Problem Note 40920: You are denied access to the SAS Workspace Server after you use SAS® Enterprise Guide® to connect to the SAS® Metadata Server
When you use an application such as SAS Enterprise Guide to connect to the SAS Metadata Server, you might be denied access to the SAS Workspace Server.
SAS Enterprise Guide displays the following messages:
SAS.EG.SDS.SDSException: <?xml version="1.0"?>
<Exceptions><Exception><SASMessage severity="Error">Client
WindowsDomain\userid does not have permission to
use server SASApp - Workspace Server (xxxxxxxx.xxxxxxxx).</SASMessage>
</Exception></Exceptions>
The SAS Object Spawner log contains the following messages:
INFO [00000034]userid - New client connection (12) accepted
from server port 8591 for user userid. Encryption level is
Credentials using encryption algorithm SASPROPRIETARY. Peer IP
address and port are [::ffff:10.255.255.255]:40400.
ERROR [00000034]userid - Client userid does not have permission
to use server SASApp - Workspace Server (xxxxxxxx.xxxxxxxx).
INFO [00000034] sas - Client connection 12 for closed.
The problem occurs when the SAS Workspace Server host machine is configured to authenticate against a Lightweight Directory Access Protocol (LDAP) server or an Active Directory server. In addition, the UNIX user identification number (uid) is mapped as the string Windows-domain\user-ID, in which Windows-domain is the name of the domain for the LDAP or Active Directory account.
Improper parsing of the user-name string causes the user to be set as a PUBLIC user. In a typical environment in which a PUBLIC user is denied permissions to all metadata content, the user does not have metadata permission to use the Workspace Server.
To work around this issue, use one of the following methods:
- Grant PUBLIC ReadMetadata access on the physical server object that is named in the error:
SASApp - Workspace Server
- Modify the configuration for the UNIX uid to be only the user ID portion of the domain-qualified user name.
Operating System and Release Information
SAS System | SAS Metadata Server | 64-bit Enabled HP-UX | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
64-bit Enabled AIX | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
64-bit Enabled Solaris | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
HP-UX IPF | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
Linux | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
Linux for x64 | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
Solaris for x64 | 9.21 | 9.3 | 9.2 TS2M3 | 9.3 TS1M0 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2010-09-17 15:38:20 |
Date Created: | 2010-09-16 11:27:19 |