SAS 9.1.3 Integration Technologies » Server Administrator's Guide

Setting up a COM/DCOM Connection
Server and Client Requirements
Summary of Setup Steps
Planning Your Server Configuration Metadata
Standard Server Metadata
Creating Metadata Using SAS Management Console
Defining Servers
Modifying Servers
Custom Workspace Servers
OLAP Servers
Enabling DCOM on the Server and the Client
Configuring SAS for DCOM
Setting SAS Permissions on the Server
Default on Windows NT/2000
Per Application on Windows NT/2000
Default on Windows XP  Server 2003
Per Application on Windows XP / Server 2003
Configuring DCOM on Windows XP SP2 / Server 2003 SP1
Configuring COM/DCOM for Active Server Page Access
Accessing a Local COM IOM Server from an Active Server Page
Accessing a Remote DCOM IOM Server from an Active Server Page
Administering the Server:
Creating a Metadata Configuration File in SAS
Using ITConfig
Reference Materials
AppIDs for Configuring DCOM
Object Server Parameters
Fields for the Server Definition

Setting SAS Permissions on the Server (COM/DCOM)

Note: This topic does not apply to the following Windows environments: Windows XP Service Pack 2 and later, Windows Server 2003 Service Pack 1 and later. See Configuring DCOM on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.

On the machine where the server runs, you must identify who can access and launch the server. A client that needs services from a multi-user server, such as an OLAP server running as a Windows service, must have access permissions for that server. A client that needs a single user server, such as a workspace server, must have both access and launch permissions on the server application. These permissions are defined in terms of one or more Windows users or groups.

There are two ways to identify users and groups that have launch or access permission. One way is to define permissions that are specific to a server application. The other way is to specify them in the default permissions. The default permissions are used for server applications that do not have their own application-specific permissions. Because an arbitrary COM server could potentially have significant capabilities over the system, it is usually best to keep the default launch and access permission well restricted, for example, to Administrators and the System account. Granting access permissions to users and groups on a per-application basis allows those users to access a particular application without permitting them to use other COM servers that might be installed on the server machine.

Each particular server application has a name that is listed in DCOMCNFG. When executing as a COM server, the application identifies itself with an AppID, which is a UUID that identifies the application in the Windows registry. DCOMCNFG enables you to select the server application and update the Windows registry settings to control the security policy for that particular application. In SAS System 9, each type of IOM server has its own name, permission policy settings, and AppID. AppIDs for Configuring DCOM lists each of these.

These methods are discussed in the following sections: