Skip to content

platformadmin.com

Paul Homes blogging on SAS® platform administration topics

  • Home
  • Reading List
  • About / Contact
  • RSS Feed
  • LinkedIn
  • GitHub
  • LinkedIn (Metacoda)
  • YouTube (Metacoda)
platformadmin.com

Category: SAS Metadata Security

ChatGPT and SAS 9 Metadata Security

With all the news around ChatGPT lately, I thought I would see how it performed when asked questions about SAS 9 Metadata Security. This is a niche specialty with some complex rules when you get down into the details, so I was not expecting it to do very well. I was both impressed and disappointed. I was impressed with how it was quickly able to respond with confident sounding, generally correct, responses when asked high level questions on this specialized topic. I was disappointed that it provided confident sounding, incorrect, responses when asked about the details.

Here are some excerpts from my chat. It was a long chat so I have only selected some of the responses for this blog post. It’s still a long blog post though, so I will be very impressed if you make it all the way to the end!

First question:

Asking ChatGPT about SAS 9 metadata permissions

This is a good start, it mentions the SAS Metadata Server, users, groups, access control, and metadata objects, how permissions can be assigned at different levels, and how they are distinct from file system permissions. Some metadata permissions are listed, all of which do exist. I could get pedantic about Read, Write and Delete definitions but at a high level they will do. The Administer permission definition is just wrong.

Next question Continue reading “ChatGPT and SAS 9 Metadata Security”

Author Paul HomesPosted on 1 February 202329 December 2024Categories SAS Metadata SecurityTags AI, ChatGPT, OpenAI, SAS 9.4, SAS Metadata Security

New Permissions in SAS 9.4 M2: ManageCredentialsMetadata & ManageMemberMetadata

SAS® 9.4 M2 was released recently and included some new permissions related to identity administration. These new permissions are ManageMemberMetadata (MMM), for groups and roles, and ManageCredentialsMetadata (MCM), for users and groups. I found them documented in the SAS 9.4 Intelligence Platform: Security Administration Guide, Second Edition. They are listed in the Use and Enforcement of Each Permission section as follows:

ManageMemberMetadata (MMM): Change the membership of the Group and Role. Cannot change security or other account attributes.
ManageCredentialsMetadata (MCM): Manage accounts and trusted logins of User and Group. Cannot change security or other account attributes.

They also appear in the Permissions by Object Type section, where it reads:

Identity: User administration capabilities (from the Metadata Server: User Administration role) enable you to create, update, and delete users, groups, and roles. You can delegate management of an identity to someone who doesn’t have user administration capabilities by adding explicit or ACT grants of WriteMetadata permission in the identity’s authorization properties. An identity’s authorization properties have no effect on what that identity can do. You need ManageMemberMetadata permission to change the membership of the UserGroup and Role. ManageCredentialsMetadata enables you to manage accounts and trusted logins of User and UserGroup.

After some further exploration, I also saw that (unless otherwise specified) MMM and MCM follow the WriteMetadata (WM) permission on identities, just as WriteMemberMetadata (WMM) does with folders.

To provide support for these new permissions, Metacoda has just released an updated version of Metacoda Plug-ins 4.0 R2.

You can now see MMM and MCM in the Public Types Explorer:

New MCM and MMM permissions in SAS 9.4 M2

The new permissions are also visible in the various Metacoda Reviewers and Permissions Explorers. If you are using the Metadata Security Testing Framework, you can now export tests that include MMM and MCM, and run tests that check for them too.

I’d encourage all existing users of Metacoda Plug-ins to upgrade to 4.0 R2. This latest release can be downloaded after logging in from the Metacoda support page. If you’re not yet a Metacoda Plug-ins user then you might be interested in a free one month evaluation license where you can try them out in your own environment.

Author Paul HomesPosted on 16 October 201420 September 2024Categories SAS Metadata SecurityTags Metacoda Security Plug-ins, SAS 9.4, SAS Management Console, SAS Metadata Security

SAS Metadata Security Testing

SAS® Global Forum 2014 is now only a few days away, and I’m excited (and a little nervous) about presenting my paper Test for Success: Automated Testing of SAS® Metadata Security Implementations.

Update 03Apr2014: My paper is now available for download from the SAS Global Forum 2014 Online Proceedings.

SAS metadata security testing is a topic I’ve been contemplating for a long time now. For many organizations, metadata security is an important feature of the SAS platform. It enables them to control access to business resources described by the metadata and ensure their users can only use SAS applications to view and modify resources appropriate to their roles within the organization.

When metadata security is important, conducting security testing on a regular basis is important too. Regular testing allows an organization to feel confident in the security of their platform and to promptly detect deviations from a carefully crafted metadata security implementation. Many times I’ve seen accidental changes, or quick fixes, which had a detrimental impact on an installation’s metadata security. Without regular testing, Continue reading “SAS Metadata Security Testing”

Author Paul HomesPosted on 18 March 201429 December 2024Categories SAS Metadata SecurityTags Metacoda Plug-ins, Metacoda Security Plug-ins, Metadata Security Testing, SAS, SAS 9.2, SAS 9.3, SAS 9.4, SAS Global Forum, SAS Management Console, SAS Metadata Security8 Comments on SAS Metadata Security Testing

Creating a Metadata Bound Library with SAS 9.4

One of the nice enhancements in SAS® Management Console 9.4 is the addition of a point & click method for creating a Metadata Bound Library. Metadata Bound Libraries have been available since SAS 9.3 M2 but prior to SAS 9.4 you had to write proc authlib code to set one up (see this prior post for an example).

Many of the SAS platform administrators I meet have an IT admin background, not necessarily a SAS coding background, so this addition of a point & click method in SAS 9.4 will certainly make it easier for people to take advantage of metadata bound libraries. I find it makes it easier and I do have a SAS coding background. I don’t create metadata bound libraries every day, so I haven’t committed the syntax to memory yet :). Using the point & click method can be quicker than tracking down a code example.

Starting from the Folders tab in SAS Management Console 9.4, navigate to the /System/Secured Libraries folder. Right mouse click over the Secured Libraries folder and select the New and Secured Library menu items.

Starting the process of adding a SAS 9.4 Metadata Bound Library

In the New Secured Library wizard, provide a name and description for the secured library, then click the Next button. Continue reading “Creating a Metadata Bound Library with SAS 9.4”

Author Paul HomesPosted on 30 October 201320 September 2024Categories SAS Metadata SecurityTags SAS, SAS 9.4, SAS Management Console, SAS Metadata Bound Libraries, SAS Metadata Security6 Comments on Creating a Metadata Bound Library with SAS 9.4

Protecting your Metadata Protections: Part 2

Protecting your Metadata Protections: Part 2

SAS Management Console 9.3 showing default non-administrative capabilities.

In a guest post on blogs.sas.com in January, I wrote about protecting your metadata protections. In that post I said that “Ideally, a SAS® metadata security plan should address both ACT permissions and access to the Authorization Manager.” and went on to explain a method for addressing Access Control Template (ACT) permissions.

In this second part, I’ll talk about reducing access to the SAS Management Console Authorization Manager plug-in as further protection for your ACTs.

Of course, for some smaller SAS sites, and those with simple security requirements, this might be overkill. However, for other possibly larger organizations, those with potentially sensitive data/content, and perhaps those with specific regulatory requirements, it might be a necessity to implement a comprehensive metadata security implementation with multi-layered protections like these.

In the default metadata security implementations for SAS 9.3 and SAS 9.2, all SAS users have the capability to access a limited set of features in the SAS Management Console. This includes access to the Authorization Manager plug-in where any accidentally unprotected ACTs could be modified. In order to be able to take advantage of this capability, and modify an ACT, a user has to be able to fulfill all of the following requirements: Continue reading “Protecting your Metadata Protections: Part 2”

Author Paul HomesPosted on 31 March 201320 September 2024Categories SAS Metadata SecurityTags Best Practices, Metacoda Security Plug-ins, Roles & Capabilities, SAS, SAS 9.2, SAS 9.3, SAS Management Console, SAS Metadata, SAS Metadata Security

Posts pagination

Page 1 Page 2 … Page 4 Next page
RSS Feed Follow me on Mastodon View my LinkedIn® profile Send me a message   Vertical separator   Visit the Metacoda web site

Metacoda - productivity through metadata visibility

Horizontal separator

Tags

  • Accounts/Logins
  • ACT
  • Active Directory
  • Base SAS
  • Best Practices
  • Blogging
  • Identity Sync
  • IWA
  • Kerberos
  • Linux
  • Logging
  • Metacoda Plug-ins
  • Metacoda Plug-ins Tip
  • Metacoda Security Plug-ins
  • Metadata API
  • Metadata Migration
  • Metadata Promotion
  • Metadata Security Testing
  • Mid-Tier
  • PAM
  • platformadmin.com
  • Roles & Capabilities
  • SAS
  • SAS 9.1
  • SAS 9.2
  • SAS 9.3
  • SAS 9.4
  • SAS Architecture
  • SAS Configuration
  • SAS Enterprise Guide
  • SAS Global Forum
  • SAS Information Delivery Portal
  • SAS Installation
  • SAS Management Console
  • SAS Metadata
  • SAS Metadata Security
  • SAS Papers
  • SAS Training
  • SAS Usage Notes
  • SAS Viya
  • SPN
  • Ubuntu
  • UNIX
  • Windows
  • Windows 2008 R2

Blog Roll [ ... and links to blog rolls]

  • [ … blogs.sas.com]
  • [ … SAS RSS Feeds]
  • NOTE: The blog of RTSL.eu
  • The SAS Dummy

Metacoda Links

  • Metacoda
  • Metacoda Security Plug-ins
  • Metacoda Support

SAS Communities

  • SAS Communities
  • Stack Overflow / SAS tag
  • Super User / SAS tag

SAS Institute Links

  • SAS
  • SAS Australia
  • SAS Customer Support

SAS User Groups

  • [ … other SAS user groups]
  • SAS Global Forum
  • SUGA

Categories

  • General
  • Guest Posts
  • Interesting SAS Usage Notes
  • Linux
  • Metacoda
  • Metacoda Custom Tasks
  • Metacoda Plug-ins
  • Metacoda Security Plug-ins
  • SAS Architecture
  • SAS Books
  • SAS Configuration
  • SAS Documentation
  • SAS Enterprise Guide
  • SAS Environment Manager
  • SAS Installation
  • SAS Management Console
  • SAS Metadata
  • SAS Metadata Security
  • SAS Open Metadata API
  • SAS Software
  • SAS Support Resources
  • SAS Training
  • SAS User Groups
  • SAS Viya
  • Solaris
  • VirtualBox
  • Windows

Archives

  • October 2023
  • September 2023
  • August 2023
  • March 2023
  • February 2023
  • March 2022
  • July 2021
  • May 2021
  • March 2021
  • October 2020
  • March 2020
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • October 2018
  • September 2018
  • August 2018
  • May 2018
  • February 2018
  • September 2017
  • August 2017
  • June 2017
  • April 2017
  • January 2017
  • July 2016
  • April 2016
  • March 2016
  • November 2015
  • September 2015
  • July 2015
  • June 2015
  • March 2015
  • February 2015
  • January 2015
  • October 2014
  • May 2014
  • March 2014
  • February 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • Home
  • Reading List
  • About / Contact
  • RSS Feed
  • LinkedIn
  • GitHub
  • LinkedIn (Metacoda)
  • YouTube (Metacoda)

Copyright © 2010-2025 Paul Homes. All rights reserved. | Legal Notices | Admin