 |
|
| Setting Up Users, Groups, and Ports |
Defining Groups
| Overview of Defining Groups |
On UNIX, adding users to a group is required to assign the necessary operating system privileges to deploy and run SAS. Using a group is one method for granting the corresponding user rights needed on Windows.
This section contains the following topics:
-
Pre-installation Checklist for Groups for SAS on Windows and UNIX
-
Pre-installation Checklist for Groups for Third-Party Software
| The SAS Server Users Group (Windows) |
To deploy SAS on Windows, the user must have certain local user rights on the machine hosting the server. These rights are required before the user can start a process for a stored process server, a pooled workspace server, or a standard workspace server. One suggestion for giving a user these rights is to create a group, add users to the group, and then assign the rights to the group. (The scheduling user, lsfuser--which is required if you are scheduling reports--also must have this same right.)
Note: Not all of these user accounts will exist in every installation.
You add only those that you have created. In addition, if you are working
in a multi-machine environment and are using local groups, not all of the
users that you have created need to be included in every local group. You
need only include the users who will be authenticated by a stored process
server, pooled workspace server, or standard workspace server on a given machine.
On some machines (for example, a machine hosting middle-tier components) there
might be no need for the group at all. ![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
To set up a group, complete these steps:
-
Create a SAS server users group. This can be a local group or a group with domain scope.
-
Add the following users to the group:
-
SAS Spawned Servers account
-
SAS First User (optional account)
-
LSF User
-
any other external users that need to access a standard workspace server
Note: The SAS Deployment Wizard automatically grants the Windows user right Log on as a batch job to the SAS Spawned Servers account. If you choose to have the wizard create the optional SAS First User account in metadata, the wizard also automatically grants the Log on as a batch job Windows user right to this First User account. If Integrated Windows authentication (IWA) is implemented, this user right is not required for the SAS First User and other regular SAS users who access standard workspace servers, such as SAS Data Integration Studio or SAS Enterprise Guide users.
-
-
Finally, grant the user right Log on as a batch job to the group. For information about setting local user rights, see your Microsoft Windows documentation. If the users in the group need that right on more than one Windows machine, the right needs to be assigned specifically on each machine.
| The sas Group (UNIX) |
To deploy SAS on UNIX, you should create an operating system group and make this the primary group for the UNIX SAS Installer user. The SAS Spawned Servers account should also be made a member of the sas group. (Members of this group will be given access to certain directories and files created by the SAS Deployment Wizard.)
For information about creating groups and adding user accounts, see your UNIX documentation.
| The SASGRP Group (z/OS) |
To deploy SAS on z/OS, you should create a RACF group named SASGRP. This group is used to control access to directories and files in the configuration directory created in the HFS file system. The definition of this RACF group must include an OMVS segment and must be set as the default group for the SAS Installer and the SAS Spawned Servers account.
For information about creating groups and adding user accounts, see your IBM z/OS documentation.
| Pre-installation Checklist for Groups for SAS on Windows and UNIX |
Use the following pre-installation checklist to make sure that you have created the necessary groups to deploy and run SAS on Windows and UNIX:
Note: These checklists are superseded by more complete and up-to-date
checklists that can be found at http://support.sas.com/installcenter/plans. This Web site also contains a corresponding deployment plan
and an architectural diagram.
| Recommended Group Name | Group Members | Operating System and Purpose | Actual Group Name |
|---|---|---|---|
| SAS Server Users1 | SAS Spawned Servers account |
Windows--
Suggested method for assigning the Log on as a batch job user right to the SAS Spawned Servers account for the stored process server and pooled workspace server. |
|
|
|
SAS First User
Any other users |
Suggested method for assigning the Log on as a batch job user right to the SAS First User and any other standard workspace server users. |
|
| sas2 | SAS Installer |
UNIX--
Primary group for the SAS Installer user. Enables the SAS Deployment Wizard to create the necessary log and configuration directories required by SAS. |
|
|
|
SAS Spawned Servers account | Through group membership, grants Write permissions to the SAS Spawned Server account for modifying SAS log and configuration directories. |
|
| 1
Unless Integrated Windows authentication (IWA) is implemented, add any
other any external users accessing standard workspace servers.
2 Limit membership because this privileged group has operating system access to certain configuration files. |
|||
| Pre-installation Checklist for Groups for Third-Party Software |
Use the following pre-installation checklist to create the necessary groups to deploy and run third-party software.
Note: These checklists are superseded by more complete and up-to-date
checklists that can be found at http://support.sas.com/installcenter/plans. This Web site also contains a corresponding deployment plan
and an architectural diagram.
| Recommended Group Name | Group Members | Operating System and Purpose | Actual Group Name |
|---|---|---|---|
| SAS Server Users | Scheduling user (lsfuser) |
Windows--
Suggested method for assigning the Log on as a batch job user right to scheduling users. |
|
| sas |
SAS Installer (sas)
WebSphere Application Server Installer |
UNIX--
Suggested method for assigning required permissions to write to certain installation directories. |
|
| SASGRP |
SAS Installer (sas)
WebSphere Application Server Installer |
z/OS--
Suggested method for assigning required permissions to write to certain installation directories. |
|
| Pre-installation Checklist for Groups for SAS on z/OS |
Use the following pre-installation checklist to create the necessary groups to deploy and run SAS on z/OS:
Note: These checklists are superseded by more complete and up-to-date
checklists that can be found at http://support.sas.com/installcenter/plans. This Web site also contains a corresponding deployment plan
and an architectural diagram.
| Recommended Group Name | Group Members | Purpose(s) | Actual Group Name |
|---|---|---|---|
| SASGRP1 | SAS Installer | Default group for the SAS Installer user. |
|
|
|
SAS Spawned Servers account | Through group membership, grants write permissions to the SAS Spawned Server account for modifying SAS log and configuration directories. |
|
| 1 The definition of this RACF group must include an OMVS segment. Limit membership because this privileged group has operating system access to certain configuration files. | |||
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.