When you use an application such as SAS Enterprise Guide to connect to the SAS Metadata Server, you might be denied access to the SAS Workspace Server.

SAS Enterprise Guide displays the following messages:

SAS.EG.SDS.SDSException: <?xml version="1.0"?>
<Exceptions><Exception><SASMessage severity="Error">Client 
WindowsDomain\userid does not have permission to 
use server SASApp - Workspace Server (xxxxxxxx.xxxxxxxx).</SASMessage>
</Exception></Exceptions>

The SAS Object Spawner log contains the following messages:

INFO  [00000034]userid - New client connection (12) accepted 
from server port 8591 for user userid.  Encryption level is 
Credentials using encryption algorithm SASPROPRIETARY.  Peer IP 
address and port are [::ffff:10.255.255.255]:40400.
ERROR [00000034]userid - Client userid does not have permission 
to use server SASApp - Workspace Server (xxxxxxxx.xxxxxxxx).
INFO  [00000034] sas - Client connection 12 for closed.

The problem occurs when the SAS Workspace Server host machine is configured to authenticate against a Lightweight Directory Access Protocol (LDAP) server or an Active Directory server. In addition, the UNIX user identification number (uid) is mapped as the string Windows-domain\user-ID, in which Windows-domain is the name of the domain for the LDAP or Active Directory account.

Improper parsing of the user-name string causes the user to be set as a PUBLIC user. In a typical environment in which a PUBLIC user is denied permissions to all metadata content, the user does not have metadata permission to use the Workspace Server.

To work around this issue, use one of the following methods:

• Grant PUBLIC ReadMetadata access on the physical server object that is named in the error:

  SASApp - Workspace Server

• Modify the configuration for the UNIX uid to be only the user ID portion of the domain-qualified user name.

Operating System and Release Information

A fix for this issue for Base SAS 9.21_M3 is available at: