Skip to content

platformadmin.com

Paul Homes blogging on SAS® platform administration topics

  • Home
  • Reading List
  • About / Contact
  • RSS Feed
  • LinkedIn
  • GitHub
  • LinkedIn (Metacoda)
  • YouTube (Metacoda)
platformadmin.com

Tag: Metadata Security Testing

Interesting SAS 9 Metadata Server Access Control Loggers

In my previous post on Finding Interesting SAS 9 Loggers, I highlighted 3 loggers I find useful for SAS 9 metadata access control change auditing, especially when using the new Metacoda Plug-ins 6.2 Activity Reviewer. There is also a 4th logger where you might already have trace level logging enabled, as it is configured so when you set up the SAS Environment Manager Service Architecture Audit, Performance, and Measurement (APM) component. In this post I want to go into more detail on each of those 4 loggers and explain what information they log and why I find them useful.

SAS Management Console Server Manager Logger Dialog

The loggers in question are:

  • Audit.Meta.Security.AccCtrlAdm
  • App.OMI.SecurityAdmin.SetAuthorizationsOnObj
  • App.OMI.SecurityAdmin.ApplyACTToObj
  • App.OMI.SecurityAdmin.RemoveACTFromObj

Continue reading “Interesting SAS 9 Metadata Server Access Control Loggers”

Author Paul HomesPosted on 24 October 202329 December 2024Categories GeneralTags Audit, Logging, Metacoda Plug-ins, Metacoda Security Plug-ins, Metadata Security Testing, SAS, SAS 9.4, SAS Configuration, SAS Metadata Security

Metacoda Plug-ins Tip: Replaceable Tokens

This is a tip for those who use the Metacoda Security Plug-ins Batch Interface for scheduled automation of SAS® metadata security reporting, testing and identity synchronization. You will find this tip useful if you are using the same configuration values in multiple batch configuration or Identity Sync Profile (IDSP) XML files and would like a way to specify these values in a single places rather than maintain them in multiple locations.

An enhancement that was added in Metacoda Plug-ins 6.1 R3 (Feb 2020) included Continue reading “Metacoda Plug-ins Tip: Replaceable Tokens”

Author Paul HomesPosted on 9 October 202029 December 2024Categories Metacoda Plug-insTags Identity Sync, Metacoda Plug-ins, Metacoda Plug-ins Batch Interface, Metacoda Plug-ins Tip, Metacoda Security Plug-ins, Metadata Security Testing, SAS, SAS 9.2, SAS 9.3, SAS 9.4

Following SAS GEL Security Rules with Metacoda Security Tests

If you’re responsible for managing SAS® platform security, and you haven’t seen them yet, then I’d definitely recommend reading Five papers on Recommended SAS 9.4 Security Model Design (part 1 & part 2) as published by David Stern, Principal Technical Architect from the SAS Global Enablement and Learning (GEL) team.

These papers are an excellent resource for SAS customers and partners to use when designing security for their SAS platform implementations. Having resources like these gives new administrators the opportunity to get it right early on and not have to learn from their own mistakes. I remember the early days of SAS 9.1 when the platform was new and best practices had yet to be discovered. At that time we were learning what practices worked and what didn’t through trial and error. Now, of course, we have the benefit of SAS documentation and published papers to learn from the prior experience of others. The first of these was the Danish Golden Rules as found in the SAS Global Forum 2011 Paper 376-2011 Best Practice Implementation of SAS Metadata Security at Customer Sites in Denmark by Cecily Hoffritz & Johannes Jørgensen. There’s also Angie Hedberg’s SAS Global Forum 2017 paper: Getting Started with Designing and Implementing a SAS 9.4 Metadata and File System Security Design. With the addition of the new GEL recommended practices, the pool of SAS security best practice information has been expanded further with a content rich guide that provides lots of detail, examples, explanations of the rules, and much more. It was also lovely to see Metacoda software get a mention in the GEL papers too. :)

I was fortunate to be able to meet with David at SAS when I was in the UK last week and we spoke about the GEL recommended practices and how the Metacoda Security Testing Framework could be used to help SAS customers and partners follow these practices.

It seemed like to a good time to provide a follow up to an older 2015 blog post I wrote on Testing Recommended Practices with SAS Metadata Security. That post was focused on the Danish Golden Rules, so in this post I’ll show our Metacoda Security Testing Framework can be used to help people follow the GEL rules. Continue reading “Following SAS GEL Security Rules with Metacoda Security Tests”

Author Paul HomesPosted on 13 June 201729 December 2024Categories Metacoda Security Plug-insTags Best Practices, Metacoda Security Plug-ins, Metadata Security Testing, SAS, SAS 9.2, SAS 9.3, SAS 9.4, SAS Metadata Security

Testing Conditional Grants in SAS Visual Analytics

If you use conditional grants in SAS® Visual Analytics for row level security, then you might be interested in one of the enhancements available in our recent Metacoda Plug-ins 5.0 release. This new release adds support for automated metadata security testing of the permission conditions behind conditional grants. Conditional grants, sometimes known as row-level permissions or row-level security, allow you to grant limited access to a subset of data based on an expression. If someone is in a constrained group then they only get to see the rows where the expression evaluates to true.

If you’re using conditional grants to restrict certain groups of users to specific subsets of data then you’d probably be keenly interested in making sure those conditional grants remain in place. You wouldn’t want to discover at some future time that, due to unexpected changes in the permission conditions, those groups of users have been getting much broader access to data than should have been allowed.

We’ve enhanced Metacoda Plug-ins in version 5 to help people maintain the integrity of their permission conditions in the following areas: Continue reading “Testing Conditional Grants in SAS Visual Analytics”

Author Paul HomesPosted on 8 September 201520 September 2024Categories Metacoda Security Plug-insTags Conditional Grants, Metacoda Plug-ins, Metacoda Security Plug-ins, Metadata Security Testing, Row Level Security, SAS, SAS 9.4, SAS Management Console, SAS Metadata Security, SAS Visual Analytics10 Comments on Testing Conditional Grants in SAS Visual Analytics

Testing Recommended Practices with SAS Metadata Security

If you use our Metacoda Security Testing Framework to continuously and automatically validate your SAS® platform metadata security implementations, then you’ll be interested in some new ‘recommended practice’ tests that are coming in the next release of Metacoda Plug-ins (version 5.0).

Are you are a fan of the Danish Golden Rules for SAS metadata security? Several of our new recommended practice tests can also help you enforce those rules for your SAS platform installations. The six golden rules can be found in SAS Global Forum 2011 paper 376-2011 “Best Practice Implementation of SAS® Metadata Security at Customer Sites in Denmark” by Cecily Hoffritz and Johannes Jørgensen from SAS Institute Denmark. It’s excellent paper that I often recommend to other SAS platform administrators. By following the golden rules presented in that paper you’ll find SAS metadata security much easier to understand and manage.

You might also notice that some of these recommended practice tests look like test-based alternatives to the recommend practice indicators currently available in Metacoda Security Plug-ins. These new recommended practice tests are a little bit smarter and also allow for exclusions – where you know a recommended practice is not being followed but have a good reason for doing so. While the indicators require someone to regularly look for them, the recommended practice tests can be scheduled to email an alert to someone whenever deviations from the practices are detected.

Here are some details and examples of the new recommended practices tests that will be available in Metacoda Security Plug-ins 5.0. I also point out which tests will help with enforcing the Danish Golden Rules. Continue reading “Testing Recommended Practices with SAS Metadata Security”

Author Paul HomesPosted on 16 June 201529 December 2024Categories Metacoda Security Plug-insTags Best Practices, Metacoda Plug-ins, Metacoda Security Plug-ins, Metadata Security Testing, SAS, SAS 9.2, SAS 9.3, SAS 9.4, SAS Metadata Security1 Comment on Testing Recommended Practices with SAS Metadata Security

Posts pagination

Page 1 Page 2 Next page
RSS Feed Follow me on Mastodon View my LinkedIn® profile Send me a message   Vertical separator   Visit the Metacoda web site

Metacoda - productivity through metadata visibility

Horizontal separator

Tags

  • Accounts/Logins
  • ACT
  • Active Directory
  • Base SAS
  • Best Practices
  • Blogging
  • Identity Sync
  • IWA
  • Kerberos
  • Linux
  • Logging
  • Metacoda Plug-ins
  • Metacoda Plug-ins Tip
  • Metacoda Security Plug-ins
  • Metadata API
  • Metadata Migration
  • Metadata Promotion
  • Metadata Security Testing
  • Mid-Tier
  • PAM
  • platformadmin.com
  • Roles & Capabilities
  • SAS
  • SAS 9.1
  • SAS 9.2
  • SAS 9.3
  • SAS 9.4
  • SAS Architecture
  • SAS Configuration
  • SAS Enterprise Guide
  • SAS Global Forum
  • SAS Information Delivery Portal
  • SAS Installation
  • SAS Management Console
  • SAS Metadata
  • SAS Metadata Security
  • SAS Papers
  • SAS Training
  • SAS Usage Notes
  • SAS Viya
  • SPN
  • Ubuntu
  • UNIX
  • Windows
  • Windows 2008 R2

Blog Roll [ ... and links to blog rolls]

  • [ … blogs.sas.com]
  • [ … SAS RSS Feeds]
  • NOTE: The blog of RTSL.eu
  • The SAS Dummy

Metacoda Links

  • Metacoda
  • Metacoda Security Plug-ins
  • Metacoda Support

SAS Communities

  • SAS Communities
  • Stack Overflow / SAS tag
  • Super User / SAS tag

SAS Institute Links

  • SAS
  • SAS Australia
  • SAS Customer Support

SAS User Groups

  • [ … other SAS user groups]
  • SAS Global Forum
  • SUGA

Categories

  • General
  • Guest Posts
  • Interesting SAS Usage Notes
  • Linux
  • Metacoda
  • Metacoda Custom Tasks
  • Metacoda Plug-ins
  • Metacoda Security Plug-ins
  • SAS Architecture
  • SAS Books
  • SAS Configuration
  • SAS Documentation
  • SAS Enterprise Guide
  • SAS Environment Manager
  • SAS Installation
  • SAS Management Console
  • SAS Metadata
  • SAS Metadata Security
  • SAS Open Metadata API
  • SAS Software
  • SAS Support Resources
  • SAS Training
  • SAS User Groups
  • SAS Viya
  • Solaris
  • VirtualBox
  • Windows

Archives

  • October 2023
  • September 2023
  • August 2023
  • March 2023
  • February 2023
  • March 2022
  • July 2021
  • May 2021
  • March 2021
  • October 2020
  • March 2020
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • October 2018
  • September 2018
  • August 2018
  • May 2018
  • February 2018
  • September 2017
  • August 2017
  • June 2017
  • April 2017
  • January 2017
  • July 2016
  • April 2016
  • March 2016
  • November 2015
  • September 2015
  • July 2015
  • June 2015
  • March 2015
  • February 2015
  • January 2015
  • October 2014
  • May 2014
  • March 2014
  • February 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • Home
  • Reading List
  • About / Contact
  • RSS Feed
  • LinkedIn
  • GitHub
  • LinkedIn (Metacoda)
  • YouTube (Metacoda)

Copyright © 2010-2025 Paul Homes. All rights reserved. | Legal Notices | Admin