Problem Note 69304: SAS® Enterprise Guide® connections to SAS® Viya® that have constrained delegation configured fail to run under the trusted identity
 |  |  |  |  |
Problem:
When you are connecting to a SAS Viya 3.5 legacy SAS®9 runtime workspace server using Integrated Windows Authentication (IWA) and have constrained delegation configured, the sas.exe process does not run under the trusted identity running the SAS object spawner. This issue occurs when you use SAS Enterprise Guide 8.2 and/or 8.3 releases. This configuration is noted in the bottom section of Configure Kerberos Constrained Delegation for SAS Launcher Server and SAS Object Spawner.
Note: After constrained delegation is enabled, all SAS® Compute Server processes and all SAS® Cloud Analytic Services session processes run as the same user ID, as SAS® Launcher Server and SAS Cloud Analytic Services, respectively. The internal threads of each process impersonate the client user ID. Therefore, they have the same rights and privileges as the client user.
Solution:
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Viya | Microsoft Windows Server 2019 | 3.5 | Viya | ||
| Microsoft Windows Server 2016 | 3.5 | Viya | ||||
| Microsoft Windows Server 2012 R2 Std | 3.5 | Viya | ||||
| Microsoft Windows Server 2012 R2 Datacenter | 3.5 | Viya | ||||
Viya on Windows: An update for this issue is available for SAS Viya 3.5. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.5 for Windows Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.5&softwareContextId=softwareUpdatesWin| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2022-06-16 11:06:43 |
| Date Created: | 2022-06-15 13:51:10 |