux Data Management Server where jobs, services, or profiles have been deployed. This administrator grants the appropriate users or group the general permission to list and execute deployed objects on the data management server. He or she also grants the appropriate user or group access to these specific objects.
Note: Both the List permission and the Execute permission must be granted to users or groups who execute jobs, services, or profiles on a DataFlux Data Management Server.
For example, you can grant List and Execute permissions to the SAS Data Integration Group, as shown in the next display.
Granting List and Execute Permissions for Jobs, Services, and Profiles
Granting List and Execute Permissions for Jobs, Services, and Profiles
Next, identify the individual jobs, services, or profiles on the server that SAS Data Integration Studio users should be able to execute. Grant the appropriate user or group access to these specific objects. For example, you can grant permissions so that the SAS Data Integration Group can access Sort Emp, as shown in the next display.
Granting Permission to Access Individual Jobs, Services, and Profiles
Grant permission to access individual objects on the Data Management Server
For more information about these tasks, see the “Security Administration” chapter in the DataFlux Data Management Server Administrator’s Guide.

Update or Add a Data Management Server Definition in SAS Management Console

This task is performed in SAS Management Console. It is performed by the administrator who is in change of maintaining server definitions and other metadata for SAS Data Integration Studio. If the SAS Data Quality Server and the DataFlux Data Management Studio were installed on your site as part of a SAS offering, a server definition is automatically created in SAS Management Console for the DataFlux Data Management Server. An administrator should review this definition and check the following items:
  • Authentication domain. This field should specify a SAS authentication domain for the DataFlux Data Management Server where the jobs, services, or profiles have been deployed. If this field specifies the default SAS domain (DefaultAuth), replace the default with a new domain for the DataFlux context, such as DataFluxAuth.
  • Other fields. The values in the other fields should be appropriate for the DataFlux Data Management Server where objects have been deployed.
This definition enables SAS Data Integration Studio to connect to the DataFlux Data Management Server. An example definition is shown in the next display.
HTTP Server Definition for the DataFlux Data Management Server
HTTP Server Definition for the DataFlux Data Management Server
For more information about updating or adding server definitions, see the Help for the Server Manager in SAS Management Console. See also the SAS Data Integration Studio chapter of the SAS Intelligence Platform: Desktop Administration Guide.

Update User Accounts in SAS Management Console

This task is performed in SAS Management Console by the administrator who is in change of maintaining metadata for SAS Data Integration Studio. The administrator updates the user account for the SAS Data Integration Studio user who must execute DataFlux Data Management Studio jobs and other deployed objects. Add an appropriate DataFlux Authentication Server user and login for this user, such as the disuser account that is described in Register a User on the DataFlux Authentication Server. Specify the SAS authentication domain from the HTTP Server definition above, such as the DataFluxAuth domain that is shown in the next display.
Add a DataFlux Authentication Server User and Login to a SAS Metadata Identity
Add a DataFlux Authentication Server User and Login to a SAS Metadata Identity
For more information about adding logins to a user definition, see the Help for the User Manager in SAS Management Console.

How the Connections Work

A user logs in to SAS Data Integration Studio as usual. If he or she tries to connect to the DataFlux Data Management Server, the HTTP Server definition for that server is accessed. Since this definition specifies the DataFluxAuth domain, the connection searches the user’s account in SAS Management Console and finds the login for that domain, and the connection is made to the DataFlux Data Management Server.
The DataFlux Data Management Server checks for the appropriate permissions, and if the appropriate permissions have been granted to this user, the job, service, or profile is executed.