Security and Authentication

To reduce Cross Site Request Forgery (CSRF) attack, a filter is used to check whether the HTTP referrer header value of an incoming request is registered in the white list that is set up during product configuration. A referrer identifies the page that caused the incoming request to be sent. If the referrer header is used but the referring address does not match any of the patterns allowed in the white list, the request is rejected with an HTTP 403 error. For more information, see SAS 9.4 Intelligence Platform Middle-Tier Administration Guide.
Note: If you encounter white list issues, from SAS Management Console navigate to Application Managementthen selectSAS Application Infrastructure, and then right-click and select Properties. On the Advanced tab, add trusted hosts to the white list. For example, the value *.example.com added to the white list allows requests originating from the example.com domain to get through.
The creation and execution of the analytical logic are tasks controlled through security. In an enterprise application, the API uses authentication supported by the SAS platform to create tickets and use them with the API. The API internally processes user roles and authorization and returns a status of 401 if the operation is not allowed for a particular user. However, it will not specify implementation or representation.
All modules are discoverable and usable by an authenticated user.