Specifies whether a SAS/CONNECT server is authorized to access a SAS Metadata Server at server sign-on.
Client: optional
Server: optional
Valid in: Configuration file, SAS invocation, OPTIONS statement, SAS system options window
Category: Communications: Networking and Encryption
PROC OPTIONS GROUP= Communications
Requirement: Grid sign-ons or sign-ons to a SAS/CONNECT server when there is a metadata connection on the client



Syntax Description

allows a SAS/CONNECT server to access a SAS Metadata Server at server sign-on by providing a one-time supply of sign-on credentials. This option is on by default.
prevents the SAS/CONNECT server from automatically accessing the SAS Metadata Server via a one-time supply of credentials during sign-on. Instead, the SAS/CONNECT server must be a trusted peer of the SAS Metadata Server or the credentials must be hardcoded directly in the SAS code to be executed in the server session.


When a SAS/CONNECT client session has an active metadata server connection and signs on to a SAS/CONNECT server, the server is automatically given access to the SAS Metadata Server for the duration of the SAS/CONNECT server session. The client queries the SAS Metadata Server for the following credentials, which are passed to the SAS/CONNECT server:
  • SAS Metadata Server
  • SAS Metadata Server port
  • SAS Metadata Server user name
  • SAS Metadata Server password (this is a special one-time use password and not the user’s normal password)
Because these credentials are passed to the server, the server does not have to meet either of the following requirements:
  • to be a trusted peer of the SAS Metadata Server
  • to have the credentials hardcoded in the SAS program to be executed in the server session
The SAS/CONNECT server uses the temporary credentials to remain connected to the SAS Metadata Server for the duration of the server session, rather than having to make multiple connections to the SAS Metadata Server. This option offers convenience and improves security. Since the option is on by default, it is not necessary to specify CONNECTMETACONNECTION in your SAS program. However, if you want to prevent the remote server from automatically connecting to the metadata server at sign-on, you must specify the NOCONNECTMETACONNECTION in the options statement. If you do this, you can still access the metadata server, but you must explicitly specify the user ID and password in the SAS code (RSUBMIT statement).
Note: If you specify credentials using SAS system options for metadata (for example, the METASERVER= or METAPORT= system options), these values take precedence over any default values. For more information, see Overview of System Options for Metadata in SAS Language Interfaces to Metadata.


Example 1: Accessing Metadata Credentials for a Grid Execution

Here is an example of SAS code in which the CONNECTMETACONNECTION system is enabled. The grdsvc_enable() function specifies that all server sessions be enabled for a grid execution. Also, the SAS Application Server contains the definition for the logical grid server that manages the grid environment.
Note: The CONNECTMETACONNECTION option could be omitted because it is the default.
The AUTHDOMAIN= option in the LIBNAME statement specifies the name of the authentication domain, which is a metadata object that manages the credentials (user ID and password) that are associated with the specified domain. Specifying the authentication domain is a convenient way to obtain the metadata-based user credentials rather than having to explicitly supply them during server sign-on.
%put %sysfunc(grdsvc_enable(_ALL_, server=SASApp));
signon process=job1;
libname mylib oracle authdomain=defaultAuth;

Example 2: Accessing Metadata Credentials for a Server Sign-on

In this example, the CONNECTMETACONNECTION option is used with the SIGNON statement and the SERVER= option:
signon process=job1 server=SASApp;

Example 3: Supplying Explicit User Credentials for a Grid Execution

Here is an example in which NOCONNECTMETACONNECTION is used:
%put %sysfunc(grdsvc_enable(_ALL_, server=SASApp));
signon process=job1;
libname mylib oracle user=tom password=apex;
The user ID and password are explicitly specified in SAS code in order to access the SAS Metadata Repository.