SAS 9.1.3 Integration Technologies » Server Administrator's Guide

Overview of Domains
Implementing Authentication
Host Authentication
Trusted Authentication Mechanisms
Alternative Authentication Providers
Defining Users, Groups, and Logins on the SAS Metadata Server
Implementing Authentication and Authorization for Xythos WFS WebDAV
Implementing Encryption
Setting Up Additional Server Security
Planning the Workspace and Stored Process Server Security
Spawner Security
Scenario: Spawner and Load-Balancing
Pooling Security
Scenario: Pooling
Load Balancing Security
Scenario: Load-Balancing Across Two Machines
Implementing Security in Client Applications

Setting Up Additional Server Security

Depending on your security implementation, you might want to enable additional users to perform administrative functions or allow additional users access to public interfaces on the servers. You can set up the following additional security features for your servers and spawners:

  • Administrative Privileges (SAS Metadata Server only). The user ID that starts the metadata server has unrestricted access to all metadata on the server with no additional configuration required. (This user is called the unrestricted user). You can also enable other user IDs to have unrestricted access to the server (as an unrestricted user) or additional administrative privileges for some metadata (as an administrative user). To understand and set up unrestricted access and server administrative privileges, see Overview of Initial Users and Groups in the SAS Intelligence Platform: System Administration Guide

  • Server-level Administer Permissions (SAS Stored Process and SAS OLAP Servers only). The user who starts the server has permission to stop, pause, and resume a server. To enable another user to stop, pause, and resume a server, grant the "Administer" permission to that user on the Authorization tab of the logical server definition (in SAS Management Console). Note that if you grant the "Administer" permission on the server definition (rather than the logical server definition), the user will not be able to administer the server.

    The following image shows the "Administer" permission being set in SAS Management Console:

    Administer Permissions

  • Anonymous Login Capability (IOM Bridge connections for multi-user servers only). An anonymous user is a user who does not provide a user ID when connecting to the server. You can allow or deny anonymous login credentials access to the IServerStatus interface of a multi-user IOM server (OLAP, Stored Process or SAS Metadata Server). To allow or deny anonymous login credentials, specify "restrict" or "deny" for the anonymousLoginPolicy option in one of the following places:

    • on the Object Server Parameters field of the server definition's Advanced Options arrow Launch Commands tab.
    • in the SAS startup command's -objectserverparms option.

    For example,


    For details about object server parameters, see Object Server Parameters

    The default for the anonymousLoginPolicy option is restrict.