Blogs

Blogs

Addressing Multiple Authentication Accounts

0
By

In SAS Management Console, administrators have the ability to include multiple user authentication models (ie user name/pwd combinations) for a single Metadata user account in the 'Accounts' tab.


Administrators would then organize these by the Authentication Domain definition in SAS Management Console. The 'DefaultAuth' is the initial account used (unless otherwise specified in the metadata) and typically is setup for a network domain account (such as a user account in Active Directory). Other authentication domain that might be required? (These names can be changed for your use, just be consistent when applying to the component requiring this security.)

  • 'OraAuth' for an Oracle Library Connection ~ which might use a UNIX account where Oracle is estabilished
  • 'DataSrvAuth' for a test data machine ~ which might use host authentication
  • 'SQLAuth' to access SQL ~ which could have specific SQL accounts

When the SAS user connects using their network account and tries to access the Oracle data, the process follows the following basic steps:

  1. SAS authenticates them to the metadata server with the account created for the 'DefaultAuth'
  2. SAS determines whether they have the 'readmetadata' authority on the Oracle Library
  3. SAS authenticates them into the Oracle Library using the 'OraAuth' authentication domain account

When attempting to use HOST authentication on a multiple machine environment, you might need to include (depending on the setup) the other machine account for the user in their Login Tab. Otherwise, it will use the metadata server's account which doesn't exist on the second machine. If the hostname/username is required in your configuration ~ then this will be required for Host Authentication on multiple machines.

When a Library is PREASSIGNED in the SAS Metadata Server, this means that on start up of the SAS services (ie. Object Spawner), SAS uses a single account to connect to the library. This connection stays open for the duration and no authentication is being passed to the library. The authentication is only handled by the SAS Metadata Server.

Reference on Preassigning Libraries: http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/a003263450.htm

Tags business intelligence Management Console Security
Share

About Author

Angela Hall

Senior Technical Architect

Angela offers tips on using the SAS Business Intelligence solutions. She manages a team of SAS Fraud Framework implementers within the SAS Solutions On-Demand organization. Angela also has co-written two books, 'Building BI using SAS, Content Development Examples' & 'The 50 Keys to Learning SAS Stored Processes'.

Comments are closed.

Back to Top