SAS 9.1.3 Integration Technologies » Administrator's Guide (LDAP Version)


Setting up a COM/DCOM Server
Server and Client Requirements
Summary of Setup Steps
Metadata Overview
Creating the Metadata for a COM/DCOM Server
Using the IT Administrator Wizard
Using IT Administrator
Using a Configuration File
Configuration File Example: Minimal Configuration
Configuration File Example: Using Logical Names
Enabling DCOM on the Server and the Client
Configuring SAS for DCOM
Setting SAS Permissions on the Server
Global on Windows NT/2000
Per Application on Windows NT/2000
Global on Windows XP / Server 2003
Per Application on Windows XP / Server 2003
Configuring DCOM on Windows XP SP2 / Server 2003 SP1
Configuring COM/DCOM for Active Server Page Access
Accessing a Local COM Server from an Active Server Page
Accessing a DCOM Server from an Active Server Page
Administering the Server:
Using the IT Configuration Application
Troubleshooting
Reference Materials
AppIDs for Configuring DCOM
Object Server Parameters
Attributes for Servers
Attributes for Logical Names
COM/DCOM

Setting SAS Permissions on the Server (COM/DCOM)

Note: This topic does not apply to the following Windows environments: Windows XP Service Pack 2 and later, Windows Server 2003 Service Pack 1 and later. See Configuring DCOM on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.

On the machine where the server runs, you must identify who can access and launch the server. A client that needs services from a multi-user server, such as an OLAP server running as a Windows service, must have access permissions for that server. A client that needs a single user server, such as a workspace server, must have both access and launch permissions on the server application. These permissions are defined in terms of one or more Windows users or groups.

There are two ways to identify users and groups that have launch or access permission. One way is to define permissions that are specific to a server application. The other way is to specify them in the default permissions. The default permissions are used for server applications that do not have their own application-specific permissions. Because an arbitrary COM server could potentially have significant capabilities over the system, it is usually best to keep the default launch and access permission well restricted, for example, to Administrators and the System account. Granting access permissions to users and groups on a per-application basis allows those users to access a particular application without permitting them to use other COM servers that might be installed on the server machine.

Each particular server application has a name that is listed in DCOMCNFG. When executing as a COM server, the application identifies itself with an AppID, which is a UUID that identifies the application in the Windows registry. DCOMCNFG enables you to select the server application and update the Windows registry settings to control the security policy for that particular application. In SAS System 9, each type of IOM server has its own name, permission policy settings, and AppID. AppIDs for Configuring DCOM lists each of these.

These methods are discussed in the following sections: