Problem Note 32805: Trusted Peer Connections between a SAS® process in a Windows environment and a
Metadata Server in a z/OS environment run as public user connections
Trusted Peer Connections between a SAS process in a Windows operating environment and a
Metadata Server in a z/OS operating environment will run as public user
connections. The connection will be PUBLIC regardless of whether the
user ID that is associated with the Windows SAS process has a login
in metadata or not.
This issue was introduced in Hot Fix E9BB40.
Hot Fix E9BB40 should not be applied in the following cases:
- The Metadata Server is installed in a z/OS operating environment.
- SAS processes in Windows operating environments, such as Workspaces, require Trusted Peer
Connections.
After applying Hot Fix E9BB40, all Windows SAS processes
connecting with a Trusted Peer Connection will have PUBLIC
authorization.
Select the Hot Fix tab in this note to access the hot fix for this issue.
In additon, a program is included on the Full Code tab which will find all login user IDs and authentication domains that are available to the connecting user.
Operating System and Release Information
| SAS System | SAS Metadata Server | z/OS | 9.1 TS1M3 SP4 | 9.2 TS2M0 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
The following code can test trusted peer connections as known users. A user contains a login in the metadata. This program runs from Windows connecting to a Z/OS server from a process running under a login that is stored in the Z/OS metadata repository and should return the logins that are associated with the person.
/* Note that this program will find all login user IDs and authentication domains */
/* that are available to the connecting user. */
options metarepository="Foundation"
metaport=8561
metaserver=ZOSserverip
metaprotocol=BRIDGE;
data alllogins;
length uri
authdomain
Login
uri2
Identity $256
Userid
password $32;
call missing(nobj,uri,authdomain,login,password,userid,uri2,Identity);
/* Determine how many logins are on this server for the current user. */
nobj=metadata_getnobj("omsobj:Login?@Id contains '.'",1,uri);
/* Iterate thru the logins objects and obtain the attributes. */
if (nobj >0) then do n = 1 to nobj;
nobj=metadata_getnobj("omsobj:Login?@Id contains '.'",n,uri);
*put nobj=; /* Number of Logins objects found. */
*put uri=; /* Nth Login. */
if (nobj>0) then do;;
rc= metadata_getattr(uri, "Name", Login);
rc= metadata_getattr(uri, "Userid", Userid);
/*Now retrieve the associated authentication domain. */
arc=metadata_getnasn(uri,"Domain",
1,
uri2);
if (arc >0) then
aurc = metadata_getattr(uri2, "Name", AuthDomain);
/* Also retrieve the Identity associated to the Login. */
arc=metadata_getnasn(uri,"AssociatedIdentity",
1,
uri2);
aurc = metadata_getattr(uri2, "Name", Identity);
put Login= authDomain= userid= Identity= Name= ;
output;
end;
end;
else put 'No Logins for user';
run;
Trusted Peer Connections are authorized as PUBLIC.
| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2009-01-06 10:09:57 |
| Date Created: | 2008-07-28 16:30:28 |
