September 2018 – platformadmin.com

Metacoda Auth Domain Reviewer

Update 05Mar2019: The Metadata Auth Domain Reviewer discussed in this blog post is now available with the Metacoda Plug-ins 6.1 R1 release, and also includes a new Libraries tab based on feedback from customers during early-access testing.

One of the new Metacoda Security Plug-ins features arriving in version 6.1 is the Auth Domain Reviewer. Like the other reviewers, this plug-in is used for investigating, documenting and testing how a SAS metadata security feature has been used within a particular SAS platform deployment. When I’m reviewing metadata security for a SAS platform I like to look at it from several different perspectives and authentication domains is one of them. I like to see:

What authentication domains have been added beyond the initial DefaultAuth?
How have they been used with respect to inbound logins?
How have they been used with respect to outbound logins and providing shared credentials for database access?
How have they been used with respect to 3rd party database system connections?
Are there any unused ones, possibly added by accident, that can be cleaned up?
Are there any seemingly duplicate ones that might be consolidated?

In the past it has been time-consuming to gather this information together, so this new plug-in Continue reading “Metacoda Auth Domain Reviewer”

Checking a SAS Setinit/License in Metadata

When I apply a new SAS license (setinit) each year, sometime I forget to also update it in metadata. I might not even remember until I get an email from the SAS platform itself:

From: SAS Platform
Subject: SAS Product Expiration Notification
To: Me
Your license for SAS product name on sas.example.com has expired. Please contact your on-site SAS support personnel to obtain your updated setinit information.

“on-site SAS support personnel” … hey that’s me! I feel embarrassed that I forgot … again!

So, what if you want to be a bit more proactive and double-check whether you have an up to date SAS setinit in metadata? Continue reading “Checking a SAS Setinit/License in Metadata”

Metacoda Plug-ins Tip: User’s Group Content Admin Permissions (Identity Permissions Explorer)

This tip was prompted by a SAS Communities question which I hear from time to time, essentially “How do I find out which groups a SAS user is a Portal Group Content Administrator for?” It can be answered using the Metacoda Identity Permissions Explorer but involves a few steps so I will outline them here.

To quote the SAS® 9.4 Intelligence Platform: Web Application Administration Guide, Group Content Administrator section:

A group content administrator is a user who has WriteMetadata permission for the respective group, and the group’s Portal permission tree. A group content administrator can share personal content with the group, and can edit or remove content that has been shared with the group. (Portal administrators have WriteMetadata permission for all group permission trees that are defined in metadata.)

So, to find out which groups a user is group content admin for, we need to look for all of the group portal permission trees where the user has a grant of the WM permission. This can be done quickly and easily using the Metacoda Identity Permissions Explorer. Below is a screenshot with numbered steps where we find out which groups Aaron Atkins (demoaaron), a fictitious Business Analyst, is a Portal Group Content Administrator for. Continue reading “Metacoda Plug-ins Tip: User’s Group Content Admin Permissions (Identity Permissions Explorer)”