Overview of the ISecurity Server Interface

The methods described in this section are provided in the ISecurity server interface. The methods can be used in a SAS Open Metadata Interface client that you create to request authorizations on SAS Metadata Server resources. The methods can be used to get authorizations on both metadata and on the data that is represented by the metadata.
ISecurity methods are available only through the standard interface. For more information, see Communicating with the SAS Metadata Server.
In SAS 9.3, two versions of the ISecurity server interface are supported.
  • ISecurity 1.0 enables SAS 9.1 clients to work the same way they worked in SAS 9.1. Only methods that were supported in SAS 9.1 are available in ISecurity 1.0.
  • ISecurity 1.1 provides versions of the SAS 9.1 methods that work in SAS 9.2 and later environments. SAS 9.2 introduced support for server authentication via internal user accounts as well as the traditional external user accounts. It also added security administration methods that were not available in SAS 9.1.
The following information applies to all of the ISecurity methods.
  • Errors are surfaced through the exception-handling in IOM. Each method returns a set of documented exceptions. Use TRY and CATCH logic in your Java programs to determine when an exception is returned.
  • The methods make authorization decisions based on user and access control metadata that is stored in metadata repositories. Appropriate metadata must be defined for authorization decisions to be meaningful.
    User metadata is defined by using the SAS Management Console User Manager plug-in or by extracting user and group definitions from an enterprise source with macros. For information about the plug-ins, see SAS Management Console documentation.
    Access control metadata is defined by using the SAS Management Console Authorization Manager plug-in or by using ISecurityAdmin methods. For information about ISecurityAdmin methods, see Security Administration (ISecurityAdmin Interface).
    For information about access controls supported by the SAS Open Metadata Architecture authorization facility and enterprise user import macros, see the SAS Intelligence Platform: Security Administration Guide.
  • The methods assume the calling user and any user IDs specified by the calling program have been authenticated before calling the SAS Metadata Server. A caller that is invoking ISecurity methods for itself does not have to be a trusted user. A caller that is invoking the GetCredential method for another user, or is using the credential handle obtained from GetCredentials for another user, must be a trusted user.
  • In the examples, iSecurity is an instantiation of the ISecurity interface.
Copyright © SAS Institute Inc. All rights reserved.