When
using a SAS Metadata Server with the SAS Object Manager, you create
a pool by specifying a logical name that matches a logical server
name on the SAS Metadata Server.
The administrator can
associate puddles with the pooled logical server name and administer
pooling and puddle parameters by using SAS Management Console. For
more information, see the
SAS Intelligence Platform: Application
Server Administration Guide.
The authentication and
authorization checking in SAS Integration Technologies pooling enables
you to create a pool that contains connections that have been authenticated
using different user IDs. This capability allows the access to sensitive
data to be controlled on the server machine instead of the middle
tier.
Checking is performed
only in pools that were created with CreatePoolByLogicalName where
the checkCredentialsOnEachGet parameter is set to TRUE.
Authentication is performed
by using the user ID and password to authenticate a new connection
to a SAS Metadata Server. The pool is searched for a puddle whose
access group has the authenticated user as a member.
The GetPooledObject
method authenticates the user by performing the following steps:
-
Binds to the SAS Metadata
Server by using the credentials that are provided to GetPooledObject.
-
If that bind fails,
then GetPooledObject returns an error. If that bind is successful,
then it is released and is not used. The bind is connected only to
authenticate the credentials. Authorization is then performed against
the set of identities in the puddle:
-
If a match is not found, then ERROR_ACCESS_DENIED
is returned (0x80004005).
-
Otherwise, a pooled object is returned
when one becomes available.
Pooling authentication
enables credentials to be used by people who do not have permission
to read the credentials directly.