|
Security
Setting Up Additional Server Security
Depending on your security implementation, you might want to enable additional users to perform administrative functions
or allow additional users access to public interfaces on the servers. You can set up the following additional
security features for your servers and spawners:
-
Administrative Privileges (SAS Metadata Server only). The user ID that starts the metadata server has unrestricted access to all metadata on the server with no additional configuration required. (This user is called the unrestricted user). You can also enable other user IDs to have unrestricted access to the server (as an unrestricted user) or additional administrative privileges for some metadata (as an administrative user). To understand and set up unrestricted access and server administrative privileges, see
Overview of Initial Users and Groups in the
SAS Intelligence Platform: System Administration Guide
Server-level Administer Permissions (SAS Stored Process and SAS OLAP Servers only). The user who starts the server has permission to stop, pause,
and resume a server. To enable another user to stop, pause, and resume a server, grant the "Administer" permission to that user on the Authorization tab of the logical server definition (in SAS Management Console). Note that if you grant the "Administer" permission on the server definition (rather than the logical server definition), the user will not be able to administer the server.
The following image shows the "Administer" permission being set in SAS Management Console:
Anonymous Login Capability (IOM Bridge connections for multi-user servers only).
An anonymous user is a user who does not provide a user ID when connecting to the server.
You can allow or deny anonymous login credentials access to the IServerStatus interface of a multi-user IOM server (OLAP, Stored Process or SAS Metadata Server).
To allow or deny anonymous login credentials, specify "restrict" or "deny" for the
anonymousLoginPolicy option in one of the following places:
- on the Object Server Parameters field of the server definition's Advanced Options
Launch Commands tab.
- in the SAS startup command's -objectserverparms option.
For example,
anonymousLoginPolicy=deny
For details about object server parameters, see Object Server Parameters
The default for the anonymousLoginPolicy option is restrict .
|