Trusted Peer Connections between a SAS process in a Windows operating environment and a Metadata Server in a z/OS operating environment will run as public user connections. The connection will be PUBLIC regardless of whether the user ID that is associated with the Windows SAS process has a login in metadata or not.

This issue was introduced in Hot Fix E9BB40.

Hot Fix E9BB40 should not be applied in the following cases:

1. The Metadata Server is installed in a z/OS operating environment.
2. SAS processes in Windows operating environments, such as Workspaces, require Trusted Peer Connections.

After applying Hot Fix E9BB40, all Windows SAS processes connecting with a Trusted Peer Connection will have PUBLIC authorization.

Select the Hot Fix tab in this note to access the hot fix for this issue.

In additon, a program is included on the Full Code tab which will find all login user IDs and authentication domains that are available to the connecting user.

Operating System and Release Information

Product Family	Product	System	SAS Release
			Reported	Fixed*
SAS System	SAS Metadata Server	z/OS	9.1 TS1M3 SP4	9.2 TS2M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

The following code can test trusted peer connections as known users. A user contains a login in the metadata. This program runs from Windows connecting to a Z/OS server from a process running under a login that is stored in the Z/OS metadata repository and should return the logins that are associated with the person.

---

   /* Note that this program will find all login user IDs and authentication domains */
   /* that are available to the connecting user. */

options  metarepository="Foundation"  
         metaport=8561 
         metaserver=ZOSserverip 
         metaprotocol=BRIDGE;
data alllogins;
    length uri 
    authdomain 
    Login 
    uri2  
    Identity $256 
    Userid 
    password $32;

    call missing(nobj,uri,authdomain,login,password,userid,uri2,Identity);
   
       /* Determine how many logins are on this server for the current user. */ 
      
    nobj=metadata_getnobj("omsobj:Login?@Id contains '.'",1,uri);
 
       /* Iterate thru the logins objects and obtain the attributes. */
    if (nobj >0) then do n = 1 to nobj;

        nobj=metadata_getnobj("omsobj:Login?@Id contains '.'",n,uri);
        *put nobj=;   /* Number of Logins  objects found. */
        *put uri=;    /* Nth Login.    */
	if (nobj>0) then do;;
	  rc= metadata_getattr(uri, "Name", Login);
	  rc= metadata_getattr(uri, "Userid", Userid);
   
             /*Now retrieve the associated authentication domain. */
          arc=metadata_getnasn(uri,"Domain",
                               1,
                               uri2);
	  if (arc >0) then 
	    aurc = metadata_getattr(uri2, "Name", AuthDomain);

               /* Also retrieve the Identity associated to the Login. */
	    arc=metadata_getnasn(uri,"AssociatedIdentity",
                                 1,
                                 uri2);
	    aurc = metadata_getattr(uri2, "Name", Identity);
	    put Login= authDomain= userid= Identity= Name= ;
	    output;
  	  end;
    end;
    else put 'No Logins for user';
run;

A fix for SAS 9.1.3 (9.1 TS1M3) for this issue is available at:

http://www.sas.com/techsup/download/hotfix/e9_sbcs_prod_list.html#032805

---

A fix for SAS 9.1.3 (9.1 TS1M3) with Asian Language Support (DBCS) for this issue is available at:

http://www.sas.com/techsup/download/hotfix/e9_dbcs_prod_list.html#032805

---

Trusted Peer Connections are authorized as PUBLIC.

Type:	Problem Note
Priority:	medium

Date Modified:	2009-01-06 10:09:57
Date Created:	2008-07-28 16:30:28