Spaft 003 WM

c .
eIn
t
® titu .
SASs Platform n
Administration: I nFast t i o
Track
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t Course Notes
N
SAS® Platform Administration: Fast Track Course Notes was developed by Eric Rossland, Ray Thomas,
Christine Vitron, and Jim Wilkerson. Additional contributions were made by Anja Fischer, Marty Flis,
Diane Hatcher, Catherine Hitti, Tina Hobbs, Nancy Pipes, and James Waite. Editing and production
support was provided by the Curriculum Development and Support Department.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of
SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product
names are trademarks of their respective companies.
SAS® Platform Administration: Fast Track Course Notes

c .
In
Copyright © 2010 SAS Institute Inc. Cary, NC, USA. All rights reserved. Printed in the United States of
America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in
e
u t
any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written
permission of the publisher, SAS Institute Inc.
t
t i .
Book code E1867, course code SPAFT, prepared date 07Sep2010.
s n
SPAFT_003
I n t i o ISBN 978-1-60764-782-9
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
For Your Information iii
Table of Contents
Course Description .................................................................................................................... viii
Prerequisites ................................................................................................................................ ix
Chapter 1 Reviewing the Platform for SAS® Business Analytics ...................... 1-1
c .
1.1 Exploring the Platform for SAS Business Analytics Overview ....................................... 1-3
e In
t u t
Exercises.................................................................................................................. 1-13
1.2
s i
Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier ............................... 1-14
t n .
Exercises.................................................................................................................. 1-21
1.3
I n t i o
Solutions to Exercises .................................................................................................... 1-25
Chapter 2
S
A tri b u
Administering the SAS® Environment ................................................ 2-1
t S s
2.1
i g d i
Overview of Administration Tasks................................................................................... 2-3
h Exercises.................................................................................................................. 2-11
2.2
y r r e
o p
Chapter 3
f o r Determining the State of the SAS® Environment ............................... 3-1
C 3.1
o t
Checking the State of SAS Servers .................................................................................. 3-3
N Demonstration: Checking the State of the SAS Servers ........................................... 3-9

Exercises.................................................................................................................. 3-14
3.2 Exploring the Metadata Server and Repositories ........................................................... 3-17

Demonstration: Identifying Metadata Server and Repository Access State............ 3-24
Exercises.................................................................................................................. 3-39
3.3 Troubleshooting the Metadata Server ............................................................................ 3-43

Demonstration: Exploring the Metadata Server’s Configuration Directory ........... 3-47
Demonstration: Troubleshooting the Metadata ....................................................... 3-53
Exercises.................................................................................................................. 3-58
iv For Your Information
3.4 Solutions to Exercises .................................................................................................... 3-59
Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers ............... 4-1
4.1 Overview of SAS Server Types ....................................................................................... 4-3

Exercises.................................................................................................................. 4-17
4.2 Monitoring SAS Servers and Spawners ......................................................................... 4-20
c .
Demonstration: Validating and Pausing the Metadata Server ................................. 4-24
e
Demonstration: Monitoring the Object Spawner .................................................... 4-36 In
u t
Exercises.................................................................................................................. 4-42
t
4.3
t i .
Logging SAS Servers and Spawners ............................................................................. 4-45
s n
I n t i o
Exercises.................................................................................................................. 4-56
4.4
S u
Troubleshooting SAS Servers ........................................................................................ 4-60
A tri b
Demonstration: Using the SAS Deployment Manager ........................................... 4-65
4.5
t S s
i g h d i
r
Chapter 5
y r e
Backing Up the SAS® Environment .................................................... 5-1
o p
5.1
f o r
Backing Up Metadata with the Backup Wizard ............................................................... 5-3
Demonstration: Backing Up Metadata with the SAS Management Console
C o t Backup Wizard .............................................................................. 5-12
5.2
N Exercises.................................................................................................................. 5-27
Exploring OMABAKUP ................................................................................................ 5-29

Demonstration: Exploring OMABAKUP ............................................................... 5-37
Exercises.................................................................................................................. 5-41
5.3 Scheduling Backups ....................................................................................................... 5-42

Demonstration: Modifying the SASMeta DATA Step Batch Server....................... 5-45
Exercises.................................................................................................................. 5-47
5.4 Backing Up Physical Files ............................................................................................. 5-49

Demonstration: Locating Additional Content to Backup ........................................ 5-54
For Your Information v
Chapter 6 Administering Client Applications ...................................................... 6-1
6.1 Exploring Connection Profiles......................................................................................... 6-3

Demonstration: Exploring Connection Profiles ........................................................ 6-7
Exercises.................................................................................................................. 6-13
c .
In
Demonstration: Connection Profile for SAS Enterprise Guide and the SAS
Add-In for Microsoft Office .......................................................... 6-16
t e
Exercises.................................................................................................................. 6-20
u
6.2
i t
Using Roles to Control Access to Application Functionality ........................................ 6-22
t .
I s i o n
Demonstration: Identifying Roles in SAS Management Console ........................... 6-35
n
Exercises.................................................................................................................. 6-39
6.3
S u t
Exploring SAS Folders .................................................................................................. 6-41
S A tri b
Demonstration: Exploring Folders .......................................................................... 6-51
t s
Exercises.................................................................................................................. 6-56
h i
6.4
r i g e d
r
p y
Chapter 7
o r Administering Users ............................................................................ 7-1
C o7.1
t f
Defining Regular Users and Groups ................................................................................ 7-3
7.2N o Exercises.................................................................................................................. 7-19
Defining Administrative Users....................................................................................... 7-21

Demonstration: Exploring Administrative Functionality ....................................... 7-30
Exercises.................................................................................................................. 7-31
7.3 Giving Users Access to Servers ..................................................................................... 7-33

Exercises.................................................................................................................. 7-44
Chapter 8 Administering Data Access ................................................................. 8-1
8.1 Registering Libraries and Tables in the Metadata ............................................................ 8-3

vi For Your Information
Demonstration: Registering SAS Library and Table Metadata ................................. 8-9

Exercises.................................................................................................................. 8-19
8.2 Updating Table Metadata ............................................................................................... 8-24

Exercises.................................................................................................................. 8-31
8.3 Pre-Assigning Libraries ................................................................................................. 8-32
c
Exercises.................................................................................................................. 8-37 .
8.4 Troubleshooting Data Access......................................................................................... 8-38
e In
8.5
u t
t
Chapter 9
s t i n .
Securing Metadata ................................................................................ 9-1
9.1
I n t i o
Introduction to Metadata Security ................................................................................... 9-3
S
A tri b u
Demonstration: Identifying the ACT Applied to an Item and Effective
Permissions.................................................................................... 9-14
t S
Exercises.................................................................................................................. 9-19
s
9.2
g h d i
Exploring Metadata Permissions ................................................................................... 9-21
i
y r r e
Demonstration: Identifying Applicable Permissions............................................... 9-25
o p f o r
Exercises.................................................................................................................. 9-28
C 9.3
o t
Exploring Predefined ACTs ........................................................................................... 9-30
Exercises.................................................................................................................. 9-34
9.4N Securing Content in the Folder Tree .............................................................................. 9-36

Exercises.................................................................................................................. 9-46
9.5 Securing Content outside the Folder Tree ...................................................................... 9-53

Exercises.................................................................................................................. 9-56
9.6 Creating Additional ACTs .............................................................................................. 9-57

Exercises.................................................................................................................. 9-67

For Your Information vii
Chapter 10 Moving Metadata................................................................................. 10-1
10.1 Promoting Selected Content .......................................................................................... 10-3

Demonstration: Promoting Content ...................................................................... 10-11
Exercises................................................................................................................ 10-38
10.2 Solutions to Exercises .................................................................................................. 10-39
c .
Chapter 11 Updating the SAS® Environment....................................................... 11-1
e In
t u t
11.1 Applying Hot Fixes to Your SAS Environment ............................................................. 11-3
Demonstration: Exploring the SAS Technical Support Web Site ........................... 11-7
Chapter 12
s t i n .
Learning More ..................................................................................... 12-1
I n t i o
12.1 SAS Resources ............................................................................................................... 12-3
S
A tri b u
12.2 Beyond This Course ....................................................................................................... 12-6
t S s
Appendix A
i g h d i
Index ..................................................................................................... A-1
y r r e
o p f o r
C o t
N
viii For Your Information
Course Description
This intensive training course provides accelerated learning for those students who will administer the
platform for SAS Business Analytics. This course is for individuals who are comfortable with learning
large amounts of information in a short period of time. The SAS® Platform Administration 1: Essentials,
SAS® Platform Administration 2: Security, and SAS® Platform Administration 3: Advanced courses are
available to provide the same type of information in a more detailed approach over a longer period of
time.
c .
To learn more…
e In
t u t
For information on other courses in the curriculum, contact the SAS Education
t i
Division at 1-800-333-7660, or send e-mail to training@sas.com. You can also
.
find this information on the Web at support.sas.com/training/ as well as in the
s n
Training Course Catalog.
I n t i o
S
A tri b u
For a list of other SAS books that relate to the topics covered in this
Course Notes, USA customers can contact our SAS Publishing Department at
t S s
1-800-727-3228 or send e-mail to sasbook@sas.com. Customers outside the
USA, please contact your local SAS office.
i g h d i Also, see the Publications Catalog on the Web at support.sas.com/pubs for a
y r r e complete list of books and a convenient order form.
o p f o r
C o t
N
For Your Information ix
Prerequisites
Before attending this course, you should complete SAS® Platform Administration: Getting Started or have
equivalent experience.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
x For Your Information
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 1 Reviewing the Platform
®
for SAS Business Analytics
1.1 Exploring the Platform for SAS Business Analytics Overview .................................. 1-3
c .
In
Exercises .............................................................................................................................. 1-13
e
1.2
t
Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier ............................ 1-14
t u
s i
Exercises .............................................................................................................................. 1-21
t n .
1.3
I n
Solutions to Exercises ................................................................................................. 1-25
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1-2 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.1 Exploring the Platform for SAS Business Analytics Overview 1-3
1.1 Exploring the Platform for SAS Business Analytics

Overview
Objectives
Define the architecture of the platform
.

for SAS Business Analytics.
Describe the platform administrator role.
Identify the platform administrator tasks.
In c

t e
Examine how to secure a SAS platform configuration.
u
t i t .
I n s i o n
S u t
S A tri b
t
3
s
3
i g h d i
y r e
Platform for SAS Business Analytics
r
o p r
The platform for SAS Business Analytics is enterprise
o
software with components that exist on multiple machines
f
throughout the organization.
C o t
N
4
4
The platform for SAS Business Analytics is also known as the

SAS Enterprise Intelligence Platform and the SAS Intelligence Platform.
SAS Platform Architecture

The platform for SAS
Business Analytics
consists of
a multiple-tier
environment that is
typically represented
by the following:
c .
In
client tier
middle tier
server tier
data tier
u t e
t i t .
5
I n s i o n
t
5
S
A tri b
u
t S
A suite of desktop
s
i g h
applications …
d i
y r r e
o p f o r
C o t
N
6
6 ...

… and Web
applications …
c .
e In
t u t
s t i n .
7
7
I n t i o ...
S
A tri b
u
t S s
i g h d i
y r r e
o p f o r
C o t
… connect to
N
server
processes
in order to execute
code …
8
8 ...
c .
e
… and access
In
t u t enterprise data
sources.
s t i n .
9
9
I n t i o ...
S
A tri b
u
t S s
i g h d i
y r r
The applicationse
o p on a common,
f
integrated
r
and servers rely
o
C t
metadata
o
environment.
N
10
1
0
Platform Administrator
Platform administrators install, configure,
administer, and maintain the platform for
SAS Business Analytics.
The software and applications primarily used by

platform administrators include the following:
the SAS platform
c .
SAS Management Console
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri b u
To learn how to install and configure the software, refer to:
• Installing and Configuring the SAS® Intelligence Platform course
t S
• SAS® 9.2 Intelligence Platform: Installation and Configuration Guide
s
i g h d i
y r r e
Platform Administrator Tasks
o p o r
This course covers administrative tasks that need
to be performed after the initial installation and
f
configuration of the software.
C o t
The tasks include the following:
secure the SAS configuration on each server machine
N check status and operate servers
monitor server activity and administer logging
establish formal, regularly scheduled backup process
add users and manage access
establish connectivity to data sources
set up your metadata folder structure
administer repositories and move metadata
12
1
2
Securing a SAS Configuration

The SAS configuration directory on each server machine
must be protected by operating system controls. These
controls prevent inappropriate access to the following:
metadata repository data sets
server scripts
server logs
c .
In
configuration files
u t e
t i t .
13
I n s i o n
t
1
3
S
A tri b u
Securing a SAS Configuration – Windows
t S s
On Windows, all of the configuration directories, files,
i g h
installation.
d i
and scripts are owned by the user who performed the
y r r e
It is recommended that you set additional operating
o p f o r
system permissions.
C o t
N
14
1
4
These recommendations assume that your SAS servers and spawners run as services under the
Local System account. If servers and spawners run under a different account, then grant that account
the permissions that are recommended for SYSTEM.
Directories Recommended Permissions for Windows

• Documents • SYSTEM and Administrators: Full Control
• ReportBatch • All other users: List Folder Contents, Read
• SAS-configuration-directory and its subdirectory
Lev1
c .
In
• SASApp
• SASMeta
• Utilities
• Web
u t e
t i t
• SASApp subdirectories ConnectServer\Logs,
.
• SYSTEM, Administrators, and SAS Spawned
Data\wrsdist, Data\wrstemp,
PooledWorkspaceServer\Logs,
I n s
PooledWorkspaceServer\sasuser,
i o n
Servers (sassrv): Full Control
StoredProcessServer\Logs,
S
StoredProcessServer\sasuser, and
u t
A tri
WorkspaceServer\Logs
S
• SASMeta\WorkspaceServer\Logs b
h t i s
• SASApp\PooledWorkspaceServer • SYSTEM, Administrators, and SAS Spawned
Servers (sassrv): Full Control
r i g r e d
• SASApp\StoredProcessServer
• Remove all other users and groups
•
•
p y
ConnectSpawner
Logs
o r
• SYSTEM and Administrators: Full Control
C o
•
•
t f
ObjectSpawner
SASApp\OLAPServer
•
•
N o
SASMeta\MetadataServer
SASTS
• ShareServer
sasv9_meta.cfg file • SYSTEM and Administrators: Read and Write

If you selected the customer installation option to place all of your log files in a single directory, then you
will need to grant the SAS Spawned Servers (sassrv) user Full Control of the central log destination.
If you enable logging for a standard workspace server, then you will need to grant all users of the
workspace server Full Control of the log directory.
Securing a SAS Configuration – UNIX and z/OS

On UNIX and z/OS systems, the SAS Deployment Wizard
automatically applies the appropriate permissions.
c .
e In
t u t
s t i n .
1
5
15
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Directories Default Permissions for UNIX and z/OS

• Documents • SAS Installer: Read, Write, and Execute
• ReportBatch • All other users: Read and Execute
• SAS-configuration-directory and its subdirectory
Lev1
• SASApp
• SASMeta
• Utilities
c .
• Web
e
• SASApp subdirectories ConnectServer/Logs, • SAS Installer: Read, Write, and Execute In
Data/wrsdist, Data/wrstemp,
PooledWorkspaceServer/Logs,
t u t • sas group: Read, Write, and Execute

PooledWorkspaceServer/sasuser,
StoredProcessServer/Logs,
s t i
StoredProcessServer/sasuser, and
n .
WorkspaceServer/Logs
I n
• SASMeta/WorkspaceServer/Logs
t i o
S
• SASApp/PooledWorkspaceServer
A tri b u • SAS Installer: Read, Write, and Execute
•
t S
• SASApp/StoredProcessServer
ConnectSpawner
s
• sas group: Read and Execute
• SAS Installer: Read, Write, and Execute
•
•
Logs
i g h
ObjectSpawner
d i • All other users: no access
•
r r e
SASApp/OLAPServer
y
•
o
• p SASTS
f o r
SASMeta/MetadataServer
C •
t
ShareServer
o
• sasv9_meta.cfg file • SAS Installer: Read and Write
N • All other users: no access
If you selected the customer installation option to place all of your log files in a single directory, then you
will need to grant the SAS Spawned Servers (sassrv) user Full Control of the central log destination.
If you enable logging for a standard workspace server, then you will need to grant all users of the
workspace server Read, Write, and Execute permission to the log directory.
Access Required for Metadata Backups

In addition, the user who backs up the metadata server
must have full access to the MetadataServer folder and
certain subdirectories.
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
1. Identifying the Folder Owner

a. Use Windows Explorer to navigate to C:\SAS.
b. Right-click SAS and select Properties. Select the Security tab Ö Advanced Ö Owner.
c .
c. Who is the owner of the SAS folder?
e In
SASApp?
t u t
d. Locate the SASApp subfolder. How is it secured by default? What subfolders are located under
t i .
e. Locate the SASMeta subfolder. How is it secured by default? What subfolders are located under
SASMeta?
s n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and
Data Tier
Objectives
Explore the different tiers of the SAS platform.
.

Define the common job roles.
Describe the SAS platform applications used for
data integration, reporting, and analysis.
In c
u t e
t i t .
I n s i o n
S u t
S A tri b
t
19
s
1
9
i g h d i
y r e
Exploring the Client Tier
r
o p r
Users at all different skill levels have access to data and
o
information through interfaces targeted for specific job
f
roles including:
C o t
BI Applications Developer
N BI Content Developer
Business User
Data Integration Developer
20
2
0
These job roles are used by SAS Education to organize training by similar functionality based
on common job tasks. These job roles are different than the SAS metadata roles.
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier 1-15
BI applications developers are responsible
for building, implementing, and customizing
applications.
The software and applications that are used

most frequently by BI applications developers
include the following:
c .
In
SAS AppDev Studio
SAS/AF
SAS/IntrNet
u t e
t i t .
21
I n s i o n
t
2
1
S
A tri
BI Content Developer b u
t S s
BI content developers understand not only
i g h d i
their organization's data, but also the
applications they need to create reports and
y r r e
analyses for themselves and others
in their organization.
o p f o r
The software and applications primarily used
C o t
by BI content developers include the following:
SAS BI Dashboard
N SAS Enterprise Guide
SAS Information Map Studio
SAS OLAP Cube Studio/SAS OLAP Server
SAS Stored Processes
SAS Visual BI
22
2
2
OLAP – online analytical processing.
SAS Visual BI, powered by JMP software.

Business User
Business users use existing information
as well as create their own reports and analyses
using point-and-click applications.
The software and applications primarily used

by business users include the following:
SAS Add-In for Microsoft Office
c .
SAS Information Delivery Portal
SAS Web Report Studio
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri b
u
t S s
Data integration developers collect, store, and
i g h
analysis.
d i
cleanse data in preparation for reporting and
y r r e
The software and applications primarily used by
o p f o r
data integration developer include the following:
SAS Data Integration Studio
C o t
SAS Data Quality Solution
SAS Scalable Performance Data Server
N
24
2
4
SAS Platform Applications by Job Role

Platform Data Integration BI Content Business User BI Applications
Administrator Developer Developer Developer
.
SAS SAS
Enterprise Guide Enterprise Guide
c
SAS Information SAS Information
Map Studio Map Studio
In
SAS BI Dashboard SAS BI
Dashboard
SAS OLAP Cube Studio
SAS Visual BI
SAS
AppDev Studio
u t e SAS Visual BI
SAS
AppDev Studio
t
SAS Data SAS Data
i
Integration Studio Integration Studio
t .
DataFlux DataFlux
dfPower Studio dfPower Studio
s
SAS
n
Management Console
2
5
25
I n t i o
SAS Add-In for
Microsoft Office S
A tri b u The SAS Add-In for Microsoft Office enables business users to
transparently leverage the power of SAS analytics, reporting, and data
t S s
access directly from Microsoft Office via integrated menus and toolbars.
SAS AppDev
i g h
Studio Eclipse
d i SAS AppDev Studio is a comprehensive, stand-alone development
environment for developing, deploying, and maintaining a wide variety of
r
Plug-Ins
y r e applications that leverage the full power of SAS.
o p
SAS BI Dashboard
f o r SAS BI Dashboard is a point-and-click dashboard development application

that enables the creation of dashboards from a variety of data sources to
C o t surface information visually.
N
SAS Data
Integration Studio
SAS Data Integration Studio enables a data warehouse developer to create
and manage metadata objects that define sources, targets, and the sequence
of steps for the extraction, transformation, and loading of data.
SAS Enterprise SAS Enterprise Guide provides a guided mechanism to exploit the power
Guide of SAS and publish dynamic results throughout the organization. SAS
Enterprise Guide can also be used for traditional SAS programming.
SAS Information The SAS Information Delivery Portal is a Web application that can surface
Delivery Portal the different types of business analytic content such as information maps,
stored processes, and reports.
SAS Information SAS Information Map Studio is used to build information maps, which
Map Studio shield business users from the complexities of the underlying data by
organizing and referencing data in business terms.
SAS Management SAS Management Console provides a single interface for administrators to
Console manage the metadata and servers in the SAS platform. Specific
administrative tasks are supported by plug-ins to the SAS Management
Console.
SAS OLAP Cube SAS OLAP Cube Studio is used to create OLAP cubes, which are
Studio multidimensional structures of summarized data. The Cube Designer
provides a point-and-click interface for cube creation.
c .
In
SAS Visual BI SAS Visual BI, powered by JMP software, provides dynamic business
(JMP) visualization, enabling business users to interactively explore ideas and
t e
information, investigate patterns, and discover previously hidden facts
through visual queries.
u
SAS Web Report
t i t .
SAS Web Report Studio provides intuitive and efficient access to query and
Studio
I n s i o n
reporting capabilities on the Web.
DataFlux
dfPower Studio
S t
dfPower Studio from DataFlux (a SAS company) combines advanced data-
profiling capabilities with proven data quality, integration, and
u
augmentation tools for incorporating data quality into a data collection and
S A tri b
management process.
h t i s
r i g r e d
p y o r
C o t f
N o
Exploring the Middle Tier

The SAS Web applications are installed and execute
in one of the following Web application servers:
JBoss
WebLogic
WebSphere
c .
e In
t u t
s t i n .
2
6
26
I n t i o
S
A tri b
Exploring the Server Tier
u
t S s
The server tier consists of one or more machines where
i g h d i
the SAS servers are installed and accessed by the SAS
platform applications. Different types of SAS servers
y r r e
include those below:
o p o r
SAS Metadata Server
SAS Workspace Server
f
SAS Stored Process Server
C o t
SAS OLAP Server
N
27
2
7
SAS Metadata Server

SAS Metadata Server manages the metadata that
describes the location and structure of the SAS platform:
server definitions
data definitions
users and groups
security settings
c .
In
business intelligence content
u t e
t i t .
28
I n s i o n
t
2
8
S
A tri b
Exploring the Data Tier
u
t S s
The data tier contains the enterprise data sources, which
i g h d i
might be in one or more of the following formats:
SAS data sets
y r r e
RDBMS tables
o p f o r
OLAP cubes
SAS SPD Server files
C o t
ERP data structures
N
29
2
9
Exercises
2. Diagramming the SAS Environment

a. Which of the following four diagrams most closely matches the classroom environment?
b. Which of the following four diagrams most closely matches your environment? If no diagram
c .
In
matches your environment exactly, what would you need to modify about the diagram?
Plan 1
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i
Plan 2 g r e d
p y o r
C o t f
N o
Plan 3
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Plan 4
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. What user types do you have at your site?
SAS Education Job Role Job Role at Your Site
Business Analyst
Business User
c .
e In
t
3. SAS Management Console Plug-Ins and the Tiers
t i t u
a. Select Start Ö All Programs Ö SAS Ö SAS Management Console 9.2.
.
b. Log on using the following credentials:
User name: Ahmed
I n s i o n
Password: Student1
S u t
S A tri b
c. Click the Plug-ins tab. Which plug-ins contain information for each tier?
Logical Tier SAS Management Console Plug-in
h t
Server Tier
i s
r i g r e d
p y r
Middle Tier
o
C o t f
Data Tier
N o Client Tier
Hint: For information about a particular plug-in, select the plug-in and select Help Ö
Help on plug-in….
1.3 Solutions to Exercises 1-25
1.3 Solutions to Exercises

1. Identifying the Folder Owner
a. Use Windows Explorer to navigate to C:\SAS.
b. Right-click SAS and select Properties.
1) On the Security tab, select Advanced.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click the Owner tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c. Who is the owner of the SAS folder?
C o t
Administrators (SASBI\Administrators)
N
d. Locate the SASApp subfolder. How is it secured by default? What subfolders are located under
SASApp?
1) Use Windows Explorer to navigate to C:\SAS\Config\Lev1. Right-click SASApp and
select Properties.
2) Click the Security tab. Select each group and user name to see the permissions.
The following permissions were granted to LOCALHOST\Administrators, SYSTEM,
and LOCALHOST\Users: Full Control, Modify, Read & Execute, List Folder Contents,
Read, and Write.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Locate the SASMeta subfolder. How is it secured by default? What subfolders are located under
SASMeta?
1) Use Windows Explorer to navigate to C:\SAS\Config\Lev1. Right-click SASMeta and
select Properties.
2) Click the Security tab. Select each group and user name to see the permissions.
The following permissions were granted to LOCALHOST\Administrators, SYSTEM,
and LOCALHOST\Users: Full Control, Modify, Read & Execute, List Folder Contents,
Read, and Write.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2. Diagramming the SAS Environment

a. Which of the following four diagrams most closely matches the classroom environment?
Plan 1
c .
e In
t u t
s t i n .
I n t i o
b. Which of the following four diagrams most closely matches your environment? If no diagram
S
matches your environment exactly, what would you need to modify about the diagram?
A tri b u
c. What user types do you have at your site?
t S SAS Education Job Role
s
Job Role at Your Site
i g h d i
y r e
r
o p f o r
Business Analyst
Business User
C o t
N
3. SAS Management Console Plug-Ins and the Tiers

a. Select Start Ö All Programs Ö SAS Ö SAS Management Console 9.2.
b. Type Ahmed as the user ID and Student1 as the password.
c. Click the Plug-ins tab. Which plug-ins contain information for each tier?
Logical Tier SAS Management Console Plug-in
Server Tier Server Manager
c .
Middle Tier
e
Foundation Services Manager
Server Manager In
t u t Configuration Manager
Data Tier
s t i n . Data Library Manager
Client Tier I n t i o
Server Manager
Authorization Manager
S
A tri b u User Manager
t S s
i g h d i
y r r e
o p f o r
C o t
N
®
Chapter 2 Administering the SAS
Environment
2.1 Overview of Administration Tasks ................................................................................ 2-3

c .
In
Exercises .............................................................................................................................. 2-11
e
2.2
t
t u
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2-2 Chapter 2 Administering the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2.1 Overview of Administration Tasks 2-3
2.1 Overview of Administration Tasks
Objectives
Explore the platform administrator tasks.
c .
e In
t u t
s t i n .
I n t i o
2 S
A tri b u
S
2
h t i s
r i g r e d
Platform Administrator Tasks (Review)
This course covers administrative tasks that need
p y o r
to be performed after the initial installation and
configuration of the software.
C o t f
The tasks include the following:
secure the SAS configuration on each server machine
N o check status and operate servers
monitor server activity and administer logging
establish formal, regularly scheduled backup process
add users and manage access
establish connectivity to data sources
set up your metadata folder structure
administer repositories and move metadata
3
3
Securing a SAS Configuration (Review)

The configuration directory on each server machine must
be protected by operating system controls. These controls
prevent inappropriate access to the following:
metadata repository data sets
server scripts
server logs
c .
In
configuration files
u t e
t i t .
4
I n s i o n
t
4
S
A tri b u
Checking the Status and Operating Servers
t S s
SAS provides a number of tools you can use to determine
i g h d i
the status and operate your servers and spawners
including these two:
y r r e
o p f o r
scripts
C o t
N
5
5
The term server refers to a program or programs that wait for and fulfill requests from client programs for
data or services. Server does not necessarily refer to a specific computer because a single computer can
host one or more servers of various types.
Monitoring Server Activity

and Administering Logging
To monitor the activity of your servers and spawners,
you can use the following:
third-party monitoring tools
Each server has a logging configuration file that controls

c .
In
the destination, contents, and format of the log for that
server.
u t e
t i t .
6
I n s i o n
t
6
S
A tri b
products to monitor SAS servers: u
In addition to SAS Management Console, you can use the following enterprise systems management
• HP Openview
t S
• BMC Performance Manager
s
• Hobbit
i g h d i
• IBM Tivoli
y r r e
• Microsoft Operations Manager
p o r
The servers and spawners use a standard logging facility that supports problem diagnosis and resolution,
o f
performance and capacity management, and auditing and regulatory compliance.
C o t
N
Establishing a Backup Process

To ensure the integrity of your installation, you should
establish a formal, regularly scheduled backup process
including the following items:
metadata
c .
In
configuration files
data
u t e
other content
t i t .
7
I n s i o n
t
7
S
A tri b u
It is important to back up all of the following items at the same time so that related information is
synchronized if a restore becomes necessary:
t S
• your metadata repositories, the repository manager, the metadata journal file, and the metadata server’s
configuration files
s
i g h d i
• physical content that is stored in files, databases, and WebDAV
y r r e
o p f o r
C o t
N
Metadata Security
Setting security in the metadata occurs in conjunction
with several administrator tasks:
adding users and managing access
establishing connectivity to data sources
setting up your metadata folder structure
c .
In
It is important to plan security for your
environment before implementing it.
u t e
t i t .
8
I n s i o n
t
8
S
A tri b u
For example, before creating users and groups in the metadata, you should do the following:
• review the users and groups in your environment
t S
• identify how they will use SAS
s
i g d i
• identify security requirements of your organization
h
y r r e
Adding Users and Managing Access
o p o r
In order to make access distinctions and track user
f
activity, create SAS identities for your users.
C o t
N
9
9
To establish a unique identity for a user, you must create a SAS copy of a unique account ID.
All of a user’s metadata group memberships, role memberships, and permissions are tied
to the user’s SAS identity.
Establishing Connectivity to Data Sources

In order to make data available to most SAS applications,
you need to register data sources in the metadata
including those listed below:
SAS data sets
RDBMS tables
c .
OLAP cubes
e In
t u t XML files
s t i n .
1
0
10
I n t i o
• Excel files S
A tri b u
Other file types that you can establish connectivity to include the following:
• flat files
t S s
• SAS Information Maps
g h d i
• Scalable Performance Data files
i
r
• ERP systems
y r e
o p f o r
C o t
N
Setting Up Your Metadata Folder Structure

The SAS applications use a hierarchy of SAS folders to
store metadata including the folders shown below:
Libraries
Tables
OLAP cubes
Jobs
c .
In
Information maps
Stored processes
Reports
u t e
t i t .
11
I n s i o n
t
1
1
S
A tri b u
When you install SAS, a set of default SAS folders is created. Within this overall structure you can create
a customized folder structure that meets the information arrangement, data sharing, and security
t S
requirements of your organization.
s
The structure separates different types of content, including the following:
h d i
• personal folders for individual users
i g
y r r e
• shared folders for shared content
• product-specific content
o p f o r
• system information for administrators
C o t
N
Administering Repositories
and Moving Metadata
As an administrator, you might need to do some of the
following to metadata repositories in your environment:
Create
Register
Move
c .
In
Copy
Rename
Delete
Unregister
u t e
t i t .
12
I n s i o n
t
1
2
purposes. S
A tri b u
You might want to create custom repositories to physically divide metadata storage or for security
t S
You can copy an entire metadata repository from one host machine to another, either in the same
s
operating system environment or a different environment.
g h d i
You can promote individual objects or groups of objects from one location to another, either on the same
i
y r
promotion.
r e
metadata server or a different metadata server. You can also include associated physical content in the
p o r
When you register a metadata repository, information about the repository is added to the repository
o f
manager so that the repository can be accessed by clients.
C o t
When you unregister a metadata repository, information about the repository is removed from the
repository manager, and the repository can no longer be accessed by clients.
N
When you delete a metadata repository, all of the repository’s metadata and metadata containers
are deleted. In addition, the repository’s registration is removed from the repository manager.
Exercises
1. Identifying Frequency and Responsibility for Administrative Tasks

For the following administration tasks, determine the frequency with which they need to occur at your
site and who is responsible for each:
c .
Task
Secure the SAS

e
Frequency
In
Individual/group responsible
configuration.
t u t
Check status and operate
servers.
• Metadata server
s t i n .
• Workspace server
I n t i o
• OLAP server S
• Stored process server
A tri b u
t S
• Web application server
s
g h d i
Monitor server activity
and administer logging.
i
r r e
Back up environment.
y
o paccess.
f o r
Add users and manage
C t
Establish connectivity to
o
data sources.
N
Set up your metadata
folder structure.
Administer repositories
and move metadata.

1. Identifying Frequency and Responsibility for Administrative Tasks
For the following administration tasks, determine the frequency with which they need to occur at your
site and who is responsible for each:
Task Frequency Individual/group responsible
Secure the SAS When installed and as needed

c .
In
configuration. thereafter
Check status and

operate servers.
• Metadata server
Daily
u t e
• Workspace server
t i t .
• OLAP server
I s
n i o n
• Web application server
S u t
A tri
Monitor server activity
S
and administer logging. b As needed
t s
Back up environment.
h i
Daily
r i g d
Add users and manage
access.
r e
As needed
p y r
Establish connectivity to
o
data sources.
As needed
C o t f
Set up your metadata When installed and as needed
N ofolder structure.
Administer repositories
and move metadata.
thereafter
As needed
These are suggestions and do not apply to all installations. Each site will have different needs
and requirements.
Chapter 3 Determining the State of
®
the SAS Environment
3.1 Checking the State of SAS Servers .............................................................................. 3-3

c .
Demonstration: Checking the State of the SAS Servers........................................................ 3-9
e In
Exercises .............................................................................................................................. 3-14
t u t
3.2
s i
Exploring the Metadata Server and Repositories ...................................................... 3-17
t n .
Demonstration: Identifying Metadata Server and Repository Access State ........................ 3-24
I n i o
Exercises .............................................................................................................................. 3-39
t
3.3
S u
Troubleshooting the Metadata Server ........................................................................ 3-43
A tri b
t S
Demonstration: Exploring the Metadata Server’s Configuration Directory .......................... 3-47
s
Demonstration: Troubleshooting the Metadata .................................................................... 3-53
i g h d i
Exercises .............................................................................................................................. 3-58
y r r e
3.4
o p f o r
C o t
N
3-2 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.1 Checking the State of SAS Servers 3-3
3.1 Checking the State of SAS Servers
Objectives
Examine the different methods of server operations.
Check the state of SAS servers.
c .
e In
t u t
s t i n .
I n t i o
3 S
A tri b u
S
3
h t i s
r i g r e d
Methods for Server Operations
There are several methods available for server
p y o
system:
r
operations, depending on server type and operating
C o t f
Windows service
z/OS started task
N o sas.servers script (UNIX or z/OS)
individual server script or Windows shortcut
SAS Management Console (except startup)
started by object spawner
server console or script
4
4
Server Type Available Methods of Server Operation
SAS Metadata Server • Windows service1

• z/OS started task2
SAS OLAP Server
• sas.servers script3 (UNIX or z/OS)
SAS Object Spawner • Individual server script (or Windows shortcut)
SAS Table Server • SAS Management Console (except startup)
SAS Workspace Server • Started by the object spawner
c .
In
• SAS Management Console (except startup)
SAS Pooled Workspace Server
u t e • Windows service1
t t
SAS Services Application (SAS Remote Services)
i . • z/OS started task2
I n s i o n •
•
sas.servers script3 (UNIX or z/OS)
Remote Services script (or Windows shortcut)
S
Web Application Server
u t • Server console or script
• Windows service (JBoss only)1
S
SAS Content ServerA tri b Starts automatically when the Web application
h t i s
server is started
• Windows service1
SAS/CONNECT Spawner
r i g
SAS/SHARE Server
r e d •
•
z/OS started task2
sas.servers script3 (UNIX or z/OS)
p y o r • Script (or Windows shortcut)
C o
1
f
On Windows systems, this is the recommended method.
t
o
2
On z/OS systems, this is the recommended method.
3
N
On UNIX systems, this is the recommended method.
The SAS Services Application deploys a set of services called Remote Services that are used by the
SAS Information Delivery Portal, the SAS Stored Process Web application, and other Web applications.
The SAS Content Server is a content repository that stores digital content (such as documents, images,
and reports) that is created and used by SAS applications. The Web-based Distributed Authoring and
Versioning (WebDAV) protocol is used to access the SAS Content Server.
Running Servers as Windows Services

If the servers were installed as services, they
start automatically when you restart the machines
are named
SAS [deployment-name-and-level] <server-context -> server-name
can be managed from a command line using
SAS provided batch scripts
net start|stop|pause|continue “service-name”
c .
have built-in dependencies to ensure they start up
in the correct order on each machine.
e In
u t
The dependencies do not include Windows
services on other machines.
t
s t i n .
5
5
I n t i o
S
A tri
as JBoss – SASServer1.
b u
If the SAS Deployment Manager installed JBoss Application Server as a service, the service is displayed
t S
On Windows, the available Net commands for each server are listed below:
s
Server
i g h d i Available Net commands
y r
SAS Metadata Server
r e Start, stop, pause, and continue
SAS OLAP Server
o p f o r
SAS Object Spawner
Start, stop, pause, and continue
C o t
SAS Services Application (SAS Remote Services) Start and stop
N
SAS Table Server
SAS/CONNECT Spawner
Start and stop
SAS/SHARE Server Start and stop
SAS Deployment Tester Server Start and stop
JBoss Application Server Start and stop
There are analogous [servername].sh scripts on UNIX.

Using the sas.servers Script on UNIX or z/OS

The SAS Deployment Wizard creates a sas.servers script
during installation that enables you to use a single
command to do any of the following:
start, stop, or restart all of the SAS servers and
spawners on the machine in the correct order
display the status of all the SAS servers and spawners
on the machine
c .
e In
t u t
s t i n .
6
6
I n t i o
S
A tri b u
The generate_boot_script.sh enables you to automatically regenerate the sas.servers script on a UNIX
or z/OS machine. This is useful when you do the following:
t S
• configure a new server or spawner on the machine
s
• remove a server or spawner from the machine
i g h d i
• want to remove a server or spawner from the script so that you can operate it separately
y r r e
• change the location of the server’s log
o f o r
For information about how to regenerate the sas.servers script, refer to the SAS® Intelligence Platform:
p
System Administration Guide.
C o t
N

The sas.servers script affects the following servers
and spawners:
SAS Metadata Server
SAS Object Spawner
SAS OLAP Server
SAS/CONNECT Spawner
c .
In
SAS/SHARE Server
SAS Table Server
t e
SAS Services Application (SAS Remote Services)
u
t i t .
7
I n s i o n
t
7
S u
The sas.servers script also affects the SAS Deployment Tester Server.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N

The script is located in the top level of the configuration
directory, for example, SAS-configuration-directory/Lev1.
To use the sas.server script, perform the following steps:

1. Log on as the SAS Installer user.
2. Go to the sas.server directory.
c .
In
3. Issue the following command:
./sas.servers start|stop|restart|status
u t e
You can also install the sas.servers script as a boot script.
t i t .
8
I n s i o n
t
8
Argument
S
A tri b u Description
start
t S Starts the servers and spawners in the following order: SAS Metadata Server, SAS
OLAP Server, SAS Object Spawner, SAS/SHARE Server, SAS/CONNECT Spawner,
s
stop
i g h d i
SAS Table Server, SAS Remote Services, SAS Deployment Tester Server
Stops the servers and spawners in the following order: SAS Deployment Tester Server,
y r r e
SAS Remote Services, SAS Table Server, SAS/CONNECT Spawner, SAS/SHARE
Server, SAS Object Spawner, SAS OLAP Server, SAS Metadata Server
o p
restart
f o r Stops and then starts the servers and spawners in the following order: SAS Metadata
Server, SAS OLAP Server, SAS Object Spawner, SAS/SHARE Server,
C o t SAS/CONNECT Spawner, SAS Table Server, SAS Remote Services, SAS Deployment
Tester Server
N
status Displays the current status of the servers and spawners in the following format:
server-name server-instance (PID) is running|is stopped
On UNIX systems, you can alternatively make the individual servers and spawners run as daemons.
For additional best practices for using sas.servers, refer to the SAS® Intelligence Platform: System
Administration Guide.
Checking the State of the SAS Servers
1. Right-click My Computer and select Manage….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
2. Expand Services and Applications and select Services.
h
y r r e
o p f o r
C o t
N
3. Scroll down to the services that begin with SAS [Config-Lev1].
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
4. Verify the status of the metadata server represented by the service named SAS [Config-Lev1]
SASMeta - Metadata Server.
t S s
i g h d i
y r r e
o p f o r
5. Right-click on the metadata server service and select Properties.
C o t
N
6. Review the properties on the General tab. The properties include the path to the executable
and the startup type.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Click the Log On tab and notice what account is used to run this process. The Local System account
is used to run this process.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8. Click the Dependencies tab and note the services that depend on the metadata server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
9. Close the Properties window.
C o t
N
Exercises
1. Investigating the Properties of the SAS Services and Identifying Dependencies

Use the Windows Services to identify the following information for all of the SAS and related
services:
c .
In
Service name:
Path to executable:
Startup type:
u t e
Log on as:
t i t .
Dependencies:
I n s i o n
Service name:
S u t
S A tri
Path to executable: b
t
Startup type:
h i s
r i g
Log on as:
r e d
p y Dependencies:
o r
C o t f
Service name:
N oPath to executable:
Startup type:
Log on as:
Dependencies:
Service name:
Path to executable:
Startup type:
Log on as:
Dependencies:
Service name:
Path to executable:
Startup type:
Log on as:
Dependencies:
c .
In
Service name:
Path to executable:
Startup type:
u t e
Log on as:
t i t .
Dependencies:
I n s i o n
Service name:
S u t
S A tri
Path to executable: b
t
Startup type:
h i s
r g
Log on as:
i
Dependencies:
r e d
p y o r
C o t f
Service name:
N o
Path to executable:
Startup type:
Log on as:
Dependencies:
Service name:
Path to executable:
Startup type:
Log on as:
Dependencies:
2. Restarting the Metadata Server

Restart the metadata server and dependent services using Windows Services. What impact does
restarting the metadata server have on the other services?
3. Identifying the Server Start Up Order
What order should SAS servers be started in?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-17
3.2 Exploring the Metadata Server and Repositories
Objectives
Explore the different metadata server states.
Identify the different types and storage locations
of metadata repositories.
Manage metadata repositories.
c .
In

Determine metadata repository access state.
u t e
t i t .
I n s i o n
S u t
1
2
12
S A tri b
h t i s
r i g r e d
SAS Metadata Server (Review)
SAS Metadata Server manages the metadata that
p y o r
describes the location and structure of the SAS platform:
server definitions
C o t f
data definitions
users and groups
N o security settings
business intelligence content
13
1
3
SAS Metadata Server

The metadata server’s role is to read and write metadata.
c .
e In
t u t
s t i n .
1
4
14
I n t i o
to write/update. S
A tri b u
The metadata server uses multi-threaded processing to read metadata but uses a single thread
t S s
i g h d i
Metadata Server States
y r e
A metadata server can exist in any of the following states:
r
o p
Online
f o r Metadata server can accept client

requests from authenticated users.
C o t
Offline Metadata server is paused and retains
active client connections, but does not
N accept new client requests.

Administration Metadata server is paused, retains
active client connections, and only
accepts new client requests from
unrestricted users.
Stopped Metadata server process is terminated
and all client connections are broken.
15
1
5
The metadata server must be in online mode in order to run the SAS tools to perform a backup. The SAS
tools put the metadata server in offline mode during the backup and resume the server once the backup is
complete. If you want to back up the files without using the SAS tools, you must place the metadata
server in offline or stopped mode before copying any files. While the metadata server is online, it holds a
lock on key files that need to be backed up.
Metadata Server States

You can determine the access state of the metadata
server by examining its properties in SAS Management
Console.
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
To check the access state of the metadata server programmatically, you can use PROC METAOPERATE
to issue a STATUS action. The syntax is as follows:
t S
PROC METAOPERATE
s
SERVER="host name"
i g h d i
PORT=port-number
USERID="user-ID"
y r r e
PASSWORD="password"
PROTOCOL=BRIDGE
o p f o
RUN;
r
ACTION=STATUS;
C t
Any user who can log on to the metadata server can issue a STATUS action.
o
A metadata server that is stopped will not respond to a PROC METAOPERATE request.
N
Metadata Repositories
Metadata is stored in metadata repositories that you can
view and manage using the Metadata Manager
plug-in.
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S
A tri
Metadata Repositories b u
t S s
A metadata repository is
i g h d i
a library of tables in which a collection of related
metadata objects are stored
y r r e
managed by a repository manager
o p f o r
stored in a physical location.
C o t
N
18
1
8
The different repositories do not need to be stored in the same physical location.
Repository Manager
The repository manager is a metadata repository that
holds information about the other repositories in the
environment.
c .
e In
t
OBJNAME ID REPTYPE RPOSPATH
Foundation A0000001.A5STDM7N FOUNDATION MetadataServer\MetadataRepos
Ole’s Work
Repository
t i t u
A0000001.A5590EKV PROJECT
.
itories\Foundation
MetadataServer\MetadataRepos
itories\OleWork
Barbara’s
Work
19 Repository
I s i o n
A0000001.A5WWW6FH PROJECT
n
MetadataServer\MetadataRepos
itories\BarbaraWork
t
1
9
S u
The repository manager is stored in a folder named rposmgr.
A tri b
t S s
Metadata Repositories
i g h d i
The metadata server supports three types of metadata
y r e
repositories:
r
o p f o r
Foundation Required metadata store for a metadata
repository server. You cannot create more than one
foundation repository.
C o t
Custom
repository
An optional metadata store that is useful
for physically separating metadata for
N Project
storage or security purposes.
An optional metadata store that acts as

repository an isolated work area for SAS Data
Integration Studio. Each user who
participates in change management has
a project repository.
20
2
0
The SAS Deployment Wizard creates only one foundation repository, which is assigned the name
Foundation. There is exactly one foundation repository per environment.
To organize your metadata, the recommended best practice is to create folders instead of creating separate
repositories.
A project repository enables a user to check out and lock metadata from a foundation repository or custom
repository so that the metadata can be modified and tested in a separate area. When the metadata is ready,
it is checked in and unlocked so that it is available to other users.
Managing Repositories
Creating a Creates initial repository contents
new and all the metadata that defines
repository the repository.
Registering a Creates the metadata that defines
repository the repository and points to existing
repository content.
c .
Deleting a
repository
Deletes the repository contents
e
and all the metadata that defines In
Unregistering
t t
the repository.
u
Removes the metadata that describes
a repository
t i .
the repository without removing the
s n
contents of the repository itself.
2
1
21
I n t i o
S
A tri b u
You can use SAS Management Console’s Metadata Manager plug-in to create repositories:
• To create a foundation or custom repository, right-click on the Active Server node and select
t S
Add Repository.
s
• To create a project repository, right-click on the Project Repositories folder and select
i g h d i
New Project Repository.
y r r e
Only unrestricted users who are defined in the adminUsers.txt file with an external operating system user
ID can delete a foundation repository.
p o r
An unregistered repository is invisible to the metadata server. Re-registering a repository is the process
o f
of making the repository visible to the metadata server.
C o t
N
Metadata Repository Access Mode

A repository’s access mode is its intended access state.
Online Clients can read, write, and update
metadata.
Read-only Clients can read metadata but not

write, update, or delete metadata.
c .
In
Administration Only users who are in the Metadata
Server: Unrestricted role can read
Offline
u e
and write metadata.
t
Clients can neither read nor write
i t
metadata.
t .
22
I n s i o n
t
2
2
S u
A repository’s access state is a combination of the repository access mode and the metadata server’s state.
A tri b
t S
Metadata Server Access State
s
Metadata Repository
Registered Access Mode
Metadata Repository Access
State
Online
i g h d i Online Online
y r
Online
r e Administration Administration
o p
Online
Online
f o r Read-only
Offline
Read-only
Offline
C o t
Administration Online Administration
N
Administration
Administration
Administration
Read-only
Administration
Administration (Read-only)
Administration Offline Offline
Offline Online Offline
Offline Administration Offline
Offline Read-only Offline
Offline Offline Offline

Identifying Metadata Server and Repository Access State
1. Open SAS Management Console by selecting Start Ö All Programs Ö SAS Ö

SAS Management Console 9.2.
2. Click to open SAS Management Console with the existing connection profile.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3. Provide a valid user ID and password to connect to the metadata server.
s

i g h i
In class, type the user ID Ahmed and password Student1.
d
y r r e
o p f o r
C o t
N
4. Expand Metadata Manager.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u

t S
The Repository drop-down list indicates which repository you are currently connected to and
lets you switch repositories.
s
i g h d i
5. Right-click Active Server and select Properties. Review the properties. Use the Help facility to
identify what the State field specifies. Close the Properties window.
y r r e
o p f o r
C o t
N
c .
e In
t u t
t i .
6. Select Active Server to display the Access and State values for the repositories in the pane on the
right.
s n

I n t i o
You can also see the repository Access and State values by opening the repository properties.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Expand Active Server. Foundation and custom repositories are listed under Active Server. Expand
Project Repositories.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
8. Use Windows Explorer to navigate to the S:\ drive and create a new folder named Test. There are
s
i g d i
currently no metadata repository files in that location.
h
y r r e
o p f o r
C o t
N
9. In SAS Management Console, under the Metadata Manager plug-in, right-click Active Server
and select Register Repository….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10. Accept the default type of Custom and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11. Provide a name for the repository and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12. Accept the default engine and access values. Type the path S:\Test and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
13. The error message indicates that the wizard was looking for metadata repository files in the path
f
C o t
and found none. Click Ö .
N
14. Right-click Active Server and select New Repository….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
15. Provide a name for the repository and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. Accept the default engine and access values. Type the path S:\Test and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
17. Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
18. Right-click on the new repository and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
19. Click the Registration tab. The new repository type is Custom. Close the Properties window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
20. In Windows Explorer, navigate to S:\Test. The folder now contains metadata repository tables.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
21. In SAS Management Console, right-click on the new repository and select Delete. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
22. In Windows Explorer, examine the contents of S:\Test.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
4. Locating the Metadata Server Connection

The Active Server properties listed the metadata server port at 8561. Without searching other
plug-ins, where else does this port appear in the SAS Management Console interface?
c .
In
5. Locating Repository Properties
information:
u t e
Expand the Active Server, and for each repository in the environment, provide the following

i t
Each type of repository might not have all of the following properties.
t .
Repository Name:
Path:
I n s i o n
Type:
S u t
Engine:
S A tri b
ID:
h t i s
r g
Options:
i
Created:
r e d
p y
Updated:
o r
C o Access:
t f
N o
Repository is under change management:
Metadata Location for Users’ Folders:
State:
Owner:
Repository Name:
Path:
Type:
Engine:
ID:
Options:
c .
In
Created:
Updated:
Access:
u t e
t i t
.
I n s
i o n
State:
Owner:
S u t
S A tri b
t
Repository Name:
h i s
r g
Path:
i
Type:
r e d
p y Engine:
o r
C o ID:
t f
N oOptions:
Created:
Updated:
Access:
State:
Owner:
6. Creating a Project Repository

a. Under Metadata Manager Ö Active Server, right-click Project Repositories and select
New Project Repository….
b. Use the following properties to create the project repository:
Repository Owner: Kari
Name: Kari’s Work Repository
Engine: Base
c .
Path: S:\workshop\sbip\MetadataServer\MetadataRepositories\KariWork
e In
Access: Online
t u t
c. Use Windows Explorer to investigate what was created in the path for the new repository.
s t i .
7. Creating and Unregistering a Custom Repository
n
be S:\Test.
I n t i o
a. Create a new custom repository using the Metadata Manager. The repository path should
S b u
b. Verify that the new repository was successfully created and the Test folder populated.
A tri
t S
c. In SAS Management Console, unregister the new repository.
s
i g h d i
d. What is the difference between unregistering and deleting a repository?
8. Pausing the Metadata Server Using the Metadata Manager Plug-in
y r r e
a. Pause in administration mode.
o p o r
1) Right-click Active Server and select Pause Ö Administration. Provide a descriptive
f
comment less than 200 characters long. How did the SAS Management Console interface
C o t
change?
2) Right-click Active Server and select Properties. Any administrators connecting to the
N metadata server using SAS Management Console can view the Comment field.
3) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta – Metadata Server service?
Hint: You might need to right-click on the service and select Refresh to view the updated
status.
4) Resume the metadata server by right-clicking Active Server and selecting Resume.
b. Pause in offline mode.

1) Right-click Active Server and select Pause Ö Offline. Provide a descriptive comment less
than 200 characters long. How did the SAS Management Console interface change?
metadata server using SAS Management Console can view the Comment field.
c .
status.
e In
and selecting Resume.
t u t
4) Resume the metadata server by expanding Metadata Manager, right-clicking Active Server,
s t
or administration mode?i
c. Pause the metadata server Windows Service. Does this pause the metadata server in offline mode
n .
I n t i o
Hint: Certain types of users can connect to a metadata server paused in administration mode,
but no one can connect if it is paused in offline mode.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.3 Troubleshooting the Metadata Server 3-43
3.3 Troubleshooting the Metadata Server
Objectives
Explore metadata server configuration files.
Use the Metadata Analysis and Repair tools.
c .
e In
t u t
s t i n .
I n t i o
26 S
A tri b u
S
2
6
h t i s
r i g r e d
Metadata Server Configuration Files
The metadata server uses several configuration files
p y r
including the following:
o
C o t f The metadata server will not start if
any of these files is not accessible
o
any of these files includes syntax
errors.
27
2
7
Metadata Server Configuration Files

When dealing with configuration files, it is generally best
to follow these guidelines:
Do not rename the configuration files.
Do not move the files.
If you choose to modify a file, make a backup copy

of the original file first.
c .
In
Do not deny the metadata server process owner
access to these files.
u t e
t i t .
28
I n s i o n
t
2
8
S
A tri
omaconfig.xml b u
t S s
This file contains SAS Metadata Server settings such as
i g h
the following:
d i
values for the libref and path to the metadata server’s
y r r e
repository manager
o p o r
names and locations of the adminUsers.txt and
trustedUsers.txt files
f
journaling options
C o t
N
29
2
9
Metadata Server Journaling

In SAS 9.2, journaling is enabled by default for the
metadata server. For best performance, it is
recommended that journaling be enabled at all times.
Metadata server journaling enables
client access to resume as soon as metadata updates
are written to the in-memory database and journal file
instead of also waiting for the data sets in the
c .
operating system to be updated
the metadata server to automatically recover updates
e In
are completed.
t u t
from the journal file if the server fails before updates
s t i n .
3
0
30
I n t i o
S u
Pausing the metadata server causes the journal contents to be written out to disk.
A tri b
t S s
sasv9.cfg and sasv9_usermods.cfg
i g h d i
A SAS configuration file enables you to specify SAS
y r r e
system options that are used to establish a SAS session.
The following configuration files are present in every
o p f r
server’s configuration directory:
o
sasv9.cfg Primary configuration file for a server.
C o t This file typically should not be edited.
N sasv9_user Edit this file to modify or add an option

mods.cfg to a server configuration.
31
3
1
The SAS system CONFIG option points a SAS session to a configuration file. When SAS encounters a
CONFIG option, SAS immediately processes the options in that named file and then returns to process
the remainder of the current file. SAS options that are encountered later in the processing always override
those options that are specified earlier. The options specified in the SAS invocation command are always
processed last and will override the option values specified in the configuration files.
adminUsers.txt and trustedUsers.txt

The metadata server uses several security-related
configuration files, including these two:
adminUsers.txt defines your system’s initial
unrestricted user.
trustedUsers.txt conveys privileged status to a
service account to enable that
c .
account to act on behalf of others.
e In
t u t
s t i n .
3
2
32
I n t i o
S
A tri b u
The unrestricted user’s fully qualified user ID is preceded by an asterisk in the adminUsers.txt file.
Another security-related file located in the metadata server’s configuration directory is the
t S
trustedPeers.xml file. This file can be used to limit the scope of trust for connections from SAS sessions
s
to the metadata server. Initially the scope is not limited.
g h d i
The metadata server accepts peer SAS servers and sessions to connect using a proprietary protocol
i
y r r e
(trusting that those connecting identities have already been properly authenticated). These connections
can occur from any SAS session or SAS IOM server to the metadata server. The scope is configurable.
p r
This enables a SAS/CONNECT server to access the metadata server and facilitates connections to the
o
metadata server during batch processing. For more information, refer to the SAS® 9.2 Intelligence
o f
Platform: Security Administration Guide.
C o t
N
Exploring the Metadata Server’s Configuration Directory
1. Open Windows Explorer and navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2. Right-click omaconfig.xml and select TextPad.
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. Review the settings. The omaconfig.xml file indicates that journal files are stored in
Journal\MetadataJournal.dat. Close the omaconfig.xml file.
c .
e In
t u t
s t i n .
I n t i o
4. In Windows Explorer, navigate to the Journal subfolder. Try to open the MetadataJournal.dat file.
S u
What is preventing you from opening the file?
A tri b
t S s
i g h d i
y r r e
o p f o r
5. In Windows Explorer, navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer\rposmgr.
C t
This folder contains the files that make up the Repository Manager.
o
N
6. Return to the MetadataServer folder and right-click on sasv9.cfg and select Open with Notepad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Review the settings and close the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o f o r
8. The sasv9.cfg file pulls settings from sasv9_usermods.cfg. Right-click on sasv9_usermods.cfg and
pselect Open with Notepad. What is the purpose of this file?
C o t
N
Verifying Metadata Files

SAS provides tools to analyze and repair your metadata.
They are available in these situations:
in SAS Management Console’s Metadata Manager
plug-in as the Analyze/Repair Metadata wizard
as a utility AnalyzeMetadata that can be run
in batch mode
c .
e In
t u t
s t i n .
3
4
34
I n t i o
S
A tri b u
The utility can be found in !SASHOME\SASPlatformObjectFramework\9.2. To get information about
the options available, invoke the utility as follows:
t S
AnalyzeMetadata -?
s
g h d i
You can access the wizard in SAS Management Console by right-clicking Active Server or
a specific repository listed in the Metadata Manager and selecting Analyze/Repair Metadata….
i
y r r e
o p f o r
Metadata Analysis and Repair Tools
C o t
The tools can analyze and repair metadata including:
Verify Checks and repairs the container
N Metadata Files registry and ID registry, which keep
Verify
track of metadata files.
Checks for associations between
Associations metadata objects where one object
was removed.
Orphaned Checks remaining access control
ACEs elements associated with metadata
objects that were removed.
Orphaned Checks for remaining properties for
Properties metadata objects that were removed.
3
5
35 continued...
Metadata Analysis and Repair Tools

The tools can analyze and repair metadata including:
Orphaned Checks remaining property groups for
Property metadata objects that were removed.
Groups
Orphaned
Property
Checks remaining property types for
metadata objects that were removed.
c .
In
Types
Verify Checks for authentication domain
Domains
u t e
Authentication definitions in metadata repositories
other than the foundation repository.
Verify
Permissions
t i t
Checks for permission definitions in
.
metadata repositories other than the
36
I n s i o n
foundation repository.
t
3
6
S
A tri b u
Analyze Mode and Repair Mode
t S s
Whether you run the tools interactively or schedule them
i g h d i
in batch mode, a good practice is to do the following:
Run the tools weekly in analyze mode to monitor for
y r r e
problems.
o p f o r
Back up your environment and then run the tools in
repair mode if problems are identified during analysis.
C o t
N
37
3
7
Troubleshooting the Metadata
1. In SAS Management Console, expand Metadata Manager Ö Active Server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2. Right-click Foundation and select Analyze/Repair Metadata…. The Analyze/Repair Metadata

option is also available on the Active Server node and enables you to analyze and repair multiple
repositories at one time.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. Select the Foundation repository and click .
4. Accept the defaults, which are that all tools are selected and Repair immediately is not selected.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. When the analysis is complete, click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6. Click .
c .
e In
t u t
s t i n .
I n t i o
If problems had been found, you can use to return to the previous screen
S u
and select to repair the metadata immediately.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
9. Examining the Metadata Server Configuration Files

a. The sasv9.cfg file in the MetadataServer folder referenced two other configuration files.
Navigate to and open C:\Program Files\SAS\SASFoundation\9.2\sasv9.cfg.
c .
In
b. The SASFoundation\9.2\sasv9.cfg file references another configuration file. Locate the file and
open it. Examine the settings. This file and the settings within are used by all instances of SAS.
t e
c. How should you modify the configuration file settings for a particular server such as the metadata
server?
u
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o

1. Investigating the Properties of the SAS Services and Identifying Dependencies
Use the Windows Services to identify the following information for all of the SAS and related
services:
Service name: SAS [Config-Lev1] Connect Spawner
Path to executable: "C:\Program Files\SAS\SASFoundation\9.2\spawner.exe"
c .
Startup type: Automatic
Log on as: Local System Account
e In
Dependencies: None
t u t
s t i n .
I n t i o
Service name: SAS [Config-Lev1] Deployment Tester Server
Path to executable: "C:\Program Files\SAS\SASDeploymentTesterServer\1.3\Config\win\wrapper.exe"
S
A tri
b u
-s C:\SAS\Config\Lev1\DeploymentTesterServer\Config\wrapper.conf
t S s
Log on as: NT AUTHORITY\LocalService
g h
Dependencies: None
i d i
y r r e
o p f o r
Service name: SAS [Config-Lev1] Object Spawner
Path to executable: "C:\Program Files\SAS\SASFoundation\9.2\objspawn" -name
C t
"SAS [Config-Lev1] Object Spawner"
o
N
Dependencies: None
Service name: SAS [Config-Lev1] Remote Services

Path to executable: "C:\Program Files\SAS\SASFoundationServices\9.2\wrapper.exe" -s
C:\SAS\Config\Lev1\Web\Applications\RemoteServices\wrapper.conf
Dependencies: JBoss - SASServer1
Service name: SAS [Config-Lev1] SASApp - OLAP Server

Path to executable: "C:\Program Files\SAS\SASFoundation\9.2\sas.exe" -config
"C:\SAS\Config\Lev1\SASApp\OLAPServer\sasv9.cfg" -servicename "SAS [Config-Lev1]
SASApp - OLAP Server"
Dependencies: None
c .
e
Service name: SAS [Config-Lev1] SASMeta - Metadata Server In
u t
t
SASMeta - Metadata Server"
s i
"C:\SAS\Config\Lev1\SASMeta\MetadataServer\sasv9.cfg" -servicename "SAS [Config-Lev1]
t n .
I n
t i o
S
A tri
Dependencies:
b u
SAS [Config-Lev1] Connect Spawner
t S
SAS [Config-Lev1] Object Spawner
s
i g h d i
SAS [Config-Lev1] Remote Services
y r r e
SAS [Config-Lev1] SASApp - OLAP Server
SAS [Config-Lev1] SASTS - Table Server
o p o r
SAS [Config-Lev1] Share Server
f
C o t
Service name: SAS [Config-Lev1] SASTS - Table Server
N Path to executable: "C:\Program Files\SAS\SASFoundation\9.2\sas.exe" -noxwait -noxcmd -config

"C:\SAS\Config\Lev1\SASTS\TableServer\sasv9.cfg" -servicename "SAS [Config-Lev1] SASTS -
Table Server"
Dependencies: None
Service name: SAS [Config-Lev1] Share Server

"C:\SAS\Config\Lev1\ShareServer\sasv9.cfg" -servicename "SAS [Config-Lev1] Share Server"
Dependencies: None
c .
Service name: JBoss - SASServer1
e In
u t
Path to executable: C:\jboss-4.2.0.GA\service\wrapper.exe -s
C:\jboss-4.2.0.GA\server\SASServer1\wrapper.conf
t
s t i n .
Dependencies: None
I n
t i o
S b
2. Restarting the Metadata Server
A tri u
t S
Restart the metadata server and dependent services using Windows Services. What impact does
restarting the metadata server have on the other services?
s
h d i
a. In Windows Services, right-click SAS [Config-Lev1] SASMeta - Metadata Server and
i g
y r r e
select Restart.
o p f o r
C o t
N
b. Click to restart the dependent services.
c .
e In
t u t
s t i n .
I n t i o
The dependent services are stopped in the following order and restarted in the reverse order:
S
A tri b u
SAS [Config-Lev1] Share Server
t S SAS [Config-Lev1] SASTS - Table Server
s
i g h d i
SAS [Config-Lev1] SASApp - OLAP Server
y r r e
JBoss - SASServer1
o p f o r SAS [Config-Lev1] Remote Services

SAS [Config-Lev1] Object Spawner
C o t SAS [Config-Lev1] Connect Spawner
N SAS [Config-Lev1] SASMeta - Metadata Server

3. Identifying the Server Start Up Order

What order should SAS servers be started in?
Generally, the metadata server must be started first, then typically followed by the SAS IOM
and non-IOM servers/spawners (including SAS Table Server), and finally followed by SAS
Remote Services and JBoss.
SAS Remote Services must be started before JBoss.
SAS Metadata Server

c .
SAS OLAP Server
SAS Object Spawner
e In
SAS/SHARE Server
t u t
SAS/CONNECT Spawner
s t i n .
SAS Table ServerI n
SAS Deployment Tester Server
t i o
S
A tri
SAS Remote Services
b u
t S
JBoss - SASServer1.
s
i g h d i
4. Locating the Metadata Server Connection
r e
The Active Server properties listed the metadata server port at 8561. Without searching other
r
plug-ins, where else does this port appear in SAS Management Console interface?
y
o p f o r
Lower right corner of the SAS Management Console window
C o t
N
5. Locating Repository Properties

Expand the Active Server, and for each repository in the environment, provide the following
information:
Repository Name: Foundation
Path: S:\Workshop\sbip\MetadataServer\MetadataRepositories\Foundation
Type: Foundation
Engine: Base
c .
ID: A0000001.A5JMACA8
e In
Options: None
t u t
Created: Sep 3, 2009 2:17:35 PM EST
s t i
Updated: Sep 3, 2009 2:17:35 PM EST
n .
Access: Online
I n t i o
S
A tri b u
Repository is under change management: Yes
Metadata Location for Users’ Folders: /Users
t S
State: Online
s
i g h d i
Owner: Not applicable to this type of repository
y r r e
o p f o r
Repository Name: Barbara's Work Repository
Path: S:\Workshop\sbip\MetadataServer\MetadataRepositories\BarbaraWork
C o t
Type: Project
N Engine: Base
ID: A0000001.A5TVKC81
Options: None
Created: Sep 4, 2009 6:48:01 AM EST
Updated: Sep 4, 2009 6:48:01 AM EST
Access: Online
Repository is under change management: Not applicable to this type of repository
Metadata Location for Users’ Folders: Not applicable to this type of repository
Owner: Barbara
Repository Name: Ole's Work Repository

Path: S:\Workshop\sbip\MetadataServer\MetadataRepositories\OleWork
Type: Project
Engine: Base
Id: A0000001.A5UMWE1I
Options: None
c .
In
Created: Sep 4, 2009 6:51:59 AM EST
Updated: Sep 4, 2009 6:51:59 AM EST
Access: Online
u t e
t i t .
Repository is under change management: Not applicable to this type of repository
I n s i o n
Metadata Location for Users’ Folders: Not applicable to this type of repository
Owner: Ole
S
6. Creating a Project Repository
u t
S A tri b
a. Expand Metadata Manager Ö Active Server. Right-click Project Repositories and select
h t
New Project Repository….
i s
r i g r e d
p y o r
C o t f
N o
b. Use the following properties to create the project repository:
1) Select Kari, and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2) Type the name Kari's Work Repository and then click .
y r r e
o p f o r
C o t
N
3) Type Base as the engine. Click for the path.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
4) Select My Computer and then double-click the S: drive.
i g h d i
y r r e
o p f o r
C o t
N
5) Double-click on the sbip folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
6) Double-click on the Workshop folder.
i g h d i
y r r e
o p f o r
C o t
N
7) Double-click on the MetadataServer folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
8) Double-click on the MetadataRepositories folder.
i g h d i
y r r e
o p f o r
C o t
N
9) Select (the New Folder icon).
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
10) Type KariWork as the folder name and click .
i g h d i
y r r e
o p f o r
C o t
N
11) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
12) Click .
d i
y r r e
o p f o r
C o t
N
13) The new repository appears under the Project Repositories folder in the Metadata Manager.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Use Windows Explorer to investigate what was created in the path for the new repository.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Creating and Unregistering a Custom Repository

a. Create a new custom repository using the Metadata Manager. The repository path should
be S:\Test.
1) Right-click Active Server and select New Repository….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type Test as the name and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
3) Accept the default Base as the engine. Type S:\Test as the path and click .
y r r e
o p f o r
C o t
N
4) Click if you are prompted to create the path on the metadata server.
5) Click to create the repository.

c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) You see a dialog box that informs you that the repository was successfully created. Click
.
b. Verify that the new repository was successfully created and the Test folder populated.
1) In Windows Explorer, navigate to the path you created, S:\Test.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) You should also see the new repository in SAS Management Console.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c. In SAS Management Console, unregister the new repository.
1) Right-click on the Test repository under Active Server and select Unregister Repository.
C o t
N
2) Click when you are prompted to verify that you want to unregister the repository.
The Test repository no longer appears in SAS Management Console.

c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. What is the difference between unregistering and deleting a repository?

1) Unregistering a repository removes the metadata about the repository without removing
the physical files.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Deleting a repository removes all the metadata and physical files.
t S s
i g h d i
y r r e
o p f o r
C o t
N
8. Pausing the Metadata Server Using the Metadata Manager Plug-in

a. Pause in administration mode.
1) Right-click Active Server and select Pause Ö Administration. Provide a descriptive
comment less than 200 characters long. How did the SAS Management Console interface
change?
a) Right-click Active Server and select Pause Ö Administration.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
b) Provide a descriptive comment less than 200 characters long. Click .
c) The Active Server icon now includes the pause symbol:

a) Right-click Active Server and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r
b) Click e to close the Properties window.
o p f o r
C o t
N
SASMeta - Metadata Server service?
status.
c .
e In
t u t
s t i n .
I n t i o
S
The status is paused.
A tri b u
t S s
4) Resume the metadata server by right-clicking Active Server and selecting Resume.
i g h d i
y r r e
o p f o r
C o t
N
The service is started.
b. Pause in offline mode.
200 characters long. How has the SAS Management Console interface changed?
c .
1) Right-click Active Server and select Pause Ö Offline. Provide a descriptive comment under
a) Right-click Active Server and select Pause Ö Offline.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N b) Provide a descriptive comment less than 200 characters long. Click .
Only the Metadata Manager plug-in is visible and accessible. The Active Server icon now
includes the pause symbol:
If you right-click Active Server Ö Pause, the Offline choice is dimmed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
a) Right-click Active Server and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
b) Click
f
to close the Properties window.
C o t
N
status.
c .
e In
t u t
s t i n .
I n t i o
S
The status is paused.
A tri b u
t S s
4) Resume the metadata server by expanding Metadata Manager, right-clicking Active Server,
i g h d i
and selecting Resume.
y r r e
o p f o r
C o t
N
c. Pause the metadata server Windows Service. Does this pause the metadata server in offline mode
or administration mode?
1) In Computer Management, right-click SAS [Config-Lev1] SASMeta - Metadata Server and
select Pause.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Return to SAS Management Console and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Right-click Active Server Ö Pause. The Offline choice is dimmed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
9. Examining the Metadata Server Configuration Files
r
a. The sasv9.cfg file in the MetadataServer folder referenced two other configuration files.
o p f o r
Navigate to and open C:\Program Files\SAS\SASFoundation\9.2\sasv9.cfg.
C o t
N
b. The SASFoundation\9.2\sasv9.cfg file references another configuration file. Locate the file and
open it. Examine the settings. This file and the settings within are used by all instances of SAS.
The other configuration file is called SASV9.CFG and is located in
C:\Program Files\SAS\SASFoundation\9.2\nls\en.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c. How should you modify the configuration file settings for a particular server such as the metadata
server?
C o tThe sasv9_usermods configuration file in the MetadataServer folder should be modified.
N
Chapter 4 Monitoring, Logging, and
®
Troubleshooting SAS Servers
4.1 Overview of SAS Server Types...................................................................................... 4-3

c .
In
Exercises .............................................................................................................................. 4-17
e
4.2
t
Monitoring SAS Servers and Spawners ..................................................................... 4-20
t u
s i
Demonstration: Validating and Pausing the Metadata Server ............................................. 4-24
t n .
Demonstration: Monitoring the Object Spawner .................................................................. 4-36
I n i o
Exercises .............................................................................................................................. 4-42
t
4.3
S u
Logging SAS Servers and Spawners .......................................................................... 4-45
A tri b
t S
Exercises .............................................................................................................................. 4-56
s
4.4
h i
Troubleshooting SAS Servers ..................................................................................... 4-60
i g d
y r e
Demonstration: Using the SAS Deployment Manager......................................................... 4-65
r
p
4.5
o o r
f
C o t
N
4-2 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.1 Overview of SAS Server Types 4-3
4.1 Overview of SAS Server Types
Objectives
Explore the properties and functionality
of a workspace server.
of a stored process server.
c .
of an OLAP server.
e In

of a batch server.
t u t
s t i
of a SAS/CONNECT server.
n .
I n t i o
3 S
A tri b u
S
3
h t i s
r
SAS Servers
i g r e d
Whether users enter their own code, execute a stored
p y o r
process, or let SAS applications generate code for them,
the code will be executed on a SAS server. Each server
C o f
type has different capabilities.
t
N o
4
4

Most code generated by SAS applications is executed
on a workspace server.
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N

A workspace server is a SAS session that executes
SAS code to:
access data libraries
perform tasks using the SAS language
retrieve results.
c .
e In
t u t
s t i n .
6
6
I n t i o
S u
In an initial configuration, there are typically three workspace servers:
A tri b
t S
SASMeta - Logical Workspace Server
s
Standard workspace server for use by administrators to
execute metadata utilities
g h d i
SASApp - Logical Workspace Server
i
Standard workspace server for use by non-administrators
y r r e
SASApp - Logical Pooled Workspace Server-side pooled workspace server for use by non-
o p
Server
f o r administrators to query relational information maps

The SASMeta - Logical Workspace Server is secured for the SAS Administrators group with metadata
C t
permissions.
o
N
Standard Workspace Server

For the standard workspace server, SAS starts a new
server process each time a client requests a connection.
The process is owned by the requesting user.
c .
e In
t u t
s t i n .
7
7
I n t i o
S
A tri b u
The server process is shut down when the connection is terminated. For desktop applications,
the connection typically lasts until the user closes the application. For Web applications, the
t S
connection is typically shut down after the request is completed.
s
g h d i
Standard Workspace Server
i
y r r e
A standard workspace server can be load balanced.
o p f r
Load balancing a workspace server across physical
o
machines is recommended if your server supports
applications that submit large jobs such as SAS Data
C o t
Integration Studio or SAS Enterprise Miner.
8
8
The object spawners on each physical machine communicate with each other to accomplish load
balancing.
Workspace servers are load balanced across machines. In other words, the object spawners on multiple
machines compare the load on each machine and load balance additional requests accordingly.
Workspace Server Pooling

The primary purpose of workspace server pooling is to
enhance performance by avoiding the time associated
with launching workspace servers on demand.
c .
In
In general, pooling is used when a relational information
map is queried, processed, opened, or used indirectly
through a report.
u t e
t i t .
9
I n s i o n
t
9
S
A tri b u
Pooling is used when accessing relational information maps from applications including
SAS Web Report Studio and SAS Information Map Studio.
t S
No additional configuration is required to use the pooled workspace server.
s
i g h d i
y r r e
What Is a SAS Information Map?
o p o r
SAS Information Maps provides the bridge between your
data warehouse and the business users who build reports
f
and analyses from that data.
C o t
N SAS SAS SAS
SAS Information
Map Studio
DBMS DBMS
Data Warehouse
10
1
0
What Is a SAS Information Map?

An information map incorporates business rules and
eliminates the need to understand data relationships.
By using information maps, business
users can concentrate on the analysis
and reporting.
Information maps features include

c .
In
the following:
data items can map to physical
u t e
columns or be based on calculations
filters can be created for easy
t i t
subsetting of the data source
.
data sources can be relational tables
11
I s
or a multidimensional OLAP cube
n i o n
t
1
1
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Workspace Server Pooling

In pooling, a set of workspace server processes are
made available to process certain types of requests
reused for subsequent requests
owned by a shared identity.
c .
e In
t u t
s t i n .
1
2
12
I n t i o
S
A tri b u
The default configuration includes a Logical Pooled Workspace Server, which provides server-side
pooling. The object spawner manages the server-side pooled workspace server processes and can request
t S
user-specific metadata layer access evaluations. Allocation of server processes is managed across clients,
using the spawner’s load balancing capabilities.
s
i g h d i
It is also possible to configure client-side pooling for use when accessing information maps in
SAS Web Report Studio and SAS Information Delivery Portal. Client-side pooling is managed by a pool
r r e
administrator within each application. The workspace server processes are instantiated by the object
y
spawner, but the spawner is unaware of the user making the request. Use client-side only if you have
o p f o r
security requirements that are not met by server-side pooling. The initial configuration does not include
client-side pooling. The usage of servers in a client-side pool is determined by membership in a specific
C t
metadata group.
o
N
What Is a SAS Stored Process?

A SAS Stored Process has the following characteristics:
is a SAS program that is hosted on a server
and described by metadata
can be executed by many of the platform for
SAS Business Analytics applications
is similar in concept to programs run by SAS/IntrNet
software, but more versatile because of the underlying
c .
metadata and security support
e
consists of a .sas file along with a metadata definition In
t u t
that describes how the stored process should execute
s t i n .
1
3
13
I n t i o
S
A tri b
Executing a Stored Process
u
t S s
Stored processes are typically executed on a stored
i g h d i
process server, but can also be executed on
a workspace server.
y r r e
o p f o r
C o t
N
14
1
4

SAS Stored Process Servers interact with SAS by
submitting stored processes.
Each stored process server
handles multiple users
by default, each server uses multiple server processes

or instances
c .
In
includes load balancing settings that the object
spawner uses to distribute requests between the
server processes.
u t e
t i t .
15
I n s i o n
t
1
5
S
A tri
Stored Process Server b u
t S s
By default, the stored process server is configured with
i g h d i
one connection
y r r e
three multibridge connections.
r
Port on which object spawner listens for
o p f o
stored process server requests
C o t
N Each multibridge connection maps to a stored
process server process using the specified
port to communicate with applications.
16
1
6
Shared Credentials
The stored process server processes execute under
multiuser credentials, which can be found in SAS
Management Console on the physical stored process
server’s Properties window, under the Options tab.
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S
A tri b u
The sassrv account is associated with the SAS General Servers group. To verify, follow these steps:
1. Select the User Manager plug-in in SAS Management Console.
t S s
2. Right-click SAS General Servers and select Properties.
g h d i
3. Click the Accounts tab.
i
y r r e
o p f o r
SAS Object Spawners
Workspace servers and stored process servers are
C o t
initialized by the SAS Object Spawner.
An object spawner does the following:
N runs on each machine where you want to run

a workspace server or stored process server
listens for requests and launches servers, as
necessary
18
1
8
The object spawner manages the server-side pooled workspace server processes. The object spawner
manages load balancing for load balanced standard workspace servers, server-side pooled workspace
servers, and stored process servers.
SAS Object Spawners

When the object spawner starts up, it accesses the
metadata server using the information in its metadata
configuration file. The file is named metadataConfig.xml,
by default.
c .
e In
t u t
s t i n .
1
9
19
I n t i o
S
A tri b u
1. The object spawner accesses a configuration file that contains information for accessing the metadata
server. The file is named metadataConfig.xml by default.
t S
2. The object spawner connects to the metadata server for configuration information.
s
i g h d i
y r r e
What Is OLAP?
o p o r
Online Analytical Processing, or OLAP, performs
multidimensional analysis of business data and provides
f
the capability for complex calculations against
C o t
multidimensional data stored in cubes.
Cube A logical set of data that is organized
N and structured in a hierarchical,

multidimensional arrangement
20
2
0
SAS OLAP Server

The SAS OLAP Server is a scalable server that
provides multi-user access to the data stored
in SAS OLAP cubes
responds to queries from cube viewers
performs queries using Multidimensional Expressions.
c .
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri b u
SAS OLAP queries are performed by using MDX in client applications that are connected to the
OLAP server by using OLE DB for OLAP (an extension of OLE DB that is used by COM-based clients),
t S
or through similarly designed Java interfaces.
s
i g h d i
SAS Batch Server
y r r e
SAS batch servers are part of the configuration for
o p o r
SAS scheduling. They are metadata objects that store
information about an executable that the scheduling
f
server can use to run scheduled tasks.
C o t
There are several types of batch servers including those
listed below:
N SAS DATA Step Used to locate a script that executes

Batch Server SAS programs in batch mode
SAS Java Points to a Java application that

Batch Server SAS supplies
22
2
2
SAS/CONNECT Servers
SAS/CONNECT software provides essential tools for
sharing data and processing power across multiple
computing environments.
SAS code can use these tools to perform tasks such as
the following:
dividing time-consuming tasks into multiple units of
work and executing these units in parallel
c .
moving data between machines so that it is on the
same machine as the code processing it
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri
SAS/CONNECT Servers b u
t S s
SAS/CONNECT is used in the SAS platform in several
i g h d i
ways, including the following:
Some clients, such as SAS Data Integration Studio
y r r e
and SAS Enterprise Miner, can generate code that
o p o r
includes SAS/CONNECT features.
SAS/CONNECT is involved in the replication of
f
metadata repositories because the replication process
C o t is accomplished by uploading data sets from one

machine to another.
N
24
2
4
Application Server Hierarchy

Servers are organized in a server hierarchy that includes
the following levels:
SAS Logical framework
Application under which SAS
Server applications
execute
c .
In
Logical Contains
server definitions for one
or more similar
servers
u t e
Servers
t i t
Specific process
instances that
.
25 s
perform the
n
requested work
I i o n
t
2
5
S
A tri b u
A SAS application server enables you to specify metadata that applies to all of the logical servers and
servers that the SAS application server contains. You can also register libraries, schemas, directories, and
t S
other resources that are available to SAS servers, regardless of the server type.
s
A server definition contains the server metadata that is required to connect to a SAS server on a particular
i g h d i
machine. The definition includes details about where the process is to execute and how a client should
contact the server, as well as options that describe how the server should behave.
y r r e
o p o r
SASMeta Application Server Context
f
C o t
The SASMeta application server context includes the
metadata server, a workspace server, and the SAS
N DATA Step Batch Server.

used to execute metadata utilities
including the Backup and Restore
Wizard and the Replication Wizard
used to schedule backup jobs

created using the Backup Wizard
26
2
6
The workspace server in the SASMeta context is only visible and accessible by users who are in the
SAS Administrators metadata group.
Exercises
1. Identifying the Command Line

Use the Server Manager to find the command line for each of the following servers in the
SASApp context:
c .
Not all servers have this information stored in the metadata.
Server Name
e Command Line In
SAS DATA Step Batch Server
t u t
OLAP Server
s t i n .
Pooled Workspace Server
I n t i o
S
Stored Process Server
A tri
Workspace Server
b u
t S
Connect Server
s
i g h
SAS Java Batch Server
d i
r e
2. Locating the Root Folder
y r
o p f o r
Use the information from the previous exercise and Windows Explorer to find the root folder for each
of the following servers in the SASApp context:
C o tServer Name

Folder
N
OLAP Server
Workspace Server
Connect Server

3. Identifying the Windows Services

Right-click on the My Computer icon on the desktop and select Manage. Identify the service
for each of the following servers in the SASApp context:
Not all servers are associated with a service.
Server Name Service Name
c .
In
OLAP Server
u t e
Workspace Server
t i t .
Connect Server
I n s i o n
S
u t
S A tri b
h t
SASMeta context:
i s
r

i g r e d
Server Name Command Line
p y r
o
C o t f
Metadata Server
N oWorkspace Server

of the following servers in the SASMeta context:
Server Name Folder
Metadata Server
Workspace Server

Right-click on the My Computer icon on the desktop and select Manage. Identify the service
for each of the following servers in the SASMeta context:
c .
In
Metadata Server
Workspace Server
t e
7. Identifying the Different Types of Workspace Servers
u
t i t
a. In SAS Management Console, expand Server Manager Ö SASApp. What are the two
.
workspace servers?
I n s o n
b. Right-click SASApp - Logical Pooled Workspace Server and select Properties. What are the
i
S u t
properties on the Load Balancing tab? Close the Properties window.
c. Expand SASApp - Logical Pooled Workspace Server. Right-click SASApp - Pooled
A tri b
Workspace Server and select Properties. Select the Options tab. What multi-user credentials
S
are used to run this server?
h t i s
d. Close the Properties window.
r i g r e d
e. Right-click SASApp - Logical Workspace Server and select Convert To. What are the options?
p y o r
C o t f
N o
4.2 Monitoring SAS Servers and Spawners
Objectives
Validate a SAS server.
Monitor SAS servers using the Server Manager plug-in
in SAS Management Console.
c .
e In
t u t
s t i n .
I n t i o
29 S
A tri b u
S
2
9
h t i s
r i g r e d
Monitoring and Managing Servers
The Server Manager plug-in in SAS Management
p y o r
Console includes server monitoring and management
functionality for servers and spawners:
C o t f
Connect to the server or spawner.
Select the desired monitoring tab or action on the
N o right-click menu.
Disconnect from the server or spawner.
30
3
0
4.2 Monitoring SAS Servers and Spawners 4-21
Clearing the Credentials Cache

If a user is denied access when trying to connect to or
validate a server or spawner, select File Ö Clear
Credentials Cache if you want to do the following:
reenter a user’s credentials after they have been
updated to enable access
provide different user credentials
c .
e In
t u t
s t i n .
3
1
31
I n t i o
S
A tri
Validating a Server b u
t S s
You can use SAS Management Console to validate
i g h
up correctly:
d i
that instances of the following server types are set
y r r e
metadata server
o p o r
OLAP server
pooled workspace server
f
stored process server
C o t
workspace server
N
32
3
2
Validating a Server
When you select Validate, SAS Management Console
establishes a connection to the server and performs
additional actions:
Server type Additional actions
Workspace servers SAS code is submitted and results are
Stored process
servers
obtained.
c .
OLAP servers
Metadata servers
OLAP schemas are retrieved.
Metadata repositories are retrieved.
e In
Table servers
WebDAV servers
u t
Sample databases are accessed.
The server path and DAV server definition
t
s i
are verified.
t n .
3
3
33
I n t i o
S
A tri b u
To determine whether a workspace server uses client-side pooling, right-click on the server’s logical
server node and click Properties. If the properties dialog box contains a Pooling tab that lists at least one
t S
puddle, then the server uses client-side pooling.
s
i g h d i
Additional Functions for Connected Servers
y r r e
and Spawners
o p f o r
When connected to a server or spawner, the following
functions are available:
C o t
Stop
Pause
Terminate the process.
Suspend the process.
N Resume Resume the process.

Quiesce Terminate the process by gradually
releasing libraries and users and denying
new user requests.
Refresh Only available for the spawner. Rereads
Spawner spawner metadata and reinitializes the
spawner.
34
3
4
Additional Functions for Connected Servers

and Spawners
To access the functions, right-click on the lowest level
of the server or spawner in the Server Manager plug-in.
c .
e In
t u t
s t i n .
3
5
35
I n t i o
S
A tri b u
Refreshing the Object Spawner
t S s
If a user’s permission is changed from deny to grant
i g h d i
during a session, you can reset the object spawner’s
authorization cache without restarting the spawner. This
y r r e
must be done before the user can successfully connect
within the same session. To do so,
o p o r
1. connect to the object spawner under the Server
fManager plug-in
C o t
2. right-click on the spawner and select
Refresh Spawner.
N The Refresh Spawner selection is different than

the Refresh selection.
36
3
6
The Refresh Spawner option reinitializes the spawner and forces it to reread its configuration in the
metadata. The Refresh selection refreshes the metadata displayed in SAS Management Console.
Validating and Pausing the Metadata Server
1. In SAS Management Console, expand Server Manager Ö SASMeta Ö

SASMeta - Logical Metadata Server.
c .
e In
t u t
s t i n .
2. Right-click on SASMeta - Metadata Server and select Validate.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Hint: If you encounter a credential error, try selecting File Ö Clear Credentials Cache and then
try to validate the server again.
3. In the Information window, click .
4. After reviewing the contents of the Information window, click .

c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. Right-click on SASMeta - Metadata Server and select Connect.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
6. Right-click on SASMeta - Metadata Server and select Pause.
i g h d i
y r r e
o p f o r
C o t
N
7. Click .
c .
In
8. In the Computer Management window, check that the metadata server service, SAS [Config-Lev1]
SASMeta - Metadata Server, is paused.
u t e
t i t .
I n s o n
9. In SAS Management Console, expand Metadata Manager, right-click Active Server, and
i
select Resume.
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
10. In the Computer Management window, check that the metadata server service, SAS [Config-Lev1]
SASMeta - Metadata Server, is started. You might need to select Action Ö Refresh to see the
changed status.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Server Monitoring
The availability of the different server monitoring tabs
in the Server Manager plug-in depends on these items:
the server type
the level in the server hierarchy
whether the user is connected to the server
c .
e In
t u t
s t i n .
38
I n t i o
S u
3
8
S A tri b
Server Monitoring – Servers Tab
h t i s
The Servers tab lists the servers under the selected
r i g e d
grouping (root node of Server Manager, application
server, or logical server).
r
p y Only members of the SAS Administrators group can view
r
this tab.
o
C o t f
N o
39
3
9
Server Monitoring – Hosts Tab

The Hosts tab lists the host machines for the following
servers and spawners:
object spawner
workspace server
c .
e In
t u t
s t i n .
4
0
40
I n t i o
S
A tri b u
Server Monitoring – Connections Tab
t S s
The Connections tab is available for all servers and lists
i g h d i
all the defined connections for the server.
Only members of the SAS Administrators group can view
y r this tab.
r e
o p f o r
C o t
N
41
4
1
Server Monitoring – Processes Tab

The Processes tab lists the server processes currently
running on the machine.
Only members of the SAS Administrators group can view
this tab.
c .
e In
t u t
s t i n .
4
2
42
I n t i o
S
A tri b u
Server Monitoring – Clients Tab
t S s
The Clients tab lists the user, host, and entry time for
i g h d i
each client connected to the server. Only members of the
SAS Administrators group can view this tab. This tab is
y r r e
available for the following:
o p o r
metadata servers
object spawners
f
OLAP servers
C o t
pooled workspace servers
stored process servers
N table servers
workspace servers
43
4
3
Server Monitoring – Sessions Tab

The Sessions tab lists the ID, owner, state, and start time
for each user session.
All users can view this tab. Members of the SAS
Administrators group can see all of the sessions. Users
who are not administrators can only see their own
sessions. The tab is available for the following servers:
OLAP server
c .
table server
e In
t u t
s t i n .
4
4
44
I n t i o
S
A tri b u
Server Monitoring – Sessions Tab
t S s
The Server Manager options enable you to control which
i g h d i
types of sessions are displayed:
active and inactive
y r r e
active, inactive, and ended
o p f o r
C o t
N
45
4
5
Server Monitoring – Options Tab

The Options tab lists the name, description, value, and
category for the server and spawner options, counters,
and properties. All users can view this tab, but only
administrators can change the values for properties.
The tab is available for the following servers and
spawners:
metadata server
c .
object spawner
OLAP server
e In
table server
t u t
t
workspace server
s i n .
4
6
46
I n t i o
S
A tri b u
Server Monitoring – Loggers and Log Tabs
t S s
The Loggers tab lists the logging services that are in use
i g h d i
for the server or spawner.
The Log tab displays the log for the server or spawner.
y r r e
The tabs are available for the following servers and
o p o r
spawners:
metadata server
f
object spawner
C o t
OLAP server
N pooled workspace server
table server
workspace server (only Loggers tab)
47
4
7
Server Monitoring –
Spawned Server Activity Tab
The Spawned Server Activity tab displays a graph of the
number of servers that were started by the selected
spawner over time. Only members of the SAS
Administrators group can view this tab.
c .
e In
t u t
s t i n .
4
8
48
I n t i o
S
A tri b u
Monitoring the SAS OLAP Server
t S s
You can monitor a SAS OLAP Server using different
i g h d i
plug-ins in SAS Management Console:
y r

r e
Server Manager
o p
f o r
SAS OLAP Server Monitor
C o t
N
49
4
9
SAS OLAP Server Monitor

The SAS OLAP Server Monitor plug-in is found in the
Monitoring folder on the Plug-ins tab in SAS Management
Console. This plug-in does the following:
displays all OLAP servers
and schemas
provides session controls
manages advanced server

c .
options
e In
t u t
s t i n .
5
0
50
I n t i o
S
A tri b u
Each client application connection establishes a session on the OLAP server.
The OLAPOPERATE procedure enables users to manage an OLAP server, its cubes, its sessions, and
t S
their queries. It is intended as a batch interface for many of the functions provided by the
s
OLAP Server Monitor plug-in for SAS Management Console.
g h d i
You can use PROC OLAPOPERATE to connect to an OLAP server and do the following:
i
r r e
• list sessions and queries for an active OLAP server
y
o f o r
• close individual active sessions
p
• cancel or close individual open result sets
C o t
• disable a cube or all cubes
• enable a cube or all cubes
N
• refresh a cube or all cubes
• stop the OLAP server
Monitoring the Object Spawner
1. Right-click on the My Computer icon on the desktop and select Manage.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. Scroll down and locate the service named SAS [Config-Lev1] Object Spawner.
4. Check the status of the service.
5. In SAS Management Console, expand Server Manager.

6. Right-click Object Spawner - LOCALHOST and select Properties.
c .
e In
t u t
s t i n .
I n t i o
7. Click the Servers tab. The servers listed in the Selected servers pane are instantiated by this object
spawner.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9. Expand Object Spawner - LOCALHOST.
c .
e In
t u t
10. Right-click localhost and select Connect.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t If you receive the following error, “The application could not log on to the server
N “localhost:8581”. No server is available at that port on that machine.”, verify that the
object spawner service is running.
11. Review the contents of the Clients tab. This tab identifies the clients connected to the server/spawner.
12. Click the Spawned Server Activity tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. To use the object spawner to instantiate a server, expand Server Manager Ö SASApp.
14. Right-click SASApp - Logical Stored Process Server and select Validate.
c .
e In
t u t
s t i n .
I n t i o
15. Click
S
A tri u
in the Information window.
b
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. Return to the Spawned Server Activity tab under Server Manager Ö
Object Spawner - LOCALHOST Ö localhost. The activity should be increased by one server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
8. Examining the Object Spawner’s metadataConfig.xml File

a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\ObjectSpawner\.
Open metadataConfig.xml with TextPad.
c .
In
b. When the object spawner starts, it reads the metadataConfig.xml file in order to determine
how to connect to the metadata server.
t e
1) What user ID does the object spawner use to connect to the metadata server?
u
i t
2) Is the password for the user ID also stored in the file?
t .
I s i o n
3) Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English). Select Close. In the
n
Editor window, type the following code:
run;
S u t
proc pwencode in="Student1";
A tri b
Select Run Ö Submit. Locate the line in the Log window that begins with {sas002}.
S
Compare that value with the password in the metadataConfig.xml file.
h t i s
9. Monitoring the Workspace Server
r i g r e d
a. How are the advanced options of the SASMeta - Workspace Server and the SASApp - Workspace
Server different?
p y r
Hint: You can access the advanced options from the Options tab of the Properties window.
o
C o t f
b. Validate the SASApp - Logical Workspace Server. Does the validation change the object
spawner’s server count?
N oc. Expand SASApp - Logical Workspace Server Ö SASApp - Workspace Server and select
localhost. Right-click localhost and select Connect. How many workspace servers are currently
running?
d. Use SAS Enterprise Guide to open the Orion Star Customers table in the Orion Star Ö
Marketing Department Ö Data folder. Is there now a process under SASApp Ö
SASApp - Logical Workspace Server Ö SASApp - Workspace Server Ö localhost
in the Server Manager plug-in? If so, what is the process ID?
e. Stop the workspace server process from the Server Manager plug-in. In SAS Enterprise Guide,
select Tasks Ö Describe Ö List Data.... What effect did ending the workspace server process
have on the SAS Enterprise Guide session? Use the Server Manager plug-in to determine whether
a new process was started.
10. Exploring Workspace Server Configuration Files

a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\Workspace Server.
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute to the
workspace server’s configuration?
b. Use Windows Explorer to navigate to the other configuration files referenced in the workspace
server’s sasv9.cfg. What other configuration files contribute to the workspace server’s
configuration?
11. Exploring Workspace Server Autoexec Files
c .
In
Open autoexec.sas using TextPad. According to the file, what other autoexec files contribute
e
t u t
to the workspace server’s configuration?
b. Use Windows Explorer to navigate to the other autoexec files referenced in the workspace
t i .
server’s autoexec.sas file. What other autoexec files contribute to the workspace server’s
configuration?
s n
I n
12. Monitoring the Stored Process Server
t i o
S
A tri b u
a. In SAS Management Console, locate the Options tab of the SASApp - Stored Process Server
properties. What multi-user credential is listed?
t S
b. Validate the stored process server.
s
i g h d i
Hint: Expand SASApp - Stored Process Server and right-click localhost.
c. How many processes are currently running for the stored process server?
y r r e
Hint: Right-click localhost and select Connect.
p o r
13. Exploring Stored Process Server Configuration Files
o f
C t
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcess Server.
o
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute to the stored
N process server’s configuration?

b. Use Windows Explorer to navigate to the other configuration files referenced in the stored process
server’s sasv9.cfg. What other configuration files contribute to the stored process server’s
configuration?
14. Exploring Stored Process Server Autoexec Files
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
to the stored process server’s configuration?
b. Use Windows Explorer to navigate to the other autoexec files referenced in the stored process
server’s autoexec.sas file. What other autoexec files contribute to the stored process server’s
configuration?
15. Monitoring the OLAP Server

a. Validate the OLAP server using the Server Manager plug-in.
b. Using the Server Manager plug-in, connect to the OLAP server. How many sessions are there
currently?
c. In SAS Enterprise Guide, open the Orion Star Customer Order Cube in SAS Folders Ö
Orion Star Ö Marketing Department Ö Data….
d. Return to the Server Manager plug-in. How many sessions are listed now?
c .
e. Under the SAS OLAP Server Monitor plug-in, connect to the SASApp - Logical OLAP Server.
Expand SASApp - Logical OLAP Server. How many sessions are listed?
e In
t u t
f. Under the OLAP Server Monitor plug-in, expand SASApp - OLAP Schema. Which cubes are
associated with that schema? How many active queries are there on each cube?
t i .
g. In the SAS OLAP Server Monitor, connect to SASApp - Logical OLAP Server. Select
s n
SASApp - OLAP Server. Right-click on a session. What options are available to manage
the session?
I n t i o
S u
Do not select any of the options available for the session.
A tri b

t S If you do not currently have a session, return to SAS Enterprise Guide and follow
the demonstration steps to open a cube.
s
i g h d i
h. In the Server Manager plug-in, connect to and select SASApp - OLAP Server. On the Sessions
tab, right-click on a session. What options are available to manage the session?
y r r e
i. In the SAS OLAP Server Monitor, right-click SASApp - Logical OLAP Server. What options
o p f o r
are available to manage the server?
j. In the Server Manager plug-in, right-click SASApp - OLAP Server. What options are available
C o tto manage the server?
N
16. Exploring OLAP Server Configuration Files
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\OLAPServer.
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute
to the OLAP server’s configuration?
b. Compare sasv9.cfg and sasv9_trace.cfg.
1) How are these files different?
2) What is the purpose of the sasv9_trace.cfg file?
3) How would you get the OLAP server to use the sasv9_trace.cfg file?
c. Open both logconfig.xml and logconfig.trace.xml in the same TextPad window. Select Tools Ö
Compare Files… to compare the two files. What are the differences between the files?
4.3 Logging SAS Servers and Spawners 4-45
4.3 Logging SAS Servers and Spawners
Objectives
Explore the SAS 9.2 logging facility.
Enable server logging.
Modify server logging configuration.
c .
e In
t u t
s t i n .
I n t i o
54 S
A tri b u
S
5
4
h t i s
r i g r e d
SAS 9.2 Logging Facility
The SAS 9.2 logging facility is a flexible, configurable
p y o r
framework that
categorizes and filters log messages in SAS server
C o t f
and SAS programming environments
writes log messages to various output devices.
N o
55
5
5
Enabling Server Logging

To enable the logging facility for servers, each server
must have these items:
an XML logging configuration file that configures
loggers and appenders
the LOGCONFIGLOC= system option specified in the
server’s sasv9.cfg file and pointing to the logging
configuration file
c .
e In
t u t
s t i n .
5
6
56
I n t i o
S u
The SAS Deployment Wizard automatically enables logging for most SAS servers.
A tri b
t S s
Loggers and Appenders
i g h d i
Loggers and appenders define what messages are
y r e
captured and where they are sent.
r
o p
Loggers
f o r categorize log events using a hierarchical

system. They can be configured to go to
multiple appenders.
C o t
Appenders represent a specific output destination for
N messages including fixed files, rolling

files, operating system facilities, and
client applications.
57
5
7
Loggers
SAS server logger names begin with one of the following
categories, which process the following types of events:
Admin Relevant to systems administrators and

computer operators
App
Audit
Related to specific applications
Related to user authentication and security
c .
IOM
administration
e
For servers that use Integrated Object Model In
t u t
(IOM) workspace server interface
Perf
s t i
Related to performance
n .
5
8
58
I n t i o
S
A tri b u
The App loggers process log events related to specific applications such as metadata servers,
OLAP servers, stored process servers, and workspace servers.
t S
The IOM interface provides access to Foundation SAS features such as the SAS language, SAS libraries,
s
the server file system, results content, and formatting services. IOM servers include metadata server,
i g h d i
OLAP servers, stored process servers, and workspace servers.
y r r e
o p Loggers
f o r
These are some sample loggers useful for monitoring the
C o t
metadata server and metadata:
App.Meta – the default category for general metadata
N informational, warning, and error messages

App. Meta.CM – logs change management events
including check-in and check-out
Audit.Meta.Security – all events that are triggered by
changes to metadata that could affect or change
authorization decisions for objects
59
5
9
Audit.Meta.Security captures changes including those made to permissions, permission settings, ACTs,
changes to role memberships, changes to users, groups, roles, logins, and authentication domains.
The following table shows the logging configuration that is created initially for each SAS server:
Server Rolling Log File and Operating System ARM Logging Facility
SAS Management Facility
Console Log Tab
SAS Metadata Server • Admin, App, Audit, None None

and IOM events
(INFO, WARN,
ERROR, and FATAL)
• All other events
c .
SAS Object Spawner
(ERROR or FATAL)
• App, Audit, and IOM
e Admin events (INFO, None In

t u t
events (INFO,
WARN, ERROR, and
WARN, ERROR, or
FATAL)
t i
FATAL)
s n
(ERROR or FATAL) .
SAS OLAP Server
I n t i
• Admin events
o
(ERROR and FATAL)
Admin.Operation events Performance-related
S
A tri b u
(ERROR or FATAL)
(ERROR and FATAL) events to support cube
testing and tuning
captured in a log file if
t S s
the logging level is
modified
i g h
SAS Pooled Workspace
d i • Admin events None None
Server
y r r e (ERROR and FATAL)

o p f o r events (INFO,
WARN, ERROR, and
FATAL)
C o t • All other events

(ERROR or FATAL)
N Events are sent only to

the rolling log file.
SAS Stored Process • Admin events None None

Server (ERROR and FATAL)
events (INFO,
WARN, ERROR, and
FATAL)
• App.Program events
(FATAL)
(ERROR or FATAL)
(Continued on the next page.)

Server Rolling Log File and Operating System ARM Logging Facility
SAS Management Facility
Console Log Tab
SAS Table Server • Admin events None None

(ERROR or FATAL)
events (INFO,
WARN, ERROR, and
FATAL)
c .
(ERROR or FATAL)
e In
SAS Workspace Server None
t u t Admin.Operation events
(ERROR and FATAL)
Performance-related
events available for
s t i n .
display in SAS Data
Integration Studio
SAS DATA Step Batch

Server
I n
App events (INFO,
t
WARN, ERROR, and
i o Admin.Session events
(ERROR and FATAL)
Performance-related
events captured in a log
S
A tri
FATAL)
b u file if the server

configuration is
t S
SAS/CONNECT Server
s
None Admin.Session events
modified
Performance-related
i g h d i (INFO, WARN,
ERROR, and FATAL)
events available for
display in SAS Data
y r r e Integration Studio
o p f o r
C o t
N
Diagnostic Levels
Log events have an associated diagnostic level:
TRACE Fine-grained informational events intended for
SAS Technical Support
DEBUG Fine-grained informational events useful in
debugging an application and intended for
c .
In
INFO Informational events that highlight the process
of an application
WARN
t e
Warning events or minor problems external
to the application
u
ERROR
t i t
Error events that might still enable the
.
application to continue running
60
FATAL
I s i o n
Very severe events that will most likely cause
n
the application to end
t
6
0
S
A tri
WARN, ERROR, FATAL.
b u
The logging levels are listed from the lowest (most detailed) to the highest: TRACE, DEBUG, INFO,
t S s
i g h
Appenders
d i
y r messages:
r e
SAS has several appender classes for processing
o p f o r
Appenders to log messages to an operating system
(ConsoleAppender, ZOSWtoAppender)
C o t
An IOM server appender to log messages from
any IOM server (IOMServerAppender)
N File appenders for writing log messages to a file

on disk (FileAppender, RollingFileAppender)
Appenders to write to Windows, UNIX, and z/OS
operating system logs (UNIXFacilityAppender,
WindowsEventAppender, ZOSFacilityAppender)
61
6
1
For more information about the SAS Logging Facility, refer to the SAS® 9.2 Logging Configuration and
Programming Guide.
IOMServerAppender and
The IOM Server Appender writes log messages from
IOM servers to a volatile run-time cache. The contents of
the cache are available for display in SAS Management
Console.
Use the Server Manager options to specify a message
level or threshold filter level.
c .
e In
t u t
s t i n .
6
2
62
I n t i o
S
A tri b u
Server Manager Plug-in Option
t S s
The option settings filter the events that are already being
i g h d i
generated based on the server’s logging settings.
y r Message
r e specifies a specific level of messages
o p
Level
f o r to be displayed in SAS Management

Console.
C o t
Threshold
Level
specifies the lowest level of messages
to be displayed in SAS Management
Console.
N
63
6
3
Appenders
Appender specifications can include additional
parameters to specify the following:
filename (fileNamePattern)
file header information (HeaderPattern)
layout of messages in file (ConversionPattern)
These parameters typically use conversion characters

c .
In
referenced with a preceding percent sign, including:
%d Date of logging event
%t
t e
Identifier for the thread that generated logging
event
u
%m
t i t .
Application-supplied message line(s) associated
64
I s
with the logging event
n i o n
t
6
4
S
A tri b u
The date conversion specifier, %d, can be followed by a set of braces containing a date and
time pattern string such as %d{HH:mm:ss,SSS} or %d{DATE}.
t S
Additional Conversion Characters
s
i g h d i
Conversion Character Description
y r r e Used to output the logger name of the logging event.
o
S p f o r Used to output the level of the logging event.
Used to output various pieces of system information and must be
C o t followed by the key for the system information desired, placed between
braces, for example, %S{os_name}.
N Valid system information keys include the following:

• model_name – manufacturer of system
• model_num – model number
• host_name
• os_name
• os_version
• user_name – identity that owns the process and not client identity
associated with current thread
• startup_cmd
u Client identity associated with current thread.

Modifying Server Logging Configurations

The best practice is to use the initial logging configuration
files created by the SAS Deployment Wizard.
If necessary, you can use the following methods
for modifying server logging configurations:
adjust logging levels dynamically using the Server
Manager plug-in
use alternative logging configuration files provided
c .
for troubleshooting
e
modify the server’s logconfig.xml file In
t u t
s t i n .
6
5
65
I n t i o
S
A tri b u
Adjusting Logging Levels Dynamically
t S s
The dynamic changes affect all logging produced by the
i g h d i
server in question, but does not modify the logconfig.xml
file. The changes persist until changed dynamically or the
y r r e
server is restarted.
o p f o r
C o t
N
66
6
6
The Audit.Meta logger by default inherits the Information logging level from its parent, Audit.
You can assign a different level for this logger.
When the server is restarted, it rereads the logconfig.xml file.
Alternative Logging Configuration Files

To assist in troubleshooting, alternative logging
configuration files are provided:
for some servers including metadata servers, OLAP
servers, pooled workspace servers, stored process
servers, and workspace servers
named logconfig.trace.xml
messages are written to the server’s rolling log file

c .
e
Performance issues can result from using these In
files.
t u t
Do not modify the logconfig.trace.xml logging
t i .
configuration files unless you are requested
s n
to do so by SAS Technical Support.
6
7
67
I n t i o
S
A tri b u
Using Alternative Logging Configuration Files
t S s
To use an alternative logging configuration file, follow
i g h
these steps:
d i
1. Stop the server if it is running.
y r r e
2. Rename the server’s logconfig.xml file to
o p o r
logconfig_orig.xml.
3. Rename the server’s logconfig.trace.xml file
f
to logconfig.xml.
C o t
4. Restart the server if necessary.
5. When troubleshooting is complete, stop the server
N if it is running, rename logconfig.xml to

logconfig.trace.xml, rename logconfig_orig.xml to
logconfig.xml, and restart the server if necessary.
68
6
8
Modifying logconfig.xml Files

The following are some examples of changes you might
want to make to a server’s log configuration file:
Configure the RollingFileAppender to use a different
log filename or to store the files in a different location.
Configure a different message layout for an appender.
c .
In
If you elect to modify the server’s logconfig.xml file,
make a backup copy first.
u t e
t i t .
69
I n s i o n
t
6
9
S
A tri b
Logging SAS OLAP Servers
u
t S s
By default, a SAS OLAP Server collects log information in:
i g h
system log
d i stored in a file that is refreshed daily
y r r e displayed on the Log tab of the OLAP

Server in the Server Manager plug-in
o p ARM log
f o r

stored in a file created at server start
receives no messages by default
C o t because Perf.ARM.OLAP_Server
logger is set to warn
during the testing and tuning of cubes,
N

change logging level from WARN to
INFO to begin receiving messages
70
7
0
Exercises
17. Exploring Metadata Server Logging

a. Open the metadata server’s logconfig.xml file.
1) How many appenders are defined?
c .
2) Where is the rolling log file being written to?
e In

t t
3) What format are the messages written in?
u
The server’s sasv9.cfg file’s LOGCONFIGLOC option identifies where the
t i .
server’s logging configuration file is stored.
s n
I n
b. Make a backup copy of the logconfig.xml file.
t i o
c. To capture metadata server management events in the system facility appender, insert the
S
A tri b u
following lines above the last line of the file (<\logging:configuration>):
<appender name=”eventLog” class=”WindowsEventAppender”>
t S
<param name=”Threshold” value=”Warn”/>
<layout>
s
<param name=”ConversionPattern”
i g h d
</layout>
i
value=”%d{yyyyMMdd:HH.mm.ss.SS}: %m”/>
e
</appender>
y r r
<logger name=”App.Meta.Mgmt”>
<level value=”Info”/>
r
p
<appender-ref ref=”eventLog”/>
o tf o
</logger>
C o
This XML can be found in the appender.xml file in the S:\Workshop\spaft folder.
d. Restart the metadata server.
N e. Pause the metadata server.

f. Right-click on the My Computer icon on the desktop and select Manage. Expand System Tools Ö
Event Viewer and select System. Refresh the view and double-click on the most recent information
type entry from the Service Control Manager. Review the message and close the window.
g. Resume the metadata server.
h. Use the Event Viewer to find the corresponding message.
18. Exploring Object Spawner Logging

Open logconfig.xml with TextPad.
b. The object spawner uses this file to determine what to log and where to send it to.
1) Where are the log files being written to?
2) What is the format of the log filenames?
3) What is the format of the contents of the log files?
c .
4) Are any messages being sent to the Windows Event Viewer?
e In
u t
c. Use Windows Explorer to navigate to the location of the object spawner log files. Verify that
the filenames and file contents follow the formats described in the logconfig.xml file.
t
t i
19. Exploring Workspace Server Logging
s n .
I n
t i o
S
A tri b u
1) Are log messages written to a file?
2) Are log messages written to the Windows Event Viewer?
t S
b. Create a log file for workspace server troubleshooting.
s
i g h d i
1) Using Windows Explorer, verify that users of the workspace server are granted Read, Write,
and Execute access to the workspace server’s Logs directory.
y r r e
Hint: In Windows Explorer, right-click on the Logs directory and select Properties.
o p o r
Select the Security tab. Select Users (LOCALHOST\Users) from the list of groups and
users. Verify that Read & Execute are allowed. Allow Write and select Apply.
f
C o t
2) Rename the logconfig.xml file in C:\SAS\Config\Lev1\SASApp\Workspace Server
as logconfig_orig.xml.
N 3) Rename the logconfig.trace.xml file in C:\SAS\Config\Lev1\SASApp\Workspace Server

as logconfig.xml.
4) Use SAS Enterprise Guide to open a table. Close SAS Enterprise Guide.
5) Use Windows Explorer to locate the new log file in
C:\SAS\Config\Lev1\SASApp\Workspace Server\Logs. Review the contents of the log file.
6) Rename the logconfig.xml file as logconfig.trace.xml.
7) Rename the logconfig_orig.xml as logconfig.xml.
20. Validating, Monitoring, and Logging the Pooled Workspace Server

a. Use SAS Management Console to validate the pooled workspace server.
Hint: Right-click SASApp - Logical Pooled Workspace Server and select Validate.
b. In SAS Management Console, use the object spawner’s Spawned Server Activity tab to verify that
a new process was spawned. How is this process different than the standard workspace server
instantiated during the Validate step?
c. In SAS Management Console, expand SASApp - Logical Pooled Workspace Server Ö
SASApp - Pooled Workspace Server. Right-click localhost and select Connect. What user ID
c .
owns the process listed in the Processes tab?
e In
t
d. Examine the pooled workspace server’s logconfig.xml file. Where are the server’s logs written?
Locate the most recent log and examine its contents.
t u
s i
e. (Optional) Examine the pooled workspace server’s sasv9.cfg file. What other configuration files
t n .
contribute to the pooled workspace server’s configuration?
I n o
f. (Optional) Examine the pooled workspace server’s autoexec.sas file. What other autoexec files
t i
S u
21. Exploring Stored Process Server Logging
A tri b
t S
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
s
i g h d i
1) Are log messages written to a file?
y r e
2) Are log message written to the Windows Event Viewer?
r
o p f o r
b. Use Windows Explorer to navigate to the location of the stored process server log files. Verify
that the filename and file contents follow the formats described in the logconfig.xml file.
C o t
c. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
Open logconfig.trace.xml with TextPad.
N 1) Would these settings write log messages to a file?

2) Would these settings write log messages to the Windows Event Viewer?
22. Exploring OLAP Server Logging

Open logconfig.xml with TextPad. What file are the log messages written to?
b. Use Windows Explorer to navigate to the location of the OLAP server log files. Verify that the
filename and file contents follow the formats described in the logconfig.xml file.
c. Use the Server Manager plug-in to dynamically set the Perf.ARM.OLAP_SERVER logger level
to Information. Open a cube in SAS Enterprise Guide. View the log in the Server Manager
plug-in. Reset the Perf.ARM.OLAP_SERVER logger level to Warning.
c .
Hint: You need to connect to the SASApp - OLAP Server to modify the logger level.
e In
t
Hint: The ARM log messages are written to a filename of performance_%d_%s{pid}.arm
in C:\SAS\Config\Lev1\SASApp\OLAPServer\Logs.
t u
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers
Objectives
Explore how to troubleshoot SAS servers.
Use the SAS Deployment Manager to update
passwords for system accounts.
c .
e In
t u t
s t i n .
I n t i o
73 S
A tri b u
S
7
3
h t i s
r i g r e d
If you are unable to connect to or use a server, perform
p y o r
the following tasks:
Verify that the server is running at the operating
C o t fsystem level.
For the workspace and stored process servers, verify
N o that the object spawner is running at the operating

system level.
Examine logs to identify warnings or errors.
74
7
4
4.4 Troubleshooting SAS Servers 4-61

If a server or spawner is failing to start, do the following:
Copy the command line used to invoke the server
and issue it directly in the operating system, noting
any errors or information that is generated.
If changes were recently made to configuration files,
revert to the backup copies made before the changes.
c .
e In
t u t
s t i n .
7
5
75
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N

If the passwords for service accounts that occur in some
of the configuration files changed, update passwords with
the SAS Deployment Manager.
Do not directly edit passwords in configuration files
except as a last resort.
c .
e In
t u t
s t i n .
7
6
76
I n t i o
S
A tri
• SAS Administrator
b u
Service accounts include the accounts associated with the following metadata identities:
t S
• SAS Trusted User
• SAS Anonymous Web User
s
h
• SAS General Servers
i g d i
r r e
The passwords for these accounts are stored in the metadata and, except for the SAS General Servers
y
account(s), they are also stored in certain configuration files. To update accounts that occur only
o p f o r
in the metadata you can use either SAS Management Console or the
SAS Deployment Manager.
C o t
N
SAS Deployment Manager

The SAS Deployment Manager enables you to perform
several configuration tasks:
Update Passwords updates service account
passwords in the metadata and
configuration files.
Remove Existing removes some or all product
c .
In
Configuration configurations
removes custom content for
t e
when you remove its
u
Rebuild Web
t t
configuration.
i .
rebuilds WAR and EAR files with
77
Applications
I n s i o n
custom user content.
t
7
7
S
A tri
SAS Deployment Managerb u
t S s
The utility updates both configuration files and metadata:
i g h d i
You can update multiple passwords in a single pass.
y r r e
You must run the utility on each machine that hosts
affected components starting with the metadata
o p o r
server.
If you enter a plaintext password, the utility encodes
f
the password using SAS proprietary encoding.
C o t
Service accounts that you introduce in SAS
Management Console are not managed by this tool.
N
78
7
8
For more information about the SAS Deployment Manager, refer to the SAS® Intelligence Platform:
Security Administration Guide.
You can use PROC PWENCODE to encode passwords for use in SAS programs or text files.
PROC PWENCODE IN="password" <METHOD=encoding-method>;

RUN;
The sas001 method uses base64 to encode passwords. The sas002 method (SASProprietary encoding)
uses a 32-bit key to encode passwords and is the default. The sas003 method (AES encryption) uses
a 256-bit key to encode passwords.
SAS Deployment Manager

Each run of this utility generates an UpdatePasswords.html
file that documents the updates the utility performed and
provides instructions for any required post-update
activities.
c .
e In
t u t
s t i n .
7
9
79
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Using the SAS Deployment Manager
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
s
i g h d i
y r r e
o p f o r
C o t
N
3. Right-click on the SAS [Config-Lev1] SASMeta - Metadata Server service and select Stop.
c .
e In
t u t
s t i n .
4. Click
I n o
to stop dependent services.
t i
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. With the SAS [Config-Lev1] SASMeta - Metadata Server service highlighted, right-click and select
Start.
c .
e In
t u t
s t i n .
I n t i o
S
6. Use Windows Explorer to navigate to C:\Program Files\SAS\SASDeploymentManager\9.2.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Double-click config.exe.
8. Select English as the language and click .
c .
e In
t u t
9. Accept the default, Update Passwords, and click .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10. Select Enter Configuration Directory and Level and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11. Navigate to C:\SAS\Config and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12. Accept the default configuration level, Lev1, and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. Provide the user ID and password of an unrestricted user in order to connect to the metadata server
and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
14. Select the user IDs for which the passwords should be updated. For this demonstration, select
webanon@saspw. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
15. Type the password Student1 and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
17. When all the steps are complete, click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
18. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
19. Review the document created. This HTML file is stored in the configuration directory. In class,
the file is in C:\SAS\Config\Lev1\Documents\.
c .
e In
t u t
s t i n .
I n t i o
S
20. Restart the other services:
A tri b u
t S
• SAS [Config-Lev1] Connect Spawner
• SAS [Config-Lev1] Object Spawner
s
i g h d i
• SAS [Config-Lev1] SASApp - OLAP Server
• SAS [Config-Lev1] Share Server
r r e
• SAS [Config-Lev1] SASTS - Table Server
y
o p f o r
• SAS [Config-Lev1] Remote Services
• JBoss - SASServer1
C o t
N

SASApp context:

c .
SAS DATA Step Batch Server C:\SAS\Config\Lev1\SASApp\BatchServer\sasbatch.bat
e In
OLAP Server

t u t
C:\SAS\Config\Lev1\SASApp\OLAPServer\ OLAPServer.bat *
C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\
s t i .
PooledWorkspaceServer.bat
n
I n C:\SAS\Config\Lev1\SASApp\StoredProcessServer\
i o
StoredProcessServer.bat
t
Workspace Server
S
A tri b uC:\SAS\Config\Lev1\SASApp\WorkspaceServer\
WorkspaceServer.bat
t S
Connect Server
s
C:\SAS\Config\Lev1\SASApp\ConnectServer\ConnectServer.bat
i g h
d i C:\SAS\Config\Lev1\ReportBatch\rptbatch.bat
y r e
If a Windows service is used to start the OLAP server, the command line is
r
"C:\Program Files\SAS\SASFoundation\9.2\sas.exe" –config
o p f o r
"C:\SAS\Config\Lev1\SASApp\OLAPServer\sasv9.cfg"
C o t
of the following servers in the SASApp context:
N Server Name

Folder
C:\SAS\Config\Lev1\SASApp\BatchServer
OLAP Server C:\SAS\Config\Lev1\SASApp\OLAPServer
Pooled Workspace Server C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer
Stored Process Server C:\SAS\Config\Lev1\SASApp\StoredProcessServer
Workspace Server C:\SAS\Config\Lev1\SASApp\WorkspaceServer
Connect Server C:\SAS\Config\Lev1\SASApp\ConnectServer
SAS Java Batch Server C:\SAS\Config\Lev1\ReportBatch


Right-click on the My Computer icon on the desktop and select Manage. Identify the service for
each of the following servers in the SASApp context:
c .
In
OLAP Server SAS [Config-Lev1] SASApp - OLAP Server
u t e
Workspace Server
t i t .
Connect Server
I n s i o n
SAS [Config-Lev1] Connect Spawner
S
u t
S A tri b
h t
SASMeta context:
i s
r

i g r e d
p y r
SAS DATA Step Batch
o
C:\SAS\Config\Lev1\SASMeta\BatchServer\sasbatch.bat
C o t f
Server
Metadata Server C:\SAS\Config\Lev1\SASMeta\MetadataServer\MetadataServer.bat *
N oWorkspace Server C:\SAS\Config\Lev1\SASMeta\WorkspaceServer\

WorkspaceServer.bat
* If a Windows service is used to start the metadata server, the command line is
"C:\Program Files\SAS\SASFoundation\9.2\sas.exe" –config
"C:\SAS\Config\Lev1\SASMeta\MetadataServer\sasv9.cfg".

of the following servers in the SASMeta context:
Server Name Folder
SAS DATA Step Batch Server C:\SAS\Config\Lev1\SASMeta\BatchServer
Metadata Server
Workspace Server
C:\SAS\Config\Lev1\SASMeta\MetadataServer
C:\SAS\Config\Lev1\SASMeta\WorkspaceServer
c .
e In
t u t
Right-click on the My Computer icon on the desktop and select Manage. Identify the service for
each of the following servers in the SASMeta context:
Server Name
s t i n . Service Name
I n
t i o
Metadata Server
S
A tri
Workspace Server
b uSAS [Config –Lev1] SASMeta – Metadata Server

t S
s
h d i
7. Identifying the Different Types of Workspace Servers
i g
r r e
a. In SAS Management Console, expand Server Manager Ö SASApp. Notice that there are two
y workspace servers: SASApp - Logical Pooled Workspace Server and SASApp - Logical
o p f o r
Workspace Server.
C o t
N
b. Right-click SASApp - Logical Pooled Workspace Server and select Properties.
c .
e In
t u t
s t i n .
I n t i o
1) Select the Load Balancing tab. A server-side pooled workspace server is load-balanced by the
S
object spawner.
A tri b u
2) Close the Properties window.
t S s
i g h d i
y r r e
o p f o r
C o t
N c. Expand SASApp - Logical Pooled Workspace Server Ö SASApp - Pooled Workspace Server.
1) Right-click and select Properties.
c .
e In
t u t
s t i n .
run are listed.
I n t i o
2) Select the Options tab. The multi-user credentials under which the instances of the server
S
d. Close the Properties window.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Right-click SASApp – Logical Workspace Server and select Convert To.

The server is currently configured in standard mode. The pooled option would convert this
workspace server to a client side pooled workspace server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
8. Examining the Object Spawner’s metadataConfig.xml File
i
y r r e
o p f o r
Open metadataConfig.xml with TextPad.
b. When the object spawner starts, it reads the metadataConfig.xml file in order to determine how
C o t
to connect to the metadata server.
1) What user ID does the object spawner use to connect to the metadata server?
N User ID = "sastrust@saspw"
2) Is the password for the user ID also stored in the file?
Yes, but it is encoded.
3) Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English). Select Close. In the Editor
window, enter the following code:
run;
Select Run Ö Submit. Locate the line in the Log window that begins with {sas002}.
Compare that value with the password in the metadataConfig.xml file.
They are the same.
9. Monitoring the Workspace Server

a. How are the advanced options of the SASMeta - Workspace Server and the SASApp - Workspace
Server different?
1) In SAS Management Console, expand Server Manager Ö SASMeta Ö
SASMeta - Logical Workspace Server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
2) Right-click SASMeta - Workspace Server and select Properties.
i g h d i
y r r e
o p f o r
C o t
N
3) Select the Options tab and select Advanced Options.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Select the Launch Properties tab. The Allow XCMD option is checked by default.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
5) Close the Advanced Properties and Properties windows.
i
r r e
6) Expand SASApp Ö SASApp - Logical Workspace Server.
y
o p f o r
C o t
N
7) Right-click SASApp - Workspace Server and select Properties.
c .
e In
t u t
s t i n .
I n t i o
8) Select the Options tab and select Advanced Options.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Select the Launch Properties tab. The Allow XCMD option is not checked by default.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
10) Close the Advanced Properties and Properties windows.
i
y r r e
o p f o r
C o t
N
b. Validate the SASApp - Logical Workspace Server. Does the validation change the object
spawner’s server count?
1) Select Server Manager Ö Object Spawner - LOCALHOST Ö localhost Ö Spawned
Server Activity. You must be connected to the object spawner to see the spawned activity.
If you are not connected to the object spawner, right-click localhost and select Connect.
2) Right-click SASApp - Logical Workspace Server and select Validate.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) If you receive the following error, “The user ‘SAS Administrator’ could not log on to the
o p f o r
server ‘SASApp - Logical Workspace Server’.”, select OK.
C o t
N
4) Select File Ö Clear Credentials Cache.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
5) Right-click SASApp - Logical Workspace Server and select Validate.
i g
y r r e
o p f o r
C o t
N
6) Type ahmed as the user ID and Student1 as the password.
c .
7) Select Details <<.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
8) Select OK to close the Information window.
9) Select Server Manager Ö Object Spawner - LOCALHOST Ö localhost Ö
C o tSpawned Server Activity. The server’s count will likely not be changed because the server
validation only opens a workspace server temporarily. The server process is shut down when
N the validation is complete.

c. Expand SASApp - Logical Workspace Server Ö SASApp - Workspace Server and select
localhost.
c .
e In
t u t
s t i n .
I n t i o
Right-click localhost and select Connect. There are currently no workspace server processes
running.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Use SAS Enterprise Guide to open the Orion Star Customers table in the Orion Star Ö
Marketing Department Ö Data folder. Is there now a process under SASApp Ö
SASApp - Logical Workspace Server Ö SASApp - Workspace Server Ö localhost
in the Server Manager plug-in? If so, what is the process ID?
1) Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2.
2) Select New Project.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) Select File Ö Open Ö Data….
o p f o r
C o t
N
4) Select SAS Folders Ö Orion Star Ö Marketing Department Ö Data Ö Customers Ö

Open.
5) Return to SAS Management Console and select SASApp Ö SASApp - Logical Workspace
Server Ö SASApp - Workspace Server Ö localhost. There is now a process representing
the workspace server spawned for SAS Enterprise Guide.
c .
e In
t u t
s t i n .
I n
6) Under SASApp – Workspace Server, expand localhost.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Select the process and view the client information.
e. Stop the workspace server process from the Server Manager plug-in. In SAS Enterprise Guide,
select Tasks Ö Describe Ö List Data…. What effect did ending the workspace server process
have on the SAS Enterprise Guide session? Use the Server Manager plug-in to determine whether
a new process was started.
1) Right-click on the process ID and select Stop.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Select OK.
C o t
N
3) Return to SAS Enterprise Guide and select Tasks Ö Describe Ö List Data….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g
4) Clickh d i
in the Disconnect? window.
y r r e
o p f o r
C o t
N
5) Return to SAS Management Console and select SASApp Ö SASApp - Logical Workspace
Server Ö SASApp - Workspace Server Ö localhost. There is a new process representing
the workspace server spawned for SAS Enterprise Guide. SAS Enterprise Guide seamlessly
reconnected to a workspace server.
c .
e In
t u t
s t i n .
I n t i o
10. Exploring Workspace Server Configuration Files
S
A tri b u
Open sasv9.cfg. According to the sasv9.cfg file what configuration files contribute to the
workspace server’s configuration?
t S
/* Include config files */
s
i g h d i
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg" (1)
y r e
-config "C:\SAS\Config\Lev1\SASApp\WorkspaceServer\sasv9_usermods.cfg" (2)
r
o p o r
b. Use Windows Explorer to navigate to the other configuration files referenced in the workspace
server’s sasv9.cfg. What other configuration files contribute to the workspace server’s
f
configuration?
C o t/* Include config files */ (10a #1)
N -config "C:\Program Files\SAS\SASFoundation\9.2\sasv9.cfg"

-config "C:\SAS\Config\Lev1\SASApp\sasv9_usermods.cfg"
(10a #2) is empty.
11. Exploring Workspace Server Autoexec Files
to the workspace server’s configuration?
/* Include autoexec files */
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec.sas"; (1)
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas"; (2)
%include "C:\SAS\Config\Lev1\SASApp\WorkspaceServer\autoexec_usermods.sas"; (3)
b. Use Windows Explorer to navigate to the other autoexec files referenced in the workspace
server’s autoexec.sas file. What other autoexec files contribute to the workspace server’s
configuration?
* Include autoexec files */ (11a #1)
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas";
(11a #2) is empty.
(11a #3) is empty.
c .
12. Monitoring the Stored Process Server
e
a. In SAS Management Console, expand Server Manager Ö SASApp Ö SASApp - Logical In
t u t
Stored Process Server Ö SASApp - Stored Process Server.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
1) Right-click SASApp - Stored Process Server and select Properties.
o p o r
2) Select the Options tab. The multi-user credentials are listed. Close the Properties window.
f
C o t
N
b. Right-click localhost and select Validate.
c .
e In
t u t
s t i n .
I n t i o
1) Click
S
A tri b u
and review the messages in the Information window.
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click to close the Information window.
c. Right-click localhost and select Connect. A process appears in the Processes tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. Exploring Stored Process Server Configuration Files
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcess Server.
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute to the stored
process server’s configuration?
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg" (1)
-config "C:\SAS\Config\Lev1\SASApp\StoredProcessServer\sasv9_usermods.cfg" (2)
b. Use Windows Explorer to navigate to the other configuration files referenced in the stored process
server’s sasv9.cfg. What other configuration files contribute to the stored process server’s
configuration?
/* Include config files */ (13a #1)
-config "C:\Program Files\SAS\SASFoundation\9.2\sasv9.cfg"
-config "C:\SAS\Config\Lev1\SASApp\sasv9_usermods.cfg"
(13a #2) is empty.
c .
14. Exploring Stored Process Server Autoexec Files
e
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer. In
t u t
to the stored process server’s configuration?
t i
s n .
I n t i o
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec.sas"; (1)
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas"; (2)
S
A tri b u
%include "C:\SAS\Config\Lev1\SASApp\StoredProcessServer\autoexec_usermods.sas"; (3)
t S
b. Use Windows Explorer to navigate to the other autoexec files referenced in the stored process
s
server’s autoexec.sas file. What other autoexec files contribute to the stored process server’s
i g h
configuration?
d i
y r e
* Include autoexec files */ (14a #1)
r
o p f o r
(14a #2) is empty.
C o t
(14a #3) is empty.
N
15. Monitoring the OLAP Server
a. Use the Server Manager plug-in to validate the OLAP server. In SAS Management Console,
expand Server Manager Ö SASApp - Logical OLAP Server.
1) Right-click SASApp - OLAP Server and select Validate.
c .
e In
t u t
2) Click
s t i n .
in the Information window. Review the messages in the window.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click to close the Information window.
b. Use the Server Manager plug-in to connect to the OLAP server.

1) Right-click SASApp - OLAP Server and select Connect.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
2) Select the Sessions tab. There are currently no sessions.
o p f o r
C o t
N
c. Use SAS Enterprise Guide to open a cube by selecting Start Ö All Programs Ö SAS Ö
Enterprise Guide 4.2.
1) Select New Project.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2) Select File Ö Open Ö OLAP Cube....
s
i g h d i
y r r e
o p f o r
C o t
N
3) Navigate to SAS Folders Ö Orion Star Ö Marketing Department Ö Data and select
Orion Star Customer Order Cube Ö Open.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
d. Return to the Server Manager plug-in and view the contents of the Sessions tab. How many
r
sessions are listed?
o p f o r
There is now one session listed.
C o t
N
e. Under the SAS OLAP Server Monitor plug-in, expand SAS OLAP Server Monitor Ö
SASApp - Logical OLAP Server.
c .
e In
t u t
s t i n .
I n t i o
1) Right-click SASApp - Logical OLAP Server and select Connect.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click .
c
3) Select and expand SASApp - OLAP Server to see the active and inactive sessions on the.
In
server.
There are two sessions listed.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
f. Under the OLAP Server Monitor plug-in, expand SASApp - OLAP Schema. Which cubes are
associated with that schema? How many active queries are there on each cube?
Select and expand SASApp - OLAP Schema to see the cubes associated with that schema
and the number of active queries on each cube.
There are three cubes associated with SASApp - OLAP Schema: Chocolate Enterprises
Sales Cube, Orion Star Customer Order Cube, and Sales Order Cube.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
Disable a cube to coalesce aggregations, rebuild the cube, or update cube data. Enable
t S
a cube to process new queries. If you restart your SAS OLAP Server, all of the cubes that
are accessed by that server are enabled by default.
s
i g h d i
g. In the SAS OLAP Server Monitor, connect to SASApp - Logical OLAP Server. Select
SASApp - OLAP Server. Right-click on a session. What options are available to manage
y r
the session?
r e
o p f o r
C o t
N
h. In the Server Manager plug-in, connect to and select SASApp – OLAP Server. On the Sessions
tab, right-click on a session. What options are available to manage the session?
End
i. In the SAS OLAP Server Monitor, right-click SASApp - Logical OLAP Server. What options are
available to manage the server?
c .
e In
t u t
s t i n .
I n t i o
S
manage the server?
A tri b u
j. In the Server Manager plug-in, right-click SASApp - OLAP Server. What options are available to
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. Exploring OLAP Server Configuration Files

Open sasv9.cfg. According to the sasv9.cfg file what configuration files contribute
to the OLAP server’s configuration?
-config "C:\SAS\Config\Lev1\sasv9_meta.cfg"
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg"
c .
-config "C:\SAS\Config\Lev1\SASApp\OLAPServer\sasv9_usermods.cfg"
e
b. Compare sasv9.cfg and sasv9_trace.cfg. In
u t
1) How are these files different?
t
t i
The trace.cfg file does not use the sasv9_meta.cfg; it uses
.
the sasv9.cfg file from C:\SAS\Config\Lev1\. The trace file uses the trace logging
s n
configuration file. The trace file includes additional journaling options and the
I n
NETENCRALG option.
t i o
S
2) What is the purpose of the sasv9_trace.cfg file?
A tri b u
It is used for when you want to obtain logs with the TRACE option for more detailed
information. This file works in conjunction with logconfig_trace.xml.
t S
3) How would you get the OLAP server to use the sasv9_trace.cfg file?
s
i g h d i
Rename the existing sasv9.cfg file found in the directory, and replace it with the trace
version. This requires that you restart your SAS OLAP Server process before the new
y r e
configuration file is used.
r
o p o r
c. Open both logconfig.xml and logconfig.trace.xml in the same TextPad window. Select Tools Ö
Compare Files… to compare the two files. What are the differences between the files?
f
The conversion pattern for the rolling log files is slightly different. The levels for two loggers
C t
(App and Perf.ARM.OLAP_SERVER) are set to a more detailed level in the trace file. In
o
the logconfig file, App is set to Info, and Perf.ARM.OLAP_SERVER is set to Warn. In the
N logconfig_trace file, App is set to Trace and Perf.ARM.OLAP_SERVER is set to Info.

17. Exploring Metadata Server Logging
a. Open the metadata server’s logconfig.xml file.
1) How many appenders are defined?
Three appenders: RollingFileAppender, IOMEventAppender, and IOMServerAppender
2) Where is the rolling log file being written to?
C:\SAS\Config\Lev1\SASMeta\MetadataServer\Logs\
3) What format are the messages written in?
%d %-5p [%t] %X{Client.ID}:%u - %m
b. Make a backup copy of the logconfig.xml file.

1) Navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
2) Right-click on the logconfig.xml file and select Copy.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Right-click and select Paste to create the copy.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. To capture metadata server management events in the system facility appender, insert code in the
logconfig.xml file.
1) Right-click on the logconfig.xml file and select TextPad to open the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Insert the following lines above the last line of the file (</logging:configuration>):
C o t
<appender name="eventLog" class="WindowsEventAppender">
<param name="Threshold" value="Warn"/>
N <layout>
<param name="ConversionPattern" value="%d{yyyyMMdd:HH.mm.ss.SS}: %m"/>
</layout>
</appender>
<logger name="App.Meta.Mgmt">
<level value="Info"/>
<appender-ref ref="eventLog"/>
</logger>
This XML code can be found in the appender.xml file in the S:\Workshop\spaft folder
on your image.
3) Select File Ö Save to save the changes.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
d. Restart the metadata server.
y r r e
Use Windows Services or SAS Management Console to restart the metadata server.
o p f o r
C o t
N
e. Use the Metadata Manager to pause the metadata server.

1) Right-click Active Server and select Pause Ö Administration.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Type Capture metadata server events in system facility appender
in the Pause Comment dialog box. Click .
C o t
N
f. Right-click on the My Computer icon on the desktop and select Manage. Expand System Tools Ö
Event Viewer and select System.
1) Refresh the view and double-click on the most recent information type entry from the Service
Control Manager.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Review the message and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
g. Use the Metadata Manager to resume the metadata server.

1) Expand Metadata Manager.
2) Right-click Active Server and select Resume.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
h. Use the Event Viewer to find the corresponding message.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
18. Exploring Object Spawner Logging
o p o r
f
C o t
b. The object spawner uses this file to determine what to log and where to send it to.
N 1) Where are the log files being written to?

C:\SAS\Config\Lev1\ObjectSpawner\Logs
2) What is the format of the log filenames?
ObjectSpawner_%d_%S{pid} where %d is yyyy-mm-dd and %s{pid} is an ID.
ObjectSpawner_2009-05-02_1916
3) What is the format of the contents of the log files?
%d %-5p [%t] %u - %m
4) Are any messages being sent to the Windows Event Viewer?

Yes.

<appender name="WinEvent" class="WindowsEventAppender">
<layout>
<param name="ConversionPattern"
value="%d: %m"/>
</layout>
</appender>
c .
c. Use Windows Explorer to navigate to the location of the object spawner log files. Verify that the
In
filenames and file contents follow the formats described in the logconfig.xml file.
u t e
They do follow the formats described in the logconfig.xml file.
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
c .
e In
t u t
s t i
19. Exploring Workspace Server Logging
n .
I n
t i o
S
A tri b u
1) Are log messages written to a file? No
t S
2) Are log message written to the Windows Event Viewer? Yes
s
i g h d i
b. Create a log file for workspace server troubleshooting.
1) Using Windows Explorer, verify that users of the workspace server were granted Read,
y r r e
Write, and Execute access to the workspace server’s Logs directory.
o p f o r
a) Right-click on the Go to the logs folder and select Properties.
C o t
N
b) Click the Security tab to verify that users have the correct access with the Allow check
boxes selected.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Rename the logconfig.xml file in C:\SAS\Config\Lev1\SASApp\Workspace Server as

logconfig_orig.xml.
a) Right-click on the logconfig.xml file and select Rename.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) Press the END key and add _orig to the filename. Press ENTER to rename the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Rename the logconfig.trace.xml file in C:\SAS\Config\Lev1\SASApp\Workspace Server

as logconfig.xml.
a) Right-click on the logconfig.trace.xml file and select Rename.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) Delete .trace from the name and press ENTER.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Use SAS Enterprise Guide to open a table. Close SAS Enterprise Guide.
a) Select Start ÖAll Programs ÖSAS ÖEnterprise Guide 4.2.
b) Select New Project.
c) Select File Ö Open Ö Data.
d) Select
Click
from the left pane and SASApp from the pane on the right.
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e) Select and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
f) Select
d i
and then click .
y r r e
o p f o r
C o t
N
g) Select any table that you want and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Use Windows Explorer to locate the new log file in C:\SAS\Config\Lev1\SASApp\Workspace

Server\Logs. Review the contents of the log file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Rename the logconfig.xml file as logconfig.trace.xml.

7) Rename the logconfig_orig.xml as logconfig.xml.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o f o r
20. Validating, Monitoring, and Logging the Pooled Workspace Server
pa. Use SAS Management Console to validate the pooled workspace server.
C o t
1) Open SAS Management Console by selecting Start Ö All Programs Ö SAS Ö
SAS Management Console 9.2.
N 2) Click for the connection profile.

3) Type Ahmed as the user ID and Student1 as the password. Click .
c .
e In
u t
4) Expand Server Manager Ö SASApp. Right-click SASApp - Logical Pooled Workspace
t
s i
Server and select Validate.
t n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click to close the Information dialog box.
b. In SAS Management Console, use the object spawner’s Spawned Server Activity tab to verify that
a new process was spawned. How is this process different than the standard workspace server
instantiated during the Validate step?
The pooled workspace server session does not shut down when the validation is complete
unlike the standard workspace server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
c. In SAS Management Console, expand SASApp - Logical Pooled Workspace Server Ö
y
o p f o r
SASApp - Pooled Workspace Server. Right-click localhost and select Connect. What user ID
owns the process listed in the Processes tab?
sassrv@LOCALHOST
C o t
N
d. Examine the pooled workspace server’s logconfig.xml file. Where are the server’s logs written?
Locate the most recent log and examine its contents.
C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\Logs
e. (Optional) Examine the pooled workspace server’s sasv9.cfg file. What other configuration files
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg"
-config "C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\sasv9_usermods.cfg"
f. (Optional) Examine the pooled workspace server’s autoexec.sas file. What other autoexec files
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec.sas";
%include
"C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\autoexec_usermods.sas";
c .
21. Exploring Stored Process Server Logging
e
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer. In
t u t
s i
1) Are log messages written to a file? Yes
t n .
2) Are log message written to the Windows Event Viewer? No
I n t i o
b. Use Windows Explorer to navigate to the location of the stored process server log files. Verify
that the filename and file contents follow the formats described in the logconfig.xml file.
S
A tri b u
Format of filename: SASApp_STPServer_%d_%S{pid}.log
t S
Format of file contents: %d %-5p [%t] %X{Client.ID}:%u - %m
s
g h d i
c. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
Open logconfig.trace.xml with TextPad.
i
y r r e
1) Would these settings write log messages to a file? Yes
o p f o r
2) Would these settings write log messages to the Windows Event Viewer? Yes
22. Exploring OLAP Server Logging
C o t
N Open logconfig.xml with TextPad. What file are the log messages written to?
C:\SAS\Config\Lev1\SASApp\OLAPServer\Logs\SASApp_OLAPServer_%d_%S{pid}.log
b. Use Windows Explorer to navigate to the location of the OLAP server log files. Verify that the
filename and file contents follow the formats described in the logconfig.xml file.
Format of filename: SASApp_OLAPServer_%d_%S{pid}.log
Format of file contents: %d %-5p [%t] %X{Client.ID}:%u - %m
c. Use the Server Manager plug-in to dynamically set the Perf.ARM.OLAP_SERVER logger level
to Information. Open a cube in SAS Enterprise Guide. View the log in the Server Manager
plug-in. Reset the Perf.ARM.OLAP_SERVER logger level to Warning.
1) Expand Server Manager Ö SASApp Ö SASApp - Logical OLAP Server. Right-click
SASApp - OLAP Server and select Connect.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Select the Loggers tab and click on the Name column.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3) Scroll to the bottom, right-click on the Perf.ARM.OLAP_SERVER logger, and
C o t
select Properties.
N
4) Change the assigned value to Information. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
5) Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2. Select New Project.
6) Select File Ö Open Ö OLAP Cube….
t S s
7) Select Orion Star Customer Order Cube and click .
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
8) Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\OLAPServer\Logs
i g
y r r e
and locate the most recent performance log file. Open the file and review the ARM messages
and close the file.
o p f o r
C o t
N
9) Close SAS Enterprise Guide.

10) Return to SAS Management Console and reset the Perf.ARM.OLAP_SERVER logger to
Warning.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
®
Chapter 5 Backing Up the SAS
Environment
5.1 Backing Up Metadata with the Backup Wizard ............................................................ 5-3

c .
Demonstration: Backing Up Metadata with the SAS Management Console Backup
In
Wizard ........................................................................................................ 5-12
e
t u t
Exercises .............................................................................................................................. 5-27
5.2
t i .
Exploring OMABAKUP ................................................................................................. 5-29
s n
I n
Demonstration: Exploring OMABAKUP ............................................................................... 5-37
t i o
Exercises .............................................................................................................................. 5-41
5.3 S
A tri b u
Scheduling Backups .................................................................................................... 5-42
t S
Demonstration: Modifying the SASMeta DATA Step Batch Server ...................................... 5-45
s
i g h d i
Exercises .............................................................................................................................. 5-47
5.4
y r r e
Backing Up Physical Files ........................................................................................... 5-49
o p f o r
Demonstration: Locating Additional Content to Backup....................................................... 5-54
C 5.5
t
o
N
5-2 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-3
5.1 Backing Up Metadata with the Backup Wizard
Objectives
Identify why you need to perform backups and what
needs to be backed up.
Explore best practices for backing up your system.
Identify the features of the OMABAKUP macro.
c .
In

Use the Backup Wizard to back up the system.
u t e
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r i g r e d
Best Practices for Backing Up Your System
You should regularly perform full backups, including
p y o r
the following items:
metadata and related content
C o f
physical files
t
N o If you ever need to restore your environment, perform
a full restore that includes all the files listed above.
4
4
Best Practices for Backing Up Your System

Backups should be performed at certain times:
as often as nightly if your metadata is being frequently
updated
before and after major changes such as adding
or removing a repository or applying a hot fix
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Backing Up Metadata
SAS provides a macro named OMABAKUP that creates
a backup of the following files with minimal disruption
in service:
metadata repositories
repository manager
metadata journal file
c .
In
metadata server configuration files
to a running metadata server.
u t e
OMABAKUP can also be used to restore the backup files
t i t .
6
I n s i o n
t
6
• omaconfig.xml S
A tri b u
The following metadata server configuration files are backed up:
• adminUsers.txt
t S s
• trustedUsers.txt
g h
• logconfig.xml
i d i
r r e
If you choose to use operating system commands to backup the metadata repositories and repository
y
o f o r
manager, you must make sure the metadata server is paused to an offline state before taking the backup.
p If the metadata server is online or paused to an administration state, the backup files will not
C o t
be usable.
N
OMABAKUP
The macro is available in the following ways:
as part of the backup and restore programs provided
with your installation
in the code generated by the Backup Wizard in
by writing custom code to invoke the macro
c .
e In
t u t
s t i n .
7
7
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
OMABAKUP
Selected features of the OMABAKUP macro include the
following:
The macro pauses the metadata server while retaining
client connections, flushes memory and writes
metadata to disk, closes repository data sets, copies
metadata server files to specified backup location,
and resumes the metadata server.
c .
If the backup destination contains backup files, the
macro will overwrite them with new backup files.
e In
u t
A REORG option enables you to reclaim unused
disk space left over from previously deleted metadata
t
objects.
s t i n .
8
8
I n t i o
S
A tri b u
If the REORG option is used, the macro does the following:
• Re-creates the repository data sets as it copies them to the backup destination, eliminating unused
t S
disk space in the process
s
• Copies the re-created data sets back to their original locations
g h d i
Because of the overhead that is associated with re-creating the data sets, you might not want to use the
i
y r r e
REORG option for every backup. Consider using this option once a month and after large amounts of
metadata have been deleted.
o p f o r
Before you use the REORG option, it is important to run at least one successful backup without
C o t
the REORG option.
N
Backup Wizard
The Backup Wizard enables you to create backup and
restore jobs that
use OMABAKUP
enable you to specify backup options and a backup

destination
are executed on a workspace server on the same host
as the metadata server and have the ALLOWXCMD
c .
option enabled.
e
You can execute the job, save it for later execution, save In
t u t
the code to a file, or deploy it for scheduling.
s t i n .
9
9
I n t i o
S
A tri b u
You cannot use the Backup Wizard to back up repositories that have a registered access state of
OFFLINE. Also you cannot use the wizard to create or run a backup job if the foundation repository has a
t S
registered access state of READONLY. For these types of backups, you must use a custom
%OMABAKUP program.
s
i g h d i
y r r e
o p f o r
C o t
N
Backup Wizard – User Credentials

The user who launches the Backup Wizard or runs a job
created by the wizard must have the following:
an operating system account known to the metadata
server host machine
an operating system account with full access to the
metadata server directory, repository manager,
subdirectories for each repository, and the backup
c .
destination
a metadata identity that is a member of the
e In
SAS Administrators group
t u t
s t i n .
1
0
10
I n t i o
S
A tri b u
The metadata identity needs to be assigned to the Metadata Server: Operation role. The SAS
Administrators group is assigned to that role by default. This enables the user to pause and resume the
t S
metadata server for the backup. The metadata identity must also be assigned to the SAS Administrators
group in order to have access to the SASMeta workspace server.
s
i g h d i
On Windows, the operating system account can be granted access to appropriate directories as a member
of the Administrators group on the metadata server host machine. The operating system account also
r r e
needs the Log on as a batch job permission.
y
o p f o r
Backup Wizard – User Credentials
C o t
On UNIX and z/OS, the backup should be done using
N the metadata server process owner, typically the

SAS Installer account.
Do not use root to perform a backup. Using root

will change the directory permissions and prevent
servers and spawners from working.
11
1
1
Backup Wizard – Backup Options

The Backup Wizard includes the following options:
Reorganize Repositories
Run Analysis Procedure
Back Up Metadata Journal File
Back Up READONLY Custom

and Project Repositories
c .
In
Back Up Configuration Files
Generate Debug Output
u t e
t i t .
12
I n s i o n
t
1
2
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The Backup Wizard options set values in the underlying generated code, as described below:
Reorganize Repositories reclaims unused disk space that is left from previously deleted
metadata objects.
Default: unchecked
Run Analysis Procedure checks the repository backup files for unnecessary indexes, long
character variables that are stored are variable-length strings,
duplicate strings, and other issues that can affect memory.
c .
In
The next time you run a backup, the backup program uses the results
of the analysis to perform memory optimization tasks. These tasks
t e
optimize the amount of space that is used when repository records
are read into the metadata server’s memory.
u
t i t
This option should be used if you notice degradation in the
.
performance of the metadata server.
I n s n
Default: unchecked
i o
Back Up Metadata Journal File
S u t
backs up the metadata journal file.
S A tri b You can select this option only if the JOURNALPATH option is
specified in the omaconfig.xml file.
h t i s Default: checked
r g r e d
Back Up READONLY Custom
i
and Project Repositories
includes project and custom repositories in the backup if they have a
registered access mode of READONLY. If you do not select this
option, the backup only includes repositories that have a registered
p y o r access mode of ONLINE or ADMINISTRATION.
C o t f Default: checked
N o
Back Up Configuration Files includes the metadata server’s configuration files, including
omaconfig.xml, adminUsers.txt, trustedUsers.txt, and logconfig.xml
in the backup.
Default: checked
Generate Debug Output creates detailed log messages that you can use to troubleshoot the
backup program. These messages are placed in the SAS log, which is
written to the backup destination directory.
Default: unchecked
Backing Up Metadata with the SAS Management Console

Backup Wizard
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2. Expand Local Users and Groups and select Users.
y r r e
o p f o r
C o t
N
3. Right-click Ahmed and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4. Click the Member Of tab and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. Select the object type of Groups from LOCALHOST. Type the object name Administrators and
click . The value should resolve to LOCALHOST\Administrators.
c .
e In
t u t
s t i n .
I n t i o
Adding Ahmed to the Administrators group gives him enough access to the operating system
S
A tri b
required for the backup.u
files. As an alternative, you can give Ahmed access only to the specific files and folders
6. Click
t S .
s
i g h d i
y r r e
o p f o r
C o t
N
7. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8. In SAS Management Console, select User Manager.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
9. Right-click Ahmed and select Properties.
i g h d i
y r r e
o p f o r
C o t
N
10. Click the Groups and Roles tab. Verify that Ahmed is a member of the SAS Administrators group.
c .
e In
t u t
s t i n .
I n o
11. Click the Accounts tab. Verify that an external account is listed.
t i
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. Expand Metadata Manager Ö Metadata Utilities.
14. Right-click Backup & Restore and select New Definition….
c .
e In
15. Accept the defaults and click
t u t .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. With SASMeta highlighted, click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r
If SASMeta does not appear, verify that the machine name specified in the connection profile
is exactly the same as the machine name for the metadata server in the metadata. The value
C o t machinename does not match machinename.orion.com.
N
17. Accept the defaults and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
o r
If more than one backup will be stored in the backup path, consider creating a specific
f
subfolder for each.
C o t
N
18. Use Windows Explorer to locate the default paths and review the contents. In SAS Management
Console, accept the default paths and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r
If the backup directory location already contains backup files, running the wizard again will
C o t overwrite the files.
N
19. Provide a name for the job definition. The job definition name will be used to create two jobs: a
backup job named by appending _B to the name provided and a restore job named by appending _R
to the name provided.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r
C o tDo not use an apostrophe or single quotation mark in the name. The code generated by the
wizard uses single quotation marks to surround option values. A single quotation mark in the
name will unbalance the code and prevent it from executing.
N
20. Select Run the backup now and save job definition. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
21. Review the settings and click . If you want to change any of the settings, use .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
p o r
22. When you are prompted to run the job, click
o f
.
C o t
N
23. If the job ran without errors, click in the Information window.
24. Use Windows Explorer to navigate to the backup location and verify that it now includes a folder for
each repository, a folder for REPOSMGR, MetadataJournal.dat, omaconfig.xml, logconfig.xml,
adminUsers.txt, trustedUsers.txt, and a log file generated as a result of the backup job execution.
Verify that the subfolders contain tables.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
25. Examine the log for errors.
Exercises
1. Exploring the Properties of a Backup Job Definition

a. Compare the list of configuration files in the backup location to the files in C:\SAS\Config\Lev1\.
Are there additional files that you would back up using other methods?
c .
In
b. Explore the properties of the backup and restore job definitions.
Job ID:
u t e
1) Use the properties of the backup job to complete the following table:
Job Type:
t i t .
Job Status:
I n s i o n
Created Date:
S u t
A tri
Last Run Date:
S
Server Name: b
h t
Server Port:
i s
r i g r e
Protocol:
d
p y r
Repository Name:
o
C o t f
Repository Type:
Workspace Server Name:
N o Server Start Path:
Backup Destination Path:
Repository Manager Path:
adminUsers.txt File:
trustedUsers.txt File:
omaconfig.xml File:
logconfig.xml File:
Backup OFFLINE
Repositories Option:
Backup READONLY
Repositories Option:
Backup Configuration Files

Option:
Backup Metadata Journal

File Option:
Reorganize Repositories
Option:
c .
Run Analysis Option:
e In
Debug Option:
t u t
s i
2) How do the properties of the restore job differ from the properties of the backup job?
t n .
3) How can you modify the settings for the backup job?
I n t i o
4) Right-click on the backup job and select Save to File…. Save the file in the SASBackup
S
A tri b u
directory and name the file the same as the job name. Use TextPad to open the new file.
The OMABAKUP macro source is stored in the following location:
t S C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro\omabakup.sas
s
i g h d i
y r r e
o p f o r
C o t
N
5.2 Exploring OMABAKUP 5-29
5.2 Exploring OMABAKUP
Objectives
Use the backup program included in metadata server
directory.
Explore the OMABAKUP syntax.
Explore best practices for restoring your system.
c .
In

Restore your system.
u t e
t i t .
I n s i o n
S u t
1
6
16
S A tri b
h t i s
r i g r e d
OMABAKUP (Review)
The macro is available in the following ways:
p y o r
as part of the backup and restore programs provided
with your installation
C o t f
in the code generated by the Backup Wizard
in SAS Management Console
N o by writing custom code to invoke the macro
17
1
7
backupServer.sas
Included in your metadata server directory is a backup
program customized to your environment. The program
does the following:
connects to the metadata server by using the
SAS Administrator credentials
writes backup files to a directory named SASBackup
in the metadata server directory
c .
writes a log to the metadata server directory
e In
t u t
s t i n .
1
8
18
I n t i o
S
A tri b u
Your environment also includes a restore program named restoreServer.sas, which does the following:
• connects to the metadata server with the SAS Administrator credentials
t S
• restores the backup files from the SASBackup directory to the appropriate subdirectories in the
s
metadata server directory
i g h d i
• writes a log to the metadata server directory
y r r e
o p f o r
C o t
N
backupServer.sas
You can execute the backupServer.sas file in a couple
of ways:
in a SAS session with XCMD option enabled
by going to the metadata server directory and issuing

the following command:
– Windows: MetadataServer -backup
c .
In
– UNIX or z/OS: MetadataServer.sh -backup
u t e
t i t .
19
I n s i o n
t
1
9
S
A tri b u
You can execute restoreServer.sas in the same ways:
• in a SAS session with the XCMD option enabled
t S
• go to the metadata server directory and issue the following command:
s
g d i
Windows: MetadataServer - restore
h
UNIX or z/OS: MetadataServer.sh - restore
i
y r r e
o p f o r
OMABAKUP
It is possible to modify the provided backup and restore
C o t
programs or create custom OMABAKUP code.
At a minimum, the code must include
N server connection information to connect

to the metadata server
an OMABAKUP statement.
20
2
0
Server Connection Statement

The metadata server connection information can
be provided in several ways, including an OPTIONS
statement in the custom code:
OPTIONS METASERVER="host-name"
METAPORT=port-number
METAUSER="user-ID"
c .
METAPASS="password";
e In
t u t
s t i n .
2
1
21
I n t i o
S u
The server connection options should be set as follows:
A tri b
Option
METASERVER
t S s
Description
specifies the metadata server host name.
METAPORT
i g h d i
specifies the unique port that identifies the metadata server. The default port is 8561.
r
METAUSER
y r e specifies a user ID to connect to metadata server.
p
METAPASS
o f o r specifies corresponding password; the password should be encrypted.
C o t
N
OMABAKUP Syntax
The following syntax invokes the OMABAKUP macro
and its parameters:
%omabakup(DestinationPath="pathname",
ServerStartPath="pathname",
RposmgrPath="pathname",
<Reorg="Yes|No">,
c .
In
<Restore="Yes|No">,
<RunAnalysis ="Yes|No">,
t e
<DisableConfigurationFileBackup ="Yes|No">,
<DisableReadOnlyBackup ="Yes|No">,
u
t
<DisableOfflineBackup ="Yes|No">,
i
<BackupMetadataJournalFile ="Yes|No">);
t .
22
I n s i o n
t
2
2

S u
The syntax in brackets is optional, and if used, should not include the brackets.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Option
DestinationPath Pathname of the directory where backup copies are stored. If the
directory does not exist, %OMABAKUP will create the directory
for you.
ServerStartPath Full path to the directory in which the metadata server process was
started.
RposmgrPath Relative location of the repository manager as defined in the

omaconfig.xml file.
c .
Reorg Specify YES or Y to reclaim unused disk space left from
e In
t u t
previously deleted metadata objects.
Specify NO or N if you want to copy the repositories as they are.
s t i .
Default: NO
n
Restore
I n t o
Specify YES or Y to run the macro in restore mode.
i
S
A tri b u
Specify NO or N to run the macro in backup mode.
Default: NO
RunAnalysis
t S s
Specify YES or Y to analyze the backup repositories; option is not
i g h d i valid when %OMABAKUP is executed in restore mode.

Specify NO or N if you do not want to analyze the backup
y r r e repositories.
o p f o r
DisableConfigurationFileBackup
Default: NO
Specify YES or Y if you do not want to backup or restore the
C o t metadata server’s configuration files.

Specify NO or N if you do want to backup or restore the metadata
N server’s configuration files.

Default: NO
Option
DisableReadOnlyBackup Specify YES or Y if you do not want to backup or restore custom

and project repositories that have a registered access mode of
ReadOnly.
Specify NO or N if you do want to include those repositories.
Default: NO
DisableOfflineBackup Specify YES or Y if you do not want to backup or restore

c .
e In
repositories that have a registered access mode of Offline.
Specify NO or N if you do want to include those repositories.
u
Default: NO
t t
BackupMetadataJournalFile
t i .
Specify YES or Y if you want to backup the metadata journal file.
s n
I nSpecify NO or N if you do not want to backup the metadata
i
journal file.
t o
S
A tri u
Default: YES
b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Restoring Your System

You can restore your system by using the following
methods:
using the restore job created by the Backup Wizard
using the restore program provided with your

installation
writing custom code to invoke the macro with the
RESTORE option enabled
c .
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri
Restoring Your System b u
t S s
Full restores are the best practice to follow to ensure that
i g h d i
the metadata server returns to a consistent state and that
the metadata associations are correctly maintained.
y r r e
A full restore includes
o p f o r
the metadata content and associated files backed
up by the Backup Wizard or OMABAKUP
additional physical files.
C o t
N
24
2
4
Exploring OMABAKUP
1. Use Windows Explorer to navigate to

C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup and delete the contents.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
2. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
y
o p f o r
C o t
N
3. Open backupServer.sas with TextPad. Review the contents of the file and close TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4. Right-click backupServer.sas and select Batch Submit with SAS 9.2.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s

i g h d i
You can also open and execute backupServer.sas in a SAS Windowing Environment. To open
y r r e
a SAS Windowing Environment, select Start Ö All Programs Ö SAS Ö SAS 9.2 (English).
o p
f o r
Either method of invoking SAS runs the code in a SAS session that runs under the credentials
of the user ID used to log on to the machine. This SAS session uses only the configuration
C o tfile in C:\Program Files\SAS\SASFoundation\9.2\nls\en. The ALLOWXCMD option is

turned on by default.
N
5. When the execution is complete, open backupServer.log and search for errors.
c .
e In
t u t
s t i n .
I n t i o
6. Use Windows Explorer to verify that the SASBackup folder includes a folder for each repository,
S
a folder for REPOSMGR, MetadataJournal.dat, omaconfig.xml, logconfig.xml, adminUsers.txt,
u
trustedUsers.txt, and a log file generated as a result of the backup job execution. Verify that the
A tri
subfolders contain tables.
b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
2. Restoring a Backup
.
Do not complete this exercise if the backup performed in the demonstration ended with errors.
c
In
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
Open adminUsers.txt with TextPad. Add the following entry to the end of the file:
u t e
localhost\test. Close the file and save the changes.
b. In SAS Management Console, verify that you are logged on as Ahmed.
t i t .
c. Expand Metadata Manager Ö Metadata Utilities. Select Backup & Restore. Right-click on the
I s i o n
restore job and select Run Job. Select OK to run the job. Select OK when the job is complete.
n
d. Use Windows Explorer to verify that the adminUsers.txt file is restored to its original state.
S u t
e. In SAS Management Console, right-click on the restore job and select Save to File…. Save the
A tri b
file in the SASBackup directory and name the file the same as the job name. Use TextPad to open
S
the file. How does this file differ from the backup file?
h t i s
r i g r e d
p y o r
C o t f
N o
5.3 Scheduling Backups
Objectives
Identify the methods for scheduling a backup.
Modify the SASMeta batch server to enable
the XCMD option.
Schedule a backup using the Backup Wizard.
c .
In

Locate the SAS logs for a scheduled job.
u t e
t i t .
I n s i o n
S u t
2
8
28
S A tri b
h t i s
r i g r e d
Scheduling a Backup
There are several ways to schedule a backup:
p y o r
Use the Metadata Manager plug-in to deploy the
backup job created by the Backup Wizard and
C o t f schedule it using the Schedule Manager plug-in.

Use a scheduler in your environment to schedule
N o – code file saved from the output of the

Backup Wizard
– backupServer.sas
– custom OMABAKUP code.
29
2
9
5.3 Scheduling Backups 5-43
Schedule Manager
c .
e In
t u t
s t i n .
3
0
30
I n t i o
S
A tri b u
Deploying a job creates a code file and registers the job in metadata.
The available schedulers include Platform Computing’s Process Manager/LSF and operating system
t S
schedulers. The In-Process Scheduler cannot be used to schedule backups. It is only available for use with
certain Web applications.
s
g h d i
When you schedule the backup using the Metadata Manager plug-in, the command line defined for the
i
r e
SASMeta - DATA Step Batch Server is passed to the scheduler.
y r
o p f o r
C o t
N
XCMD Option
OMABAKUP issues operating system commands.
You need the XCMD option to be enabled in your
SAS session in order for OMABAKUP to work.
The XCMD option is, by default,
enabled for the SASMeta workspace server
disabled for all other servers including the

SASMeta DATA Step Batch Server.
c .
e In
t u t
s t i n .
3
1
31
I n t i o
S
A tri b u
The XCMD option enables you execute operating system commands from within SAS code. Operating
system commands, for example, can be used to navigate through a folder structure on the operating
t S
system, copy, delete, rename, and create files.
s
i g h d i
Enabling XCMD Option for the
y r r e
SASMeta DATA Step Batch Server
o p f o r
1. Locate the command line on the Options tab of the
SASMeta - SAS DATA Step Batch Server properties.
C o t Example:
C:\SAS\Config\Lev1\SASMeta\BatchServer\sasbatch.bat
N 2. Open the sasbatch.bat file and locate the line that

begins with Set CMD_OPTIONS. Change –noxcmd
to –xcmd.
32
3
2
Modifying the SASMeta DATA Step Batch Server
1. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\BatchServer.
c .
e In
t u t
s t i n .
I n t i o
S b
2. Open sasbatch.bat with TextPad.
A tri u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. On the line that begins with Set CMD_OPTIONS, change –noxcmd to –xcmd.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
4. Close the file and save the changes.
i g h d i
y r r e
o p f o r
C o t
N
Exercises
3. Scheduling a Backup
Use SAS Management Console to schedule a backup.
a. Use Windows Explorer to navigate to
c .
In
u t e
b. In SAS Management Console, verify that you are logged in as Ahmed.
c. Expand Metadata Manager Ö Metadata Utilities and select Backup & Restore. Right-click
i t
on the backup job and select Deploy for Scheduling….
t .
Location:
I s i o n
d. Write the location of the deployed code and click OK in the Redeploy Job window.
n
S u t
e. Use Windows Explorer to navigate to the location of the deployed code. Examine the code with
TextPad.
S A tri b
f. Return to SAS Management Console, right-click Schedule Manager, and select New Flow….
h t i s
g. Create a new flow with the following attributes:
r i g d
Name: backup_flow
r e
p y Location: Shared Data
o r
Scheduling Server: Platform Process Manager
C o t f
1) Move the available job to the Selected Items pane.
N o2) Click OK.

h. In the pane on the right of the Schedule Manager plug-in, select [All] in the Filter drop-down list
and Filter Now. Right-click on the new flow and select Schedule Flow…. Type the user ID
.\Ahmed and the password Student1. Accept Run Now as the trigger and click OK Ö OK.
Platform Computing software requires a fully qualified user ID. A local account can be
referred to by preceding the user ID with the machine name or a .\. A domain account can
be referenced with the domain included.
i. Select Start Ö All Programs Ö Platform Process Manager Ö Flow Manager. Type the user ID
.\Ahmed and the password Student1. Expand .\Ahmed Ö adhoc. Verify that the status of the
job is Done.
A status of Exit indicates that a problem occurred.

j. Use Windows Explorer to navigate to the SASBackup folder. Does the folder include a folder
for each repository with tables within, a folder for REPOSMGR, MetadataJournal.dat,
omaconfig.xml, logconfig.xml, adminUsers.txt, trustedUsers.txt, and a log file generated
as a result of the backup job execution?
k. In SAS Management Console, expand Server Manager Ö SASMeta Ö SASMeta - Logical
SAS DATA Step Batch Server. Right-click SASMeta - SAS DATA Step Batch Server and
select Properties. Select the Options tab. The location of the logs is listed in the Logs
Directory field, C:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.
l. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.

c .
Open the most recent log file and search for errors.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.4 Backing Up Physical Files 5-49
5.4 Backing Up Physical Files
Objectives
Identify additional files that should be backed up.
Explore best practices for backing up physical files.
c .
e In
t u t
s t i n .
I n t i o
35 S
A tri b u
S
3
5
h t i s
r i g r e d
Backing Up Physical Files
In addition to the content backed up by %OMABAKUP,
p y o r
you should also back up the following:
SAS Content Server
C o t f
SAS Table Server
data stored in file systems
N o It is also important to synchronize metadata backups with

physical backups.
36
3
6
Metadata cannot be used without the associated content that is stored on this server. If you need to recover
from a failure, the metadata that you restore must be synchronized correctly with the content server.
The content server can also include content for SAS solutions.
Backing Up the SAS Content Server

If your deployment includes SAS Web applications,
it is important to back up the SAS Content Server.
The SAS Content Server contains content associated
with metadata. The content includes the following:
content for the SAS Information Delivery Portal
report definition files
c .
In
other support files for reports including PDF files
and image files
u t e
t i t .
37
I n s i o n
t
3
7
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Backing Up the SAS Content Server

To back up the SAS Content Server,
stop either the Web application server or the
SAS Content Server application
use operating system commands or third-party
tools to copy all of the files and subdirectories
from the Repository directory in
SAS-config-dir\Lev1\AppData\SASContentServer\.
c .
e In
t u t
s t i n .
3
8
38
I n t i o
S
A tri b u
If you are using an IBM WebSphere Application Server Network Deployment or an Oracle WebLogic
Server, then you can stop the SAS Content Server application.
t S
If you are using a JBoss Application Server, then you must stop the server.
s
g h d i
The WebDAVDump utility dumps the content of a WebDAV server by saving directories, content,
and properties. It creates one XML file, which describes the content and one file for each content resource
i
y r r e
found in the server. You run the utility pointing it to an empty directory. The XML file can be edited
to change file locations, machine names, and domain names.
p o r
The WebDAVRestore utility restores the contents of the dump file (created by WevDAVDump) to the
o f
SAS Content Server. To modify the file locations or other properties, edit the XML file before restoring
C it.
o t
For instructions on using the WebDAVDump and the WebDAVRestore utilities, see SAS Usage Note
N
34163.
Backing Up the SAS Table Server

If your deployment includes SAS Web applications,
then it is important to back up the SAS Table Server
and the Shared Services database.
Stop the SAS Table Server.
Use operating system commands or third-party

tools to copy all of the files and subdirectories from
SAS-config-dir\Lev1\SASTS.
c .
Back up the Shared Services database using the
SASTBACK executable.
e In
t u t
s t i n .
3
9
39
I n t i o
S
A tri b u
The Shared Services include alert registration and notification and comment management. For more
information about the Shared Services, refer to the SAS 9.2 Intelligence Platform: Web Application
t S
s
The SASTBACK executable can be located in SAS-installation-directory\SASFoundation\9.2\bin.
i g h d i
To back up the Shared Services database that exists on the table server, issue the following command:
y r e
sastback –b SharedServices.fdb –mo read_only [-verbose] SharedServices.fbk
r
o p f o r
C o t
N
Backing Up Data Stored in File Systems

When you back up the metadata server, it is important
to also back up the physical data that is associated with
metadata objects in the repository, including the following:
portal content and report definition files not stored
in the SAS Content Server
source files for stored processes
archived and permanent packages

c .
data sources
custom code
e In
t u t
s t i n .
4
0
40
I n t i o
S
A tri b u
Because the Backup Wizard and %OMABAKUP do not back up the physical data that is associated with
metadata, you must use operating system commands or third-party tools to back up physical data.
t S
Dashboard content and configuration files should also be backed up.
s
g h d i
To maintain system integrity in the event that a restore is needed, your backups of the SAS Content
Server, SAS Table Server, and physical data must be synchronized correctly with your metadata backups.
i
y r r e
To ensure that the backups are synchronized, you can use one of the following approaches:
• Back up the metadata server, the SAS Content Server, the SAS Table Server, and the physical files
o p f o r
concurrently (that is, in the same backup window).
• Back up the SAS Content Server, the SAS Table Server, and the physical files immediately after the
C t
metadata server is backed up, and do not allow clients to update metadata while you are performing
o
these backups (keep the metadata server paused during this operation).
N
Locating Additional Content to Backup
1. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\AppData\SASContentServer\Repository

and explore the subfolders.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASTS and explore the subfolders.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3. Use Windows Explorer to navigate to S:\workshop\OrionStar and explore the subfolders.
s
i g h d i
y r r e
o p f o r
C o t
N

1. Exploring the Properties of a Backup Job Definition
a. Compare the list of configuration files in the backup location to the files in C:\SAS\Config\Lev1\.
Are there additional files that you would backup using other methods?
sasv9.cfg and sasv9_usermods.cfg for the metadata server
configuration files for all of the other servers and spawners
c .
b. Explore the properties of the backup and restore job definitions.
e
1) Use the Properties of the backup job to complete the table: In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) How do the properties of the restore job differ from the properties of the backup job?
The Metadata Journal File Option is a NO on Restore and YES on Backup. The status
might be different too, based on the fact that the Restore might not have run yet.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) How can you modify the settings for the backup job?
You cannot modify the job in SAS Management Console. Your only options are listed
in the display below.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
4) Right-click on the backup job and select Save to File…. Save the file in the SASBackup
i
y r e
directory and name the file the same as the job name. Use TextPad to open the new file.
r
o p f o r
a) In SAS Management Console, expand the Metadata Manager. Expand
Metadata Utilities. From the panel on the right side, right-click on the backup job name
and select Save to File… from the drop-down menu.
C o t
N
b) Navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup. Type the

name Marty Metadata Server Backup_B and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
c) Use Windows Explorer to navigate to
i g h d i
C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup. Right-click on the file
and select TextPad.
y r r e
o p f o r
C o t
N
2. Restoring a Backup
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
Open adminUsers.txt with TextPad. Add the following entry to the end of the file:
localhost\test. Close the file and save the changes.
1) Right-click on the adminUsers.txt file and select TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
2) Add localhost\test to the file. Select File Ö Save.
N
b. In SAS Management Console, verify that you are logged on as Ahmed.
c .
e In
t u t
c. Expand Metadata Manager Ö Metadata Utilities. Select Backup & Restore.
s t i .
1) Right-click on the restore job and select Run Job.
n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
2) Click to run the job.
N
3) Click when the job is complete.
c .
In
d. Use Windows Explorer to verify that the adminUsers.txt file is restored to its original state.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y e. In SAS Management Console, right-click on the restore job and select Save to File…. Save the
r
file in the SASBackup directory and name the file the same as the job name. Use TextPad to open
o
C o t f
the file. How does this file differ from the backup file?
1) Right-click on the restored job name and select Save to File… from the drop-down menu.
N o
2) Navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup. Type the name

My Metadata Server Backup_R and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
3) Go to the backup directory and select the new file that was created. Right-click on the file
h
and select TextPad to view the file.
y r r e
o p f o r
C o t
N
3. Scheduling a Backup
Use SAS Management Console to schedule a backup.
a. Use Windows Explorer to navigate to
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. In SAS Management Console, verify that you are logged in as Ahmed.
c .
e In
t u t
c. Expand Metadata Manager Ö Metadata Utilities and select Backup & Restore. Right-click on
t i .
the backup job and select Deploy for Scheduling….
s n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
d. Write the location of the deployed code and click in the Redeploy Job window.
C o t
The location of the code is C:\SAS\Config\Lev1\SASMeta\SASEnvironment\SASCode\Jobs.
N
e. Use Windows Explorer to navigate to

C:\SAS\Config\Lev1\SASMeta\SASEnvironment\SASCode\Jobs. Examine the code with
TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
f. Return to SAS Management Console. Right-click Schedule Manager and select New Flow….
o p f o r
C o t
N
g. Create a new flow with the following attributes shown below and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
h. In the pane on the right of the Schedule Manager plug-in, select [All] in the Filter drop-down list.
1) Select [All] in the Filter drop-down list and click .

2) Right-click on the new flow and select Schedule Flow….
c .
e In
t u t
s t i n .
3) Type the user ID .\Ahmed and the password Student1 and click .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
4) Accept Run Now as the trigger and click .
C o t
N
5) Click .
i. Select Start Ö All Programs Ö Platform Process Manager Ö Flow Manager.

1) Type the user ID .\Ahmed and the password Student1.
c .
2) Expand .\ahmed Ö adhoc. Verify that the status of the job is Done.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
j. Use Windows Explorer to navigate to the SASBackup folder. Does the folder include a folder
i g
y r e
for each repository with tables within, a folder for REPOSMGR, MetadataJournal.dat,
r
omaconfig.xml, logconfig.xml, adminUsers.txt, trustedUsers.txt, and a log file generated
o p f o r
as a result of the backup job execution?
The folder contains everything except the log from the backup job.
C o t
k. In SAS Management Console, expand Server Manager Ö SASMeta Ö SASMeta - Logical
SAS DATA Step Batch Server.
N1) Right-click SASMeta - SAS DATA Step Batch Server and select Properties.
2) Click the Options tab. The location of the logs is listed in the Logs Directory field,
D:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.
c .
e In
t u t
t i .
l. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.
s n
I n t i o
1) Open the most recent log file.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Search for errors.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 6 Administering Client
Applications
6.1 Exploring Connection Profiles ...................................................................................... 6-3

c .
Demonstration: Exploring Connection Profiles ...................................................................... 6-7
e In
Exercises .............................................................................................................................. 6-13
u t
Demonstration: Connection Profile for SAS Enterprise Guide and the SAS Add-In for
t
s i
Microsoft Office ........................................................................................... 6-16
t .
Exercises .............................................................................................................................. 6-20
n
6.2
I n t i o
Using Roles to Control Access to Application Functionality ................................... 6-22
S u
Demonstration: Identifying Roles in SAS Management Console ........................................ 6-35
A tri b
t S
Exercises .............................................................................................................................. 6-39
s
6.3
h i
Exploring SAS Folders ................................................................................................. 6-41
i g d
y r e
Demonstration: Exploring Folders........................................................................................ 6-51
r
o p f o r
Exercises .............................................................................................................................. 6-56
C
6.4
t
o
N
6-2 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.1 Exploring Connection Profiles 6-3
6.1 Exploring Connection Profiles
Objectives
Identify how desktop application connect to the
metadata server.
Use an existing connection profile.
Create a new connection profile.
c .
In

Locate connection profiles.
u t e
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r i g r e d
SAS Client Applications
The client applications are either of the following:
p y r
Web-based
o
C o t f SAS BI Dashboard
N o Desktop Windows applications

SAS Enterprise Guide
Java applications, including


SAS OLAP Cube Studio

4
4
Desktop applications are installed on the user’s desktop and, except for SAS Management Console, only
run on Windows. SAS Management Console is supported on all platforms except z/OS and OpenVMS.
Connection Profiles
The desktop applications use connection profiles to
connect to the metadata server. A connection profile is
a file stored on the desktop that contains the information
necessary to connect to your metadata server.
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
Connection Profiles – Java Applications
t S s
The Java applications use different files for connection
i g h d i
information than the Windows applications.
When you open a Java application on a particular
y r r e
machine, you are typically presented with a Connection
o p f o r
Profile window.
C o t
N
6
6
Connection Profile Window

The Connection Profile window enables a user to
open an existing profile
edit an existing profile
create a new profile.
Profiles are stored locally on the user’s machine. If there

c .
In
are no profiles on the machine, the user is prompted to
create one before logging on.
u t e
t i t .
7
I n s i o n
t
7
S
A tri b
Connection Profile Window
u
t S
A connection
s
i g h
profile includes
the metadata
d i
y r r e
server host name
and port.
o p o r
Users can
f
choose to save
C o t
a user ID and
password
N in the profile.
8
8
Connection Profile Best Practice

Always create, edit, and delete profiles using the
Connection Profile window.
Profiles for Java applications are stored as .swa files
on the machine where the Java application is installed
in the user’s home directory under
Application Data\SAS\MetadataServerProfiles
c .
e In
t u t
s t i n .
9
9
I n t i o

S u
If you cannot access the Application Data folder, it might be hidden. Use operating system
A tri b
commands to unhide the folders.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exploring Connection Profiles
1. Select Start Ö All Programs Ö SAS Ö SAS Management Console 9.2.
2. With Open an existing connection profile selected, click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3. The name of the connection profile is My Server. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
4. The name of the machine hosting the metadata server is localhost. The metadata server listens
for requests on port number 8561. Click .
c .
e In
t u t
s t i n .
I n
5. In the Error window, click
t i
. o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
6. Type Ahmed as the user ID and Student1 as the password. Click .
C o t
N
7. Review the settings and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
p
8. Click
o f o r to log on with the connection profile.
C o t
N
9. Because you did not save the user ID and password as part of the profile, type the user ID Ahmed and
the password Student1.
10. Click .
11. Select File Ö Connection Profile….
c .
e In
12. Click
t u t
when you are prompted about disconnecting from the server.
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
13. Select the drop-down arrow to display the list of existing connection profiles.
h
y r r e
o p f o r
C o t
N
14. Click . Close SAS Management Console.
15. Use Windows Explorer to navigate to C:\Documents and Settings\Student\Application

Data\SAS\MetadataServerProfiles. There is a file with the .swa extension for each existing
connection profile.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
16. Right-click My Server.swa and select TextPad.
t S s
i g h d i
y r r e
o p f o r
C o t
N
17. Review the contents and close the window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
1. Exploring .swa Files

a. Use Windows Explorer to navigate to C:\Documents and Settings\student\Application
Data\SAS\MetadataServerProfiles\My Server.swa. Open the file using TextPad. What is the
value of SelectedReps?
c .
b. Use the Metadata Manager in SAS Management Console to identify which repository the value
of SelectedReps points to.
e In
t
2. Creating a New Connection Profile
u t
t i .
a. Use SAS Data Integration Studio to create a new connection profile named Exercise.
s n
Provide the connection information for Barbara to connect to her project repository. Connect
I n i o
to Barbara’s Work Repository. Save Barbara’s credentials in the profile.
t
S
A tri b u
b. Log on with the new connection profile. Is there a Checkouts tab?
c. Select File Ö Connection Profile. Click . In the Connection Profile window, set the
t S
Exercise connection profile as the default. Log on. Close SAS Data Integration Studio and reopen
s
the application. Are you prompted to select a profile? Remove the assignment of the Exercise
i g h d i
profile as the default connection profile.
y r
password?
r e
d. Use Windows Explorer to review the contents of the new .swa file. What is the value of the stored
o p o r
e. Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English).
f
C t
f. In the Editor window, type the following code:
oproc pwencode in="Student1";
N run;
g. Select Run Ö Submit.
h. Locate the line in the Log window that begins with {sas002}. Does this value match the value
stored in the .swa file?
A password string beginning with {sas002} was encoded using the SASProprietary
algorithm.
3. Duplicating a Connection Profile
a. Make a copy of My Server.swa. Rename the file My DEV Server.
b. Open My DEV Server.swa. Change the metadata server host name to devhost. Delete the user ID
and password if they are stored in the file. Change the value of the name parameter to My Dev
Server.
c. Open a Java application. Locate the My DEV Server profile in the list of connection profiles.
Connection Profiles – Windows Applications

SAS Add-In for Microsoft Office and SAS Enterprise
Guide use common connection profile information.
You can access it in SAS Enterprise Guide
1. Select Tools Ö Options Ö Administration.
2. Under Connections, select Modify.
You can access it in SAS Add-In for Microsoft Office
c .
In
on the SAS tab by selecting Tools Ö Connections.
u t e
t i t .
12
I n s i o n
t
1
2

S u
The Connection link at the bottom of the SAS Enterprise Guide window is a shortcut to the
A tri
Connections window.
b
t S s
i g h d i
Connection Profile Best Practice
y r r e
Always create, edit, and delete profiles using either
SAS Enterprise Guide or the SAS Add-In for Microsoft Office.
o p f o r
Profiles for Windows applications are stored in a file named
ConfigurationV42.xml on the machine where the Windows
C o t
application is installed in the user’s home directory under
Application Data\SAS\MetadataServerProfiles
N
13
1
3
Storing User Credentials

in Connection Profiles
A user’s ability to store credentials in a profile is controlled
by the SASSEC_LOCAL_PW_SAVE option in metadata
server’s omaconfig.xml file:
1 Users can save the user ID and password
in the connection profile.
c .
0 Users cannot save the user ID and
password in the connection profile.
e In
u t
Make a backup copy of omaconfig.xml before
t
modifying it.
s t i n .
1
4
14
I n t i o
S
A tri b u
If a user selects the Save user ID and password in this profile check box, then a local copy of the user’s
ID and password are stored in a format that is difficult, but not impossible, for an intruder to read. The
t S
local copy is used to prepopulate the logon dialog box, so that the user does not need to enter a password
every time that the application is launched.
s
i g h d i
When you make a change to the omaconfig.xml file, you must stop and restart the metadata
y r e
server for the change to take effect.
r
o p f o r
C o t
N
Connection Profile for SAS Enterprise Guide and the SAS

Add-In for Microsoft Office
1. Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2.
2. Select New Project.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3. Notice the connection information in the lower right corner of SAS Enterprise Guide.
o p f o r
C t
4. Close SAS Enterprise Guide.
o
N
5. Select Start Ö All Programs Ö Microsoft Office Ö Microsoft Office Excel 2007.
6. Click the SAS tab.
7. Select Tools Ö Connections….
c .
e In
t u t
s t i n .
8. Click .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9. The user ID and password used to make the connection are listed. Click to close the
Modify Profile window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
10. Click
f o r to close the Connections window.
C o t
11. Close Microsoft Office Excel 2007. Do not save changes.
N
12. Use Windows Explorer to navigate to C:\Documents and Settings\student\Application

Data\SAS\MetadataServerProfiles.
c .
e In
t u t
s t i n .
I n t i o
S
A tri
Close the TextPad window.
b u
13. Use TextPad to open ConfigurationV42.xml. Notice the user ID and encoded password for Jacques.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
4. Preventing Users from Storing Credentials

a. Verify that the password stored in ConfigurationV42.xml is the encoded form of Student1.
b. Prevent users from storing credentials.

c .
In
1) Use Windows Explorer to open C:\SAS\Config\Lev1\SASMeta\MetadataServer\omaconfig.xml.
e
t u t
a) Set the value of SASSEC_LOCAL_PW_SAVE to 0.
b) Save the changes made to the file.
s t i .
2) Restart the metadata server and all dependent services.
n
I n i o
3) Log on to SAS Management Console.
t
S
credentials.)
A tri b u
a) Try to modify the My Server profile. (The profile should not currently include stored
t S
b) Try to save the user ID and password.
s
i g h d i
c) Were you successful?
4) Log on to SAS Data Integration Studio using the Exercise profile.
y r r e
a) Were you prompted for credentials?
o p f o r
b) Close SAS Data Integration Studio.
C o t5) Log on to SAS Enterprise Guide. Were you prompted for credentials?
6) In SAS Enterprise Guide, select Tools Ö Options Ö Administration.
N a) Click twice.
b) Delete the user ID and password values and click .
c) Click to modify the active profile.
d) Click when you are prompted to provide credentials.
e) Close SAS Enterprise Guide.
If you first try to modify the value of the password, you are able to save the
updated password in the connection profile. After you delete the password, you
can no longer add a password to the connection profile.
7) Reopen SAS Enterprise Guide. Were you prompted for credentials?
8) Select Start Ö All Programs Ö Microsoft Office Ö Microsoft Office Excel 2007.
a) Select SAS.
b) Select Tools Ö Connections. Are the user ID and password listed?
c) Click Ö .
9) Select Analyze Data. Were you prompted for credentials?

10) Modify the profile and include credentials. Close Microsoft Excel.
c .
e In
11) Reopen Microsoft Excel. Select SAS Ö Analyze Data. Were you prompted for credentials?
u t
a) Set the value of SASSEC_LOCAL_PW_SAVE back to 1.
t
t i
s n .
I n
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.2 Using Roles to Control Access to Application

Functionality
Objectives
Explore key features of roles.
.

Examine initial roles.
Create a new role.
In c
u t e
t i t .
I n s i o n
S u t
S A tri b
t
18
s
1
8
i g h d i
y r e
What Are Metadata Roles?
r
o p r
Roles determine which user interface elements a user
o
sees when interacting with an application. The various
f
features in applications that provide role-based
C o t
management are called capabilities.
N
Applications that support roles include the
following:

19
1
9
6.2 Using Roles to Control Access to Application Functionality 6-23
Role Features
Below are some of the important features of roles:
Not all applications support roles.
Not all application features are under role

management.
There are no negative capabilities and you cannot
deny a capability to anyone.
c .
In
Having a certain capability is not an alternative
to meeting permission requirements.
u t e
Roles and groups serve distinct purposes.
t i t .
20
I n s i o n
t
2
0
S
A tri b u
Applications that support roles include SAS Management Console, SAS Add-In for Microsoft Office,
SAS Enterprise Guide, SAS Web Report Studio, and SAS BI Dashboard.
capability.
t S
To prevent someone from having a capability, make sure he or she is not in any role that provides that
s
i g h d i
y r r e
o p f o r
C o t
N
Roles and Metadata Security

Roles are an entirely separate concept from permissions.
In general, roles do not affect access to metadata
or data.
Having a certain capability is not an alternative
to meeting permission requirements. Permission
requirements and capability requirements are
cumulative.
c .
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri
authorization layer.
b u
The Metadata Server: Unrestricted role provides irrevocable grants of all permissions in the metadata
t S
Permissions requirements and capability requirements are cumulative. For example, even if you are in the
s
Enterprise Guide: OLAP role, you cannot access data in a cube for which you do not have the Read and
i g h d i
ReadMetadata permissions. You can use permissions to constrain the scope of a role.
y r r e
o p f o r
Managing Roles
Roles can be accessed and managed from the
C o t
User Manager plug-in in SAS Management Console.
22
2
2
Creating New Roles

When you create a new role, you can do the following:
Assign capabilities directly to the role.
no capabilities selected
c .
In
some capabilities
selected
u t e all capabilities selected
t i t .
23
I n s i o n ...
t
2
3
S
A tri
Creating New Roles b u
t S s
i g h d i
y r r e
Designate contributing roles.
o p f o r
C o t
N
24
2
4
Creating New Roles

Designate contributing roles.
Assign a membership to the role.
c .
e In
t u t
s t i n .
2
5
25
I n t i o
Roles
S
A tri b u
t S s
The initial configuration of the software includes some
i g h d i
predefined roles.
If these roles meet your needs, assign the correct
y r r e
membership.
o p o r
If these roles do not meet your needs, create new
roles, assign appropriate membership, and explicitly
f
select application capabilities and/or designate
C o t contributing roles.
N Do not change the name of predefined roles.
26
2
6
Do not change the name of any predefined roles. The best practice is to make groups members
of roles whenever possible. In order to assign the role to a new user, make the user a member
of the group.
It is a best practice to leave the capabilities of predefined roles unchanged. If you need to modify the
capabilities, create a new role.
Predefined Roles: Add-In for Microsoft Office: Advanced Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Predefined Roles: Add-In for Microsoft Office: OLAP Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
Predefined Roles: Add-In for Microsoft Office: Analysis Role Capabilities
i g
y r r e
o p f o r
C o t
N
Predefined Roles: Enterprise Guide: Advanced Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Predefined Roles: Enterprise Guide: Programming Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
Predefined Roles: Enterprise Guide: OLAP Role Capabilities
s
i g h d i
y r r e
o p f o r
C o t
N
Predefined Roles: Enterprise Guide: Analysis Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
Predefined Roles: Web Report Studio: Report Viewing Role Capabilities
h
y r r e
o p f o r
C o t
N
Predefined Roles: Web Report Studio: Report Creation Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Predefined Roles: Web Report Studio: Advanced Role Capabilities
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Predefined Roles: Management Console: Advanced Capabilities
c .
e In
t u t
t i .
Predefined Roles: Management Console: Content Management Capabilities
s n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Identifying Roles in SAS Management Console

2. Accept the selected connection profile and type the user ID ahmed and the password Student1.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
3. In SAS Management Console, click the Plug-ins tab and then select User Manager.
t S s
i g h d i
y r r e
o p f o r
C o t
N
4. In the pane on the right, clear the Show Users and Show Groups check boxes.
c .
e In
t u t
5. Right-click Enterprise Guide: Analysis and select Properties.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
6. Click the Members tab.
C o t
N
7. Click the Capabilities tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
8. Expand Enterprise Guide 4.2 and then expand Open or Import.
s
i g h d i
y r r e
o p f o r
C o t
N
9. Click the Contributing Roles tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
5. Identifying Current Role Memberships

Use SAS Management Console to identify the current role memberships.
Role Members
c .
Add-In for Microsoft Office: Advanced
e In
t u t
Add-In for Microsoft Office: Analysis
Enterprise Guide: Advanced

s i
Add-In for Microsoft Office: OLAP
t n .
I n
Enterprise Guide: Analysis
t i o
S
Enterprise Guide: OLAP
A tri b u
t S
Enterprise Guide: Programming
s
Web Report Studio: Advanced
g h d i
Web Report Studio: Report Creation
i
r r e
Web Report Studio: Report Viewing
y
p o r
6. Exploring SAS Web Report Studio Roles
o f
C o t
a. In SAS Management Console, open the properties of the Web Report Studio: Report Creation
role. Add Gloria to the Current Members pane.
N
b. Open Internet Explorer and select Favorites Ö SAS Web Report Studio. Log on as Gloria.
What selections are available from the File menu? Log off as Gloria.
Select Favorites Ö SAS Web Report Studio and log on as Eric. What selections are available
from the File menu? Log off as Eric. Why does Eric have the more capabilities than Gloria?
c. Return to SAS Management Console and open the properties of the Web Report Studio:
Report Creation role. On the Members tab, remove Gloria as a member.
7. Exploring SAS Enterprise Guide Roles

a. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
Remove PUBLIC as the current member.
b. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role.
Add Gloria to the Current Members pane.
c. Open SAS Enterprise Guide and connect as Gloria.

c
If you are not prompted for credentials, verify that you are connected as Gloria in the
.
In
status bar. If you are connected as someone else, select Connection and connect as Gloria.
d. On the status bar, select Functions. Compare the list of authorized functions to the list of
t e
capabilities in the Enterprise Guide: Analysis role. Do the lists match? Close SAS Enterprise Guide.
u
t t
e. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
i
Add PUBLIC to the current member.
.
I s i o n
f. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role.
n
Remove Gloria from the Current Members pane.
S u
8. Exploring the SAS BI Dashboard Role
t
A tri b
a. In SAS Management Console, open the properties of the BI Dashboard: Administration role.
S
h t
b. Who are the members of the role? What are the capabilities assigned to this role?
i s
c. How would you add a member to this role?
r i g e
9. Creating a New Role
r d
p y o r
a. In SAS Management Console, select the Plug-ins tab and then select User Manager.
Right-click User Manager and select New Ö Role.
C o t f
b. Provide the following properties for the new role:
N o Name: EG Adv, AMO Adv, WRS Adv

Members: Gloria
Contributing Roles: Add-In for Microsoft Office: Advanced, Enterprise Guide: Advanced,
c. Click the Capabilities tab to verify that the capabilities from the three contributing roles were
applied.
10. Creating and Deleting Roles
a. Create a role named Role 1 with some capabilities of your choice.
b. Create a role named Role 2 with Role 1 as a contributing role and some additional capabilities
assigned.
c. Delete Role 1. What effect does this have on Role 2?
d. Delete Role 2.
6.3 Exploring SAS Folders 6-41
6.3 Exploring SAS Folders
Objectives
Explore the SAS folder structure.
Identify content mapping.
Examine best practices for managing folders.
c .
In
Explore how different applications surface
the SAS folders.
u t e
t i t .
I n s i o n
S u t
3
0
30
S A tri b
h t i s
r i g r e d
SAS Folder Structure
SAS applications use a hierarchy of SAS folders to store
p y r
metadata. The folders are shown below:
o
C o t f Channels Cubes
N o Dashboards
Folders
Jobs
Data explorations
Information maps
Libraries
OLAP schema Prompts
Reports Stored processes
Tables Table columns
31
3
1
Default SAS Folders

The folders are arranged in a structure that
separates system information from business information
provides personal folders for individual users
provides an area for shared data.
c .
e In
t u t
s t i n .
3
2
32
I n t i o
S
A tri
Content Mapping b u
t S s
Some SAS folders have associated physical content that
i g h d i
resides in either the SAS Content Server or a file system.
Content mapping maps the metadata folder structure to
y r r e
the corresponding physical folders.
o p f o r
C o t
N
33
3
3
If you installed Web applications such as SAS Web Report Studio, then some SAS folders (for example,
folders that contain metadata for reports) have associated physical content that resides in either the SAS
Content Server or in a file system. In these instances, a procedure named content mapping maps the
metadata folder structure to corresponding physical folders that have the same organization. Content
mapping is automatically configured when you install your system.
Initial Folder Structure – SAS Folders

The initial folder structure is similar to the following:
SAS is the root folder for

Folders the folder structure.
c .
e In
t u t
s t i n .
3
4
34
I n t i o ...
S
A tri b u
This folder cannot be renamed, moved, or deleted. It can contain other folders, but it cannot
contain individual objects.
t S s
If you defined one or more custom repositories, then the folder structure also includes a top-level folder
i g h d i
that corresponds to each custom repository.
y r r e
o p f o r
C o t
N
Initial Folder Structure – Products

Products contains folders for

individual SAS
products and includes
content installed with
the product.
c .
For example, Products Ö
e In
SAS Intelligence Platform Ö
u
Samples contains sample-stored
t t
s i
processes and shared prompts.
t n .
3
5
35
I n t i o ...
S
A tri b u
For example, some products have a set of initial jobs, transformations, stored processes, or reports
which users can modify for their own purposes. Other products include sample content (for example,
t S
sample stored processes) to demonstrate product capabilities.
s
Where applicable, the content is stored under the product’s folder in subfolders that indicate the release
i g h
number of the product.
d i

y r r e
During the installation, the SAS Deployment Wizard enables the installer to assign a different
name to this folder.
o p f o r
C o t
N
Initial Folder Structure – Shared Data

Shared can be used to store

Data user-created content
that is shared among
multiple users.
c .
e In
t u t
s t i n .
3
6
36
I n t i o ...

S
A tri b u
Under the Shared Data folder, you can create additional subfolders to further organize this content.
t S
Under SAS Folders, you can also create additional folders in which to store shared content.
s
i g h d i
y r r e
o p f o r
C o t
N
Initial Folder Structure – System

System contains SAS system

objects that are not
directly accessed by
business users.
c .
e In
t u t
s t i n .
3
7
37
I n t i o ...
S u
The System folder contains the following folders:
A tri b
Administration
t S contains objects for backup jobs and restore jobs that are created by using the
Backup Wizard.
s
g
Applications
i h d i
contains folders for individual SAS applications that have system objects.
y r r e Under these folders, the objects are stored in subfolders that correspond to
individual release numbers.
o p
Publishing
f o r contains channel and subscriber objects that are used by the Publishing
C Types
o t Framework.
contains type definitions for public objects that exist on this metadata server.
N
Initial Folder Structure – Users

After users log on to an application that requires a home
folder, the folder structure is similar to
the following:
Users contains folders that

belong to individual
users.
c .
In
The name of each
home folder is based
e
on the value of the
t
user’s Name field in
u
the User Manager.
t i t .
38
I n s i o n ...
t
3
8
S
A tri b u
The first time that a user logs on to an application that requires a home folder, the user’s home folder
is automatically created. That same folder is then used by other applications that the user logs on to.
t S
As a default, users do not have Write access to their home folders. However, each home folder contains
s
a folder named My Folder (referred to as the user’s personal folder) to which the user has full access.

i g h d i
In a custom installation, the SAS Deployment Wizard enables the installer to choose whether
y r r e
or not to create a Users folder.
o f o r
A pointer to the user’s personal folder, My Folder, appears at the top level of the folder hierarchy.
p
The folder is only visible to the owning user and unrestricted users.
C t
The owning user has WriteMemberMetadata permission on this folder. This means that only the owning
o
user and unrestricted users have permission to add content to or remove content from the folder.
N
The owning user cannot rename, move, delete, or change permissions on this folder. However, the
owning user can create additional subfolders to organize content.
Initial Folder Structure – My Folder

My Folder is the user’s personal

folder.
c .
e In
t u t
s t i n .
3
9
39
I n t i o ...
S
A tri b u
Initial Folder Structure – My Folder
t S s
i g h d i
y r
My Folder
r e is a shortcut to the
personal folder of the
o p f o r user currently logged

on.
C o t
N
40
4
0
...
Initial Folder Structure – Application Data

Application is a standard location

Data in which applications
can store user
preferences and other
user-specific
c .
configuration
information.
e In
t u t
s t i n .
4
1
41
I n t i o
S
A tri b u
The folder is created under the user’s home folder the first time that an application needs to use it.
The folder is to be accessed only by applications and not accessed directly by the user.
t S s
i g h d i
Best Practices for Managing SAS Folders
y r r e
Follow these best practices when you interact with
SAS folders:
o p f o r
Use personal folders for personal content, and shared
folders for content that multiple users need to view.
C o t
Use folders instead of custom repositories
to organize content.
N Do not delete or rename the Users folder.
Do not delete or rename the home folder or personal

folder of an active user.
Do not delete or rename the Products or System
folders or their subfolders.
Use caution when you rename the Shared Data folder.
When you create new folders, the security
42
administrator should set permissions.
4
2
It is a best practice to back up your environment before making significant changes to the
SAS folders structure.
Metadata objects are sometimes referenced by their metadata identifier and sometimes by the
path to their location. If the path is modified, associations might be broken.
Folders and SAS Applications

Most client applications display SAS folders only if they
contain content that is relevant to the application, subject
to the user’s permissions.
For example, a user logged on to SAS Management
Console can see the folders that the user has permission
to view on the Folders tab.
c .
e In
t u t
s t i n .
4
3
43
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exploring Folders
1. In SAS Management Console, verify that you are logged on as Ahmed. Select the Folders tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2. Expand all of the folders and subfolders.
t S s
i g h d i
y r r e
o p f o r
C o t
N
SAS Folders Ö My Folder is a shortcut to SAS Folders Ö Users Ö Ahmed Ö My Folder.
3. Select Start Ö All Programs Ö SAS Ö SAS Data Integration Studio 4.2.
4. Log on to SAS Data Integration Studio with the My Server profile as Gloria.
5. On the Folders tab, expand all of the folders and subfolders. How do these compare to what
is displayed in SAS Management Console?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
p o r
6. In SAS Data Integration Studio, select File Ö New Ö Folder.
o f
C o t
N
7. Name the new folder Test Folder.
c .
e In
t u t
s t i .
8. In SAS Data Integration Studio, in what two places in the folder tree does the new folder appear?
n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
In SAS Management Console, where does the new folder appear?
9. In SAS Data Integration Studio, select File Ö New to see a list of the objects that can be created and
registered in the metadata: folder, job, table, transformation, external file, library, document, note,
cube, OLAP schema.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r e
10. In SAS Data Integration Studio, right-click Test Folder and select Properties.
y r
o p f o r
C o t
N
11. Click the Authorization tab. You can set permissions on the metadata objects surfaced in
SAS Data Integration Studio.
c .
e In
t u t
s t i n .
I n t i o
S u
12. Close SAS Data Integration Studio.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
11. Exploring SAS Information Map Studio’s Interaction with Metadata

a. Log on to SAS Information Map Studio with the My Server profile as Eric.
b. How do the folders in SAS Information Map Studio compare to the Folders tab in
c .
In
SAS Management Console?
t e
c. How do the servers (for both tables and cubes) in SAS Information Map Studio compare
to what is listed under the Server Manager plug-in in SAS Management Console?
u
t i t
d. What type of objects can you create from the File menu in SAS Information Map Studio?
.
Can you create new folders in SAS Information Map Studio?
n s o n
e. Open an existing information map by selecting SAS Folders Ö Orion Star Ö Marketing
I i
Department Ö Information Maps. In the Information Map Contents pane, right-click on the
S u t
map and select Authorization. You can set metadata permissions on information maps from
SAS Information Map Studio. Close SAS Information Map Studio.
S A tri b
12. Exploring SAS Enterprise Guide’s Interaction with Metadata
t s
a. Log on to SAS Enterprise Guide as Eric.
h i
r g e d
b. How does the SAS folder list in SAS Enterprise Guide compare to the Folders tab in
i SAS Management Console?
r
p y o r
c. How does the Server List in SAS Enterprise Guide compare to the servers and libraries listed
under the Server Manager and Data Library Manager plug-ins in SAS Management Console?
C o t f
d. In SAS Enterprise Guide, select File Ö New. What types of objects can be created from the
N o SAS Enterprise Guide main menu?

e. In SAS Enterprise Guide, select Tools Ö SAS Enterprise Guide Explorer. Select File Ö New.
What types of objects can be created from the SAS Enterprise Guide Explorer window?
f. Which SAS Enterprise Guide roles enable access to SAS Enterprise Guide Explorer?
g. Can you set metadata permissions on registered metadata objects from SAS Enterprise Guide?
13. Exploring SAS Add-In for Microsoft Office’s Interaction with Metadata
a. Open Microsoft Excel and connect as Eric. Select SAS Ö Reports. How does the SAS folder's
structure compare to the Folders tab in SAS Management Console? Close the Reports window.
b. Select SAS Ö Open Data Ö Into Worksheet…. How does the list of servers and libraries
compare to the servers and libraries listed under the Server Manager and Data Library Manager
plug-ins in SAS Management Console?
14. Exploring SAS Web Report Studio’s Interaction with Metadata

a. Log on to SAS Web Report Studio as Eric. Select File Ö Open. How does the folder structure
compare to the Folders tab in SAS Management Console? Close the Open window.
b. Select File Ö New Ö New Using Wizard…. Select . How does the
folder structure compare to the Folders tab in SAS Management Console? Close the Select Data
Source window and cancel out of the New Report wizard.
c. Select File Ö Manage Files…. Select Create new folder. Provide a name and select OK.
Were you able to create a new folder here?
c .
e In
d. Double-click My Folder. Select Create new folder. Provide a name and select OK. Were you
able to create a new folder here? Where in the Folders tab in SAS Management Console does the
new folder appear?
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N

1. Exploring .swa Files
a. Use Windows Explorer to navigate to C:\Documents and Settings\student\Application
Data\SAS\MetadataServerProfiles\My Server.swa. Open the file using TextPad.
c .
e In
t u t
s t i n .
I n t i o
S u
What is the value of SelectedReps?
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Use the Metadata Manager in SAS Management Console to identify which repository the value of
SelectedReps points to. This profile points to the Foundation repository.
c .
e In
t u t
t i
2. Creating a New Connection Profile
s n .
n t i o
a. Use SAS Data Integration Studio to create a new connection profile named Exercise. Provide the
I
connection information for Barbara to connect to her project repository. Connect to Barbara’s
Work Repository. Save Barbara’s credentials in the profile.
S
A tri b u
1) Start SAS Data Integration Studio. Select Create a New Connection Profile.
Click
t S s
.
i g h d i
y r r e
o p f o r
C o t
N
2) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Name the new connection profile Exercise. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Type the connection information. Select the Save user ID and password in this profile check
box. Click .
• Machine: localhost
• Port: 8561
• User ID: Barbara
• Password: Student1
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click the Connect to a project check box, highlight Barbara’s Work Repository, and click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Review the settings and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
b. Log on using the Exercise connection profile. Select . Is there a Checkouts tab?
o p f o r
1) If needed, reopen SAS Data Integration Studio and log on with the Exercise profile.
C o t
N
2) Select the Checkouts tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
c. Select File Ö Connection Profile. Click
s
. In the Connection Profile window, set the
g h d i
Exercise connection profile as the default. Log on. Close SAS Data Integration Studio and reopen
the application. Are you prompted to select a profile? Remove the assignment of the Exercise
i
y r e
profile as the default connection profile.
r
o p f o r
C o t
N
1) Select File Ö Connection Profile….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
2) Click
d i .
y r r e
o p f o r
C o t
N 3) In the Connection Profile window, set the Exercise connection profile as the default.
Click .
4) Select File Ö Exit.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
5) Open SAS Data Integration Studio.
You are not prompted to select a profile or provide credentials.
o p o r
6) Select File Ö Connection Profile….
f
C t
7) Click
o
.
N
8) Clear the Set this connection profile as the default check box and click .
c .
e In
t u t
d. Use Windows Explorer to review the contents of the new .swa file. What is the value of the stored
password?
s t i n .
1) Use Windows Explorer to navigate to C:\Documents and Settings\student\Application
I n i o
Data\SAS\MetadataServerProfiles\Exercise.swa. Open the file using TextPad.
t
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) The encoded password follows the password= parameter. Close TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
A password string beginning with {sas002} was encoded using the SASProprietary
t S
algorithm.
s
i g h d i
y r r e
o p f o r
C o t
N
e. Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English).
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N f. In the Editor window, type the following code:
run;
g. Select Run Ö Submit.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
h. Locate the line in the Log window that begins with {sas002}. Does this value match the value
stored in the .swa file? Yes
y r r e
o p f o r
C o t
N
3. Duplicating a Connection Profile

a. Make a copy of My Server.swa. Rename the file My DEV Server.
1) Right-click My Server.swa and select Copy.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Right-click in the background and select Paste.
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Right-click Copy of My Server.swa and select Rename.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
4) Change the name to My Dev Server.swa and press ENTER.
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Open My DEV Server.swa. Change the metadata server host name to devhost. Delete the user ID
and password if they are stored in the file. Change the value of the name parameter to My Dev
Server. Save the changes and close the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
c. Open a Java application. Select the My DEV Server profile in the list of connection profiles and
s
i g h
click
d i
. Close the application.
y r r e
o p f o r
C o t
N
4. Preventing Users from Storing Credentials

a. Verify that the password stored in ConfigurationV42.xml is the encoded form of Student1.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
b. Prevent users from storing credentials.
s
i g h d i
a) Set the value of SASSEC_LOCAL_PW_SAVE to 0.
y r r e
b) Save the changes and close the file.
o p
f o rBe sure to include the value of SASSEC_LOCAL_PW_SAVE in double quotation
marks.
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
a) On the Windows desktop, right-click My Computer and select Manage.
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) In the Computer Management window, expand Services and Applications and click
Services.
c) Scroll down to the SAS Metadata Server, right-click, and select Restart.
c .
e In
t u t
s t i n .
d) Select
I n .
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Log on to SAS Management Console.
a) Try to modify the My Server profile. (The profile should not currently include stored
credentials.)
b) Try to save the user ID and password. Were you successful? No
(1) Select the My Server profile and click .
c .
e In
t u t
(2) Click
s t i .
n .
I n i o
(3) Type the user ID Ahmed and the password Student1. Click the Save user ID and
t
S
password in this profile check box and click
A tri b u
.
t S s
i g h d i
y r r e
o p f o r
C o t
N
(4) A warning dialog box appears and indicates that login information will not be saved.
Click .
c .
(5) Click .
e In
u t
4) Log on to SAS Data Integration Studio using the Exercise profile.
t
t i .
a) Were you prompted for credentials? No
s n
I n t i o
b) Close SAS Data Integration Studio.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
5) Log on to SAS Enterprise Guide. Were you prompted for credentials? No
o
N
6) In SAS Enterprise Guide, select Tools Ö Options Ö Administration.
a) Click twice.
(1) Select Tools Ö Options Ö Administration. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
(2) Select the My Server profile and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
b) Delete the user ID and password values and click .
t S
Clear the User and Password fields and click
s
.
i g h d i
y r r e
o p f o r
C o t
N
c) Click to modify the active profile.
d) Click in the Credentials Required prompt window.

c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
e) Close SAS Enterprise Guide.
7) Reopen SAS Enterprise Guide. Were you prompted for credentials? Yes
C o t
N
8) Select Start Ö All Programs Ö Microsoft Office Ö Microsoft Office Excel 2007.
a) Select SAS.
b) Select Tools Ö Connections…. Are the user ID and password listed? No
c .
e In
t u t
s t i n .
I n t i o
c) Click
S
A tri Ö
b u .
t S s
(1) Select the My Server profile and click .
i g h d i
y r r e
o p f o r
C o t
N
(2) Are the user ID and password listed? No

Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
9) Select Analyze Data. Were you prompted for credentials? Yes
C o ta) On the Microsoft Excel ribbon, select SAS Ö Analyze Data.
N
b) Click in the Credentials Required prompt window.
c .
e In
t u t
s t i n .
I n t i o
S
10) Modify the profile and include credentials. Close Microsoft Excel.
A tri b u
a) Select SAS Ö Tools Ö Connections. Select the My Server profile and click
t S s
.
i g h d i
y r r e
o p f o r
C o t
N
b) Type Gloria as the user ID and Student1 as the password. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c) Click to modify the profile.
C o t
N
d) Close the Connections window. Close Microsoft Office Excel 2007.
If My Server is not set as the active profile, select My Server and click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g
Yes
i h d i
11) Reopen Microsoft Excel. Select SAS Ö Analyze Data. Were you prompted for credentials?
y r r e
o p f o r
C o t
N

a) Set the value of SASSEC_LOCAL_PW_SAVE back to 1.
Be sure to include the value of SASSEC_LOCAL_PW_SAVE in double quotation

marks.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. Identifying Current Role Memberships

Use SAS Management Console to identify the current role memberships.
Role Members
Add-In for Microsoft Office: Advanced PUBLIC
Add-In for Microsoft Office: Analysis None
Add-In for Microsoft Office: OLAP None
c .
Enterprise Guide: Advanced
Enterprise Guide: Analysis

e
PUBLIC
None In
Enterprise Guide: OLAP
t u t None
t
Enterprise Guide: Programming
s i n . None
n
I t i o None
S
Web Report Studio: Report Creation
A tri b u
Web Report Studio: Report Viewing
None *
Report Consumers *
t S
* PUBLIC is the default member of this role.
s
i g h d i
y r r e
o p f o r
C o t
N
6. Exploring SAS Web Report Studio Roles

a. In SAS Management Console, open the properties of the Web Report Studio: Report Creation
role. Add Gloria to the Current Members pane.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
b. Open Internet Explorer and select Favorites Ö SAS Web Report Studio. Log in as Gloria.
o p f o r
What selections are available from the File menu? Log off as Gloria.
1) Check that the SAS [Config-Lev1] Remote Services and JBoss - SASServer1 services are
C o t started.
N
2) Open Internet Explorer and select Favorites Ö SAS Web Report Studio.
c .
e In
t u t
s t i n .
I n t i o
S
A tri
3) Log on as Gloria.
b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Select File. The choices are New and Open….
c .
e In
t u t
s t i n .
I n
5) Click Log Off Gloria.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Select Favorites Ö SAS Web Report Studio and log on as Eric. What selections are
available from the File menu? New, Open…, Open Recent, and Manage Files… are
available. Log off as Eric.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Why does Eric have the more capabilities than Gloria?
The Report Content Creators group is a member of the Orion Star: Web Report Studio
Full Control role, which has all of the SAS Web Report Studio 4.2 capabilities. As a
member of the Report Content Creators, Eric is indirectly a member of the Orion Star:
Web Report Studio Full Control role.
c. Return to SAS Management Console and open the properties of the Web Report Studio: Report
Creation role. On the Members tab, remove Gloria as a member. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
7. Exploring SAS Enterprise Guide Roles
y r r e
a. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
o p f o r
Remove PUBLIC as the current member. Click .
C o t
N
b. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role. Add
Gloria to the Current Members pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
c. Open SAS Enterprise Guide and connect as Gloria.
t S s
i g h d i
y r r e
o p f o r
C o t
N
If you are not prompted for credentials, verify that you are connected as Gloria in the
status bar. If you are connected as someone else, select Connection and connect as
Gloria.
d. On the status bar, select Functions. Compare the list of authorized functions to the list of
capabilities in the Enterprise Guide: Analysis role. Do the lists match? Close SAS Enterprise
Guide.
1) Select Functions on the status bar.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2) Compare the list of functions to the Capabilities tab of the role in SAS Management Console.
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
e. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
y r r e
Add PUBLIC to the current member. Click .
o p f o r
C o t
N
f. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role.
Remove Gloria from the Current Members pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
8. Exploring the SAS BI Dashboard Role
ra. In SAS Management Console, open the properties of the BI Dashboard: Administration role.
o p f o r
C o t
N
b. Who are the members of the role? BI Dashboard Administrators
c .
e In
t u t
s t i n .
I n t i o
What are the capabilities assigned to this role? The capabilities are implicit. The Description
S u
field of the General tab states: Provides BI Dashboard administration capabilities.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. How would you add a member to this role? Add a member to the BI Dashboard
Administrators group.
c .
e In
t u t
s t i n .
I n t i o
S
A tri
9. Creating a New Role
b u
t S
a. In SAS Management Console, select the Plug-ins tab and then select User Manager.
s
i g h d i
Right-click User Manager and select New Ö Role.
y r r e
o p f o r
C o t
N
b. Provide the following properties for the new role:

Name: EG Adv, AMO Adv, WRS Adv
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
Members: Gloria
s
i g h d i
y r r e
o p f o r
C o t
N
Contributing Roles: Add-In for Microsoft Office: Advanced, Enterprise Guide: Advanced,
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
c. Click the Capabilities tab to verify that the capabilities from the three contributing roles were
t S
applied. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
10. Creating and Deleting Roles
a. Create a role named Role 1 with some capabilities of your choice. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
b. Create a role named Role 2 with Role 1 as a contributing role and some additional capabilities
i g h
assigned.
d i
y r r e
1) Create Role 2 and add Role 1 as a contributing role.
o p f o r
C o t
N
2) Add some additional capabilities. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
c. Delete Role 1. What effect does this have on Role 2?
t S
1) Right-click Role 1 and select Delete.
s
i g h d i
y r r e
o p f o r
C o t
N 2) Click in the Confirm Object Deletion dialog box.
3) Open the properties of Role 2 and select the Contributing Roles tab. Role 1 is no longer
a contributing role in Role 2.
c .
e In
t u t
s t i n .
I n i o
4) Select the Capabilities tab. The capabilities of Role 2 do not include the capabilities
t
previously associated with Role 1. Click .
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Delete Role 2.
11. Exploring SAS Information Map Studio’s Interaction with Metadata

a. Log on to SAS Information Map Studio with the My Server profile as Eric.
b. How do the folders in SAS Information Map Studio compare to the Folders tab in
SAS Management Console? Only the folders that contain metadata that is relevant to
SAS Information Map Studio and that Eric has permission to access appear in
SAS Information Map Studio.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. How do the servers (for both tables and cubes) in SAS Information Map Studio compare
to what is listed under the Server Manager plug-in in SAS Management Console?
1) Select the Servers icon in the Resources area and verify that Tables is the selected value
in the Show field. Only the SASApp server is displayed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2) Select the Server Manager plug-in in SAS Management Console. There are two server
s
contexts: SASMeta and SASApp.
i g h d i
y r r e
o p f o r
C o t
N
d. What type of objects can you create from the File menu in SAS Information Map Studio?
Only information maps
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Can you create new folders in SAS Information Map Studio? Yes
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Open an existing information map in SAS Folders Ö Orion Star Ö

Marketing Department Ö Information Maps. In the Information Map Contents pane,
right-click on the map and select Authorization. You can set metadata permissions on
information maps from SAS Information Map Studio. Close SAS Information Map Studio.
1) Expand Orion Star Ö Marketing Department Ö Information Maps. Right-click
on the Orion Star Customer Orders Data information map and select Open.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Right-click on the information map in the Information Map Contents pane and select
Authorization….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3) The Authorization window opens. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
4) Close Information Map Studio.

12. Exploring SAS Enterprise Guide’s Interaction with Metadata

a. Log on to SAS Enterprise Guide as Eric. Select New Project in the Welcome window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
b. How does the SAS folder list in SAS Enterprise Guide compare to the Folders tab in
s
SAS Management Console? Select the Folders icon. Only the folders that contain metadata
i g h d i
that is relevant to SAS Enterprise Guide and that Eric has permissions to access appear in
SAS Enterprise Guide.
y r r e
o p f o r
C o t
N
c .
e In
t u t
t i .
c. How does the Server List in SAS Enterprise Guide compare to the servers and libraries listed
s n
under the Server Manager and Data Library Manager plug-ins in SAS Management Console?
I n i o
1) In SAS Enterprise Guide, select the Server icon and expand Servers. Local and SASApp are
t
S
listed in the SAS Enterprise Guide server list.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Expand the Server Manager plug-in in SAS Management Console. SASMeta and SASApp
servers are listed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
3) Expand SASApp Ö Libraries in SAS Enterprise Guide.
y r r e
o p f o r
C o t
N
4) Expand Data Library Manager Ö Libraries in SAS Management Console.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
d. In SAS Enterprise Guide, select File Ö New. What types of objects can be created from the
SAS Enterprise Guide main menu? Project, data, program, report, stored process, note,
t S
process flow, ordered list
s
i g h d i
y r r e
o p f o r
C o t
N
e. In SAS Enterprise Guide, select Tools Ö SAS Enterprise Guide Explorer. Select File Ö New.
What types of objects can be created from the SAS Enterprise Guide Explorer window?
Libraries
1) Select Tools Ö SAS Enterprise Guide Explorer.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2) Select File Ö New Ö Library….
s
i g h d i
y r r e
o p f o r
C o t
N
f. Which SAS Enterprise Guide roles enable access to SAS Enterprise Guide Explorer?
Enterprise Guide: Advanced role
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
g. Can you set metadata permissions on registered metadata objects from SAS Enterprise Guide?
Yes, you can grant RMN and/or WM but not deny any permissions through SAS Enterprise
Guide Explorer. In SAS Enterprise Guide Explorer, RM is labeled Read and WM is labeled
Write.
1) Verify that you are logged on to SAS Management Console as unrestricted. Select the Folders
tab and expand Orion Star. Right-click on the Marketing Department folder and select
Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Select the Authorization tab. Highlight the Marketing group in the Users and Groups display
and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The Marketing group was granted both ReadMetadata and WriteMetadata permissions
to the Marketing Department folder.
3) Click the Members tab. Eric is a member of the Marketing group. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Select the Sales group in the Users and Groups display. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The Sales group was granted ReadMetadata permission and denied the WriteMetadata
permission for the Marketing Department folder.
5) Click the Members tab. Susan is a member of the Sales group. Click and then
in the Marketing Department folder's Properties window.
c .
e In
t u t
s t i n .
I n t i o
6) Start SAS Enterprise Guide and verify that you are connected as Eric.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Select Tools Ö SAS Enterprise Guide Explorer.
c .
e In
t u t
s t i n .
I n t i o
S
A tri
and select Properties.
b u
8) Expand SAS Folders Ö Orion Star, right-click on the Marketing Department folder,
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Select Security in the left pane. Locate Susan in the Available Users and Groups list and add
her identity to the Selected Users and Groups list. Click on the Write check box. Click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10) Using SAS Management Console, open the properties of the Marketing Department folder,
select the Authorization tab, and highlight Susan. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Susan is now granted both ReadMetadata and WriteMetadata permissions for the
Marketing Department folder.
13. Exploring SAS Add-In for Microsoft Office’s Interaction with Metadata
a. Open Microsoft Excel and connect as Eric. Select SAS Ö Reports. How does the SAS Folders
structure compare to the Folders tab in SAS Management Console? Close the Reports window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Select SAS Ö Open Data Ö Into Worksheet…. How does the list of servers and libraries
compare to the servers and libraries listed under the Server Manager and Data Library Manager
plug-ins in SAS Management Console?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
14. Exploring SAS Web Report Studio’s Interaction with Metadata

a. Log on to SAS Web Report Studio as Eric. Select File Ö Open. How does the folder structure
compare to the Folders tab in SAS Management Console? Close the Open window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Select File Ö New Ö New Using Wizard…. Click . How does the
folder structure compare to the Folders tab in SAS Management Console? Close the Select Data
Source window and cancel out of the New Report wizard.
1) Select File Ö New Using Wizard….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Click
t S s .
i g h d i
y r r e
o p f o r
C o t
N
3) The Select Data Source window opens. Click Cancel to close the Select Data Source window.
Click Cancel. Click to confirm closing the Report Wizard.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Select File Ö Manage Files…. Select Create new folder. Provide a name and click .
Were you able to create a new folder here?
You can create a folder but not under root SAS Folders, for example, if you try to create
the folder under Orion Star Ö Marketing Department Ö Reports.
1) Select File Ö Manage Files….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Select the Create New Folder tool to create a new folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3) Provide a name and click .
C o t
N
4) Click in the Warning dialog box and click Cancel in the Create New Folder
window.
c .
d. Double-click My Folder. Select Create new folder. Provide a name and click
e In
. Were you
new folder appear?
t u t
able to create a new folder here? Where in the Folders tab in SAS Management Console does the
1) Double-click My Folder.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
2) Select the Create New Folder tool. Log off Eric from SAS Web Report Studio.
f
C o t
N
3) Provide a name and click .
c .
e In
t u t
The new folder is created in My Folder.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 7 Administering Users
7.1 Defining Regular Users and Groups ............................................................................. 7-3
.
Exercises .............................................................................................................................. 7-19
c
7.2 Defining Administrative Users .................................................................................... 7-21
e
Demonstration: Exploring Administrative Functionality ....................................................... 7-30 In
u t
Exercises .............................................................................................................................. 7-31
t
7.3
s t i n .
Giving Users Access to Servers ................................................................................. 7-33
I n i o
Exercises .............................................................................................................................. 7-44
t
7.4
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-2 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.1 Defining Regular Users and Groups 7-3
7.1 Defining Regular Users and Groups
Objectives
Examine the process of authentication.
Identify the different ways that user credentials
can be verified.
Explore how users are identified in the metadata.
c .
In

Register users and groups in the metadata.
u t e
t i t .
I n s i o n
S u t
4
4
S A tri b
h t i s
r i g r e d
Introduction to User Administration
The SAS environment needs to be able to distinguish
p y o r
individual users making requests in order to accomplish
the following tasks:
C o t f
make access distinctions
track user activity
N o create a personal folder in the repository
In the metadata, each user is associated with a unique

external account. This account is used to establish
a unique metadata identity for the user.
5
5
User Identities
To give someone an individual SAS identity, you create a
metadata user definition that includes a copy of a unique
external account ID.
c .
e In
t u t
s t i n .
6
6
I n t i o
S
A tri b u
On the Accounts tab of an identity object, any Windows user ID must be fully qualified
(for example, WindowsDomain\userID, MachineName\userID, or userID@company.com).
t S
Logins can also be associated with group metadata identities.
s
i g h d i
y r r e
Unique Names and IDs
o p o r
The metadata server enforces certain identity-related
constraints:
f
You cannot create a user definition that has the same
C o tname as an existing user definition. The display

names do not have to be unique.
7
7 continued...
Unique Names and IDs

The metadata server enforces certain identity-related
constraints:
You cannot assign the same fully qualified external
account to two different identities.
c .
e In
t u t
s t i n .
8
8
I n t i o
Passwords
S
A tri b u
t S s
SAS does not use external passwords to identify users.
i g h d i
If the stored copy of the external account is only used for
identification purposes (inbound login), you do not need to
y r r e
store the password in the metadata. For security reasons,
the password field is masked with asterisks.
o p f o r
C o t
N
9
9
Even if no password is stored in the login, the field is populated with asterisks for security purposes.
What Is Authentication?
Authentication is the verification of credentials
(user account and password). In the SAS platform,
authentication occurs during these situations:
initial connection to the metadata server
connection to data servers and other

SAS processing servers
c .
e In
t u t
s t i n .
1
0
10
I n t i o
S
A tri b u
Data servers are servers such as Oracle, DB2, and Teradata. Processing servers are servers such
as workspace servers, stored process servers, and OLAP servers.
t S s
i g h d i
Authentication – Initial Connection
y r r e
When a user launches a SAS client application, one of the
first actions that must take place is initial connection to the
o p f o r
metadata server.
Initial connection includes two important phases:
C o t
Verification phase – User credentials (account and
password) are verified by an authentication
mechanism.
N Identification phase – User identity is determined

in the metadata repository.
11
1
1
Initial Connection – Verification Phase

During initial connection, the following authentication
mechanisms can be employed to verify a user’s
credentials:
Host authentication (credential-based)
LDAP or active directory
Integrated Windows authentication (IWA)
c .
In
Web authentication
u t e
t i t .
12
I n s i o n
t
1
2
S u
Host authentication includes alternate authentication providers such as LDAP and Active Directory.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Host-Based Authentication
Verification
c .
e In
t u t
s t i
Identification
n .
1
3
13
I n t i o
S
A tri b u
This diagram depicts typical host (credential-based) authentication to connect to the metadata server.
In this process, credentials can be local, host, Active Directory, and LDAP.
t S
Verification Phase:
s
1.
i g h d i
The client acquires user credentials to connect to the metadata server. A user ID and password
are passed to the metadata server.
r r e
2. - 3. The credentials must be authenticated, so the metadata server passes the credentials to the
y
o p o r
authentication provider. Depending on how the system is configured, the provider can directly
validate the credentials or pass the user ID and password to another authentication mechanism
f
(for example, LDAP).
C o t
4. - 5. The authentication provider (host or other) validates the credentials and returns a fully qualified
user ID. The password is not returned.
6.
N
Identification Phase:
The metadata server searches its identities’ accounts for a matching fully qualified user ID.
7. If a match is found, the SAS identity associated with the matching account is determined.
If no match is found, then the PUBLIC group is determined as the SAS identity. The metadata
server can now resolve metadata access controls, role memberships, and so on, for that identity.
The owning identity can be a user or a group.
8. A connection is established between the client application and the metadata server.
The host operating system can be configured to pass credentials to another authentication mechanism
(termed “back-end use”) such as LDAP or Active Directory. This is the recommended configuration for
using an alternate authentication provider.
For UNIX, PAMs extend UNIX host authentication to recognize an LDAP provider such as the Microsoft
Active Directory. When a SAS server asks its UNIX host to validate credentials, the host passes the user
ID and password to the configured provider for verification.
Use of LDAP or Active Directory
c .
e In
t u t
s t i n .
1
4
14
I n t i o
S
A tri b u
Direct LDAP enables the metadata server to recognize accounts that are not known to its host; direct
LDAP does not modify the host’s behavior.
t S
Many hosts use an LDAP provider as a back-end authentication mechanism. From the perspective of the
s
SAS server, this is host authentication, so no direct LDAP configuration is needed.

i g h d i
Direct use of an alternate provider (for example, LDAP) is another option for the metadata server
y r r e
and OLAP server only. In this configuration, the SAS server is reconfigured to pass credentials
directly to an LDAP provider such as Microsoft Active Directory. This is termed direct use and
o p r
does not modify the host's behavior. However, this is not the recommended configuration because
o
not all server processes support this configuration. For example, a standard workspace server
f
instantiated by the object spawner requires host authentication.
C o t
N
Integrated Windows Authentication (IWA)

This Microsoft technology enables users who are already
authenticated to their Windows desktop to be accepted by
participating SAS servers. Some of the features of IWA
are listed below:
IWA supports desktop clients and SAS servers on
Windows.
Clients and servers must be in the same or trusted
c .
Windows domain.
User credentials are not transmitted across the
e In
network.
u t
IWA can be used to support single sign-on to standard
t
workspace server.
s t i n .
1
5
15
I n t i o
S
A tri b u
The SAS servers are configured to use IWA, so a user only has to select the Use Integrated Windows
Authentication check box in the connection profile.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Integrated Windows Authentication (IWA)
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
Integrated Windows Authentication (IWA):
1. The client asks Windows for a token that represents the user who is currently logged on to the client
t S
computer. This step is initiated when a user launches a desktop client or makes a request for a
workspace server.
s
g h d i
2. Windows provides the token to the client.
i
r r e
3. The client sends the Windows token to the target server. Notice that only the token is sent; the user’s
y
o p f o r
password is not available to the target server.
4. The target server sends the token back to Windows for verification.
C t
5. Windows tells the target server that the token is valid.
o
N
6. The target server accepts the connection from the client.
Web Authentication
Web authentication means that the Web application
server performs the initial authentication of the user
credentials before requesting initial connection to the
metadata server. The metadata server accepts (trusts)
the requested connection. This process uses a trusted
user connection to the metadata server.
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S
A tri b u
In a mixed-provider deployment, Web authentication can help to reduce the number of external user
accounts that you must create in the metadata server’s authentication provider, because users who use
t S
only Web applications no longer need accounts with the metadata server’s authentication provider.
s
For a detailed discussion of Web authentication, refer to the SAS® 9.2 Intelligence Platform Security
i g h
d i
y r r e
o p f o r
C o t
N
Web Authentication
c .
e In
t u t
s t i n .
1
8
18
I n t i o
S
A tri b u
This slide depicts an initial connection for a user who is not already authenticated at the Web perimeter.
For example, the user makes a request to access SAS Web Report Studio:
t S
1. In a Web browser, the user makes the request.
s
g h d i
2. A SAS component within the Web application server (the Logon Manager application) prompts
the user for credentials.
i
r r e
3. The user supplies credentials to the Web container.
y
o pprovider.
f o r
4. The Web Application Server attempts to verify the credentials against its designated authentication
C t
5. SAS Remote Services uses a trusted user connection to authenticate to the metadata server.
o
N
6. The metadata server looks up the user's account in the metadata repository. (This step does not
involve password validation and is not affected by authentication domain assignments. Only the user's
account is being matched.)
7. The user's SAS identity is determined.
8. The user context information is returned.
Initial Connection – Identification Phase

The purpose of the identification phase is to determine the
metadata identity of the user in the metadata repository.
The metadata server examines the SAS copies of
accounts in order to find a match to the authenticated
user ID returned by the authentication provider:
If a matching account is found, a connection
is established under the owning identity.
c .
If no matching account is found, a connection
is established under the PUBLIC identity.
e In
t u t
s t i n .
1
9
19
I n t i o
S
A tri b u
The metadata server’s integrity constraints ensure that there is never more than one owning identity.
If the account is a Windows ID, the matching process expects the SAS copy of the user account
t S
to be the fully qualified form.
s
i g h d i
Group Identities
y r r e
For administration and ease of maintenance and
o p f o r
accountability, you should create group identities.
Groups can be used to do the following:
C o t
assign permissions
share credentials
N populate roles
20
2
0
Predefined Groups
The following groups are predefined:
PUBLIC Group with implicit membership that

includes everyone who can access
the metadata server
SASUSERS Group with implicit membership that

includes the members of the PUBLIC
c .
group who have an individual identity
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri
Identity Hierarchy b u
t S s
All of a user’s group memberships are part of the user’s
i g h
identity.
d i
y r r e
o p f o r
C o t
N
22
2
2
Creating Users and Groups

There are two ways to define user and group identities:
manually using the User Manager plug-in in SAS
Management Console
using the user import macros supplied by SAS to
import identity information from an authentication
provider
c .
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri b u
Importing User and Group Identities
t S s
The user import macros enable the batch import and
i g h d i
synchronization of user and group identity information
from a provider such as LDAP into the SAS metadata.
y r r e
This process follows these general steps:
o p o r
Extract information from your authentication provider.
Extract information from the SAS metadata.
f
Compare the sets of tables and identify additions
C o t and updates that need to be made to the metadata.

Validate the changes.
N Load the updates into the metadata.
24
2
4
Examples are provided for import and synchronization with an Active Directory server and UNIX
/etc/passwd files. Additional information is provided to help extrapolate to other authentication providers.
This describes the full synchronization process. An initial import that does not require the comparison
step can be implemented the first time that user information is imported. Thereafter, the full
synchronization process is used to ensure that information is consistent.
For more information about importing user and group identity information see Appendix 2,
"User Import Macros," in the SAS® 9.2 Intelligence Platform Security Administration Guide.
Initial Import
c .
e In
t u t
s t i n .
2
5
25
I n t i o
S
A tri b u
Back up your environment before doing the initial import.
The initial import extracts identity information from your authentication provider and loads that
t S
information into the metadata.
s
i g h d i
Any identity that you import using these macros must not already exist in the SAS environment.
y r r
metadata.
e
You cannot import an identity that has the same name as an identity that already exists in the
o p f o r
Do not delete existing SAS identities to include them in an initial import. When you delete
a SAS identity, you lose that identity’s associations (such as access controls). Creating a new
C o t
identity with the same name does not restore these associations. You can incorporate a manually
created identity into the synchronization process. To do this, add an external identity on the
General tab of that identity’s metadata definition.
N
Periodic Synchronization
c .
e In
t u t
s t i n .
2
6
26
I n t i o
S
A tri b u
Back up your environment before synchronizing user/group information.
The synchronization performs two extractions (one from your authentication provider and another from
t S
the SAS metadata) and then loads validated updates into the metadata:
s
i g h d i
1. Extract information from your authentication provider.
y r r e
2. Extract information from the SAS metadata.
o r
3. Compare the two sets of tables and identify updates that need to be made to the metadata
p(excluding any exception metadata that you want to preserve).
f o
C o t
4. Validate the changes to make sure that they do not violate the metadata server’s integrity constraints.
5. Load the updates in the metadata.
N
Exercises
1. Managing Users and Groups

a. Which metadata server role(s) assigns the ability to manage metadata identities? Who are the
members of those roles?
c .
In
b. Which SAS Management Console role(s) makes the User Manager plug-in available to users?
Who are the members of those roles?
2. Identifying Requirements
u t e
i t
Orion Star identified the following requirements:
t .
I s i o n
In addition to the existing Sales and Marketing organizations, the Finance and Payroll Departments
n
will also participate in the SAS platform. Business users will only access data and content relevant
to their organizations except Payroll members will require access to Finance data and content.
S u t
Application developers, data integrators, and report content creators will have access to all data and
be responsible for creating content across departments.
S A tri b
The following additional identities and groups are required:
h t
• Finance – Ben, Jennifer, Megan, Katie
i s
• Payroll – Peter, Alex, Megan
r i g r e d
• Application Developers – James, Cecily
• Data Integrators – Jim, Ray
p y o r
Based on these requirements, answer the following questions:
C o t f
a. Do all Orion Star users require individual metadata identities? Why or why not?
N o
b. Do all Orion Star users require inbound logins? Why or why not?
c. What additional group identities need to be defined?
d. What individual metadata identities need to be defined?
e. Diagram the identity hierarchies of the Finance and Payroll users.
3. Loading Users and Groups with User Import Macros

a. Use Windows Explorer to navigate to S:\Workshop\spaft. Use TextPad to open LoadUsers.sas.
Modify the code in the following ways:
1) In the OPTIONS statement, provide the correct host name for the metadata server in the
METASERVER option and provide the credentials of an unrestricted user in the METAUSER
and METAPASS options.
2) Add a line to the code that populates the group membership table to set Payroll
to be a member of Finance.
c .
3) Add the appropriate lines of code to create Ben.
e In
t u t
4) Save the changes and close the file.
b. Right-click LoadUsers.sas and select Batch Submit with SAS 9.2. Search the log,
s i
LoadUsers.log, for errors.
t n .
c. Use SAS Management Console to verify that the new users and groups are created and that group
I n
membership is correct.
t i o
S
d. Assign James and Cecily to the Application Developers group.
A tri b u
e. Assign Jim and Ray to the Data Integrators group.
t S
f. Open the properties of the James identity. On the General tab, select External Identities.
s
i g d i
What value is listed? What is the purpose of this value?
h
y r r e
o p f o r
C o t
N
7.2 Defining Administrative Users 7-21
7.2 Defining Administrative Users
Objectives
Identify different types of administrative users.
Follow best practices for establishing
unrestricted users.
Explore metadata server roles.
c .
In

Troubleshoot internal accounts.
u t e
t i t .
I n s i o n
S u t
2
9
29
S A tri b
h t i s
r i g r e d
Basic User Types
Most users of the SAS platform are end users who log on
p y o r
to one or more of the SAS applications. There are also
identities and accounts with special abilities or purposes,
C o t f
such as the following:
SAS metadata administrators that have special access
N o to metadata beyond that of a typical end user

special accounts or identities used for internal system
functions only
30
3
0
Administrative and privileged users should only be used for their intended purpose, and end users
should not have access to these accounts and identities.
Predefined Groups
The following groups are predefined:
SAS This group is for metadata
Administrators administrators whose members are
given broad access to administrative
capabilities but who are not unrestricted.
SAS System Permissions assigned to this group
enable members to read server
c .
In
Services
definitions and other system metadata.
SAS General
Servers
u t e
Members of this group are used to
launch stored process servers and
t i t
pooled workspace servers. The SAS
.
Server Invoker is the account (sassrv)
31
I n s i o n
used as the login for the group.
t
3
1
S
A tri b u
Based on the software deployed at your site, you might find additional predefined groups, including Table
Server Administrators, BI Dashboard Administrators, BI Dashboard Users, and BI Web Services Users.
t S s
i g h d i
Two Levels of Administrative Users
y r r e
Administrative users have special abilities and privileged
access to metadata based on their assignments to roles.
o p f o r
There are two basic levels of administrative users:
Administrators have metadata access capabilities
C o t that a typical end user does not

have
are subject to metadata layer
N

access controls
Unrestricted have unrestricted access to
Users metadata
can perform tasks when the
metadata server is paused for
administration
32
3
2
Unrestricted Users
To designate a user as unrestricted, do the following:
Create a metadata identity with an external account.
Make the identity a member of the SAS Administrators

group.
Make the identity a member of the Metadata Server:
Unrestricted role.
c .
e In
t u t
s t i n .
3
3
33
I n t i o
S
A tri b
SAS Administrator Identity
u
t S s
In a default new SAS 9.2 configuration,
i g h d i
the SAS Administrator identity is associated with
an internal SAS account, sasadm@saspw.
y r r e
Service identities such as the SAS Trusted User can
o p f o r
also be associated with an internal SAS account.
C o t
N
34
3
4
Internal Accounts
Internal accounts are primarily used to connect
to the metadata server and
exist only in the metadata
are authenticated by the metadata server
are created using the User Manager plug-in.
c .
e In
t u t
s t i n .
3
5
35
I n t i o
S
A tri b u
SAS internal accounts can also support direct connections to the OLAP server and the table server. For
example, a direct connection from SAS code to a server could use an internal account for authentication.
Server.
t S
The most common use of a direct connection occurs when the middle tier connects to the SAS Table
s
i g h d i
By initial policy, these server-level settings for internal account policies are in effect:
y r e
• Accounts do not expire and are not suspended due to inactivity.
r
• Passwords must be at least six characters, do not have to include mixed case or numbers, and do not
o p
expire.
f o r
• The five most recent passwords for an account cannot be reused for that account.
C t
• There is no mandatory time delay between password changes.
o
• After three failed attempts to log on, an account is locked. If an account is locked because of log on
N
failures, further log on attempts cannot be made for one hour.
• For an account that has a password expiration period, there is a forced password change on first use and
after the password is reset by someone other than the account owner. By initial policy, passwords do
not expire so there are no forced password changes.
Internal accounts should only be used for service accounts and administrators.
• An internal account has the format userID@saspw.
SAS Internal Authentication
c .
e In
t u t
s t i n .
3
6
36
I n t i o
S
Internal Authentication:
A tri b u
1. At a log-on prompt, Joe enters his internal credentials. The client sends those credentials
t S
to the metadata server for verification.
s
g h d i
2. The metadata server recognizes that the ID is for an internal account (because the ID has the @saspw
suffix), so the metadata server checks the credentials against its list of internal accounts.
i
r r e
3. After validating the ID and password, the metadata server accepts the client connection.
y
o p f o r
The connection is accepted using the SAS identity associated with the internal account.
Internal authentication alone is not sufficient to enable a user to have access to a standard workspace
C t
server because a host account is required.
o
N
SAS Internal Accounts

SAS internal accounts can only be used for metadata
administrators and some internal service identities.
An internal account cannot be used to do the following:
access a standard workspace server
authenticate to components that do not recognize

SAS internal accounts
c .
In
delete, unregister, add, or initialize a foundation
repository
u t e
run a server such as a stored process server
t i t .
37
I n s i o n
t
3
7
S
A tri b u
A user that only owns an internal account would be prompted for credentials when attempting to access
a standard workspace server. More generally, prompting for credentials is not supported by all client
t S
applications or server processes.
s
Integrated Windows authentication (IWA) and Web authentication require an external account.
g h d i
Your environment might use the following internal accounts to connect to the metadata server:
i
r r e
• SAS Administrator (sasadm@saspw)
y
o f o r
• SAS Trusted User (sastrust@saspw)
p
• SAS Anonymous Web Service User (webanon@saspw)
C o t
N
SAS Internal Accounts

SAS internal accounts have the following benefits:
minimizes the need to create external host accounts
enables a user to have a second metadata identity

without requiring a second external account
(dual user)
can help in troubleshooting by enabling an
administrator to assume another user's identity
c .
provide independence from the rest of your computing
environment
e In
t u t
A SAS copy of an external account (inbound login)
is not needed for initial connection to the metadata
server.
s t i n .
3
8
38
I n t i o
S
A tri b u
SAS internal accounts have the following benefits:
• Minimize the need to create external accounts for service identities. For example, by default, the
t S
SAS Administrator (the Default Administrative User) uses a SAS internal account (sasadm@saspw)
to connect to the metadata server. This internal account is also listed in the adminusers.txt (with a
s
g h d i
preceding asterisk (*)) file and confers unrestricted user status on the user that connects to the metadata
server using this account. No external host account is needed for this identity.
i
y r r e
• Facilitate the creation of dual users for intermittent use of an administrative role by enabling a user
to have a second metadata identity without having a second external account.
o p f o r
• Facilitate troubleshooting by enabling an administrator to assume another user's identity by temporarily
adding an internal account to the user's definition and then logging on with the user's internal
C t
credentials.
o
• Provide independence from the rest of your computing environment. For example, internal accounts
N
do not have to follow your general password change requirements, cannot be used to access resources
beyond the SAS metadata, and are not affected by changes in machine names or in your authentication
configurations.
Administrative Roles
In addition to the client application roles, the following
implicit metadata server roles are defined at installation:
Metadata all capabilities provided by the
Server: metadata server regardless of
Unrestricted metadata permission settings
Metadata create, update, delete users; groups,

c .
Server: User
Administration
roles, internal accounts, logins, and
authentication domains
e In
Metadata
Server:
t u t
administration of the metadata server
(monitor, stop, pause, resume,
Operation
s i
quiesce) and its repositories (add,
t .
initialize, register, unregister, delete)
n
4
0
40
I n t i o
S
A tri b u
The metadata server roles have implicit capabilities. This means that the default capabilities for these
roles cannot be viewed or modified. However, additional capabilities can be added to these roles.
t S
Unrestricted users can use only those logins that are assigned to them (or to groups to which they belong).
s
They do not automatically have implicit capabilities that are provided by components other than the
i g h
metadata server.
d i
y r r e
o p f o r
Administrative Tasks
Many administrative tasks have permission requirements
C o t
in addition to capability requirements. For example, to
operate servers other than the metadata server, you need
N the Administer permission.

If a user needs to function as both an administrator
and as a non-administrator, create two user definitions
as follows:
one definition that is based on an internal account
and is a member of the SAS Administrators group
another definition based on an external account and
not a member of the SAS Administrators group
39
3
9
adminUsers.txt File
Users listed in the adminUsers.txt file are granted similar
access to members of the Metadata Server: Unrestricted
role. The adminUsers.txt file
is located in the metadata server’s configuration
directory
should not be used to define unrestricted users unless
all other administrators are locked out
c .
requires the metadata server to be restarted in order
to pick up changes to the file.
e In
t u t
s t i n .
4
1
41
I n t i o
S
A tri b u
The adminUsers.txt file ensures that your site will always have at least one user with the privileges of an
unrestricted user, regardless of what is specified in the metadata. You cannot override this user’s
t S
privileges by modifying the user definition in SAS Management Console.
s
The adminUsers.txt file is typically located in the MetadataServer configuration folder in a path similar to
i g h
one of the following:
d i
y r e
• SAS-configuration-directory\Lev1\SASMeta\MetadataServer
r
• SAS-configuration-directory\Lev1\SASApp\MetadataServer
p o r
Restricted user administrators (members of the Metadata Server: User Administration role but not an
o f
unrestricted user) cannot update identities for which they have an explicit or ACT denial of
C t
WriteMetadata.
o
Only someone who has an external user ID that is listed in the adminUsers.txt file with a preceding
N
asterisk can delete, unregister, add, or initialize a Foundation repository. Only an unrestricted user can
analyze and repair metadata or perform tasks when the metadata server is paused for administration.
If you need to unlock an internal account, no other administrator is available, and you have the necessary
host access:
1. Edit the adminUsers.txt file to create a new unrestricted user and restart the metadata server for the
change to take effect.
2. Log on to SAS Management Console with the new unrestricted user and unlock the account.
3. Verify that the account is unlocked by logging on to SAS Management Console with the account.
4. Remove the unrestricted user that you added from the adminUsers.txt file and restart the metadata
server.
Exploring Administrative Functionality
1. Right-click on the User Manager plug-in and select New Ö User.

2. On the General tab, type the name AdminMarty.
3. Select the Groups and Roles tab.

c .
4. Move the Metadata Server: Unrestricted role to the right pane.
e In
6. Type the password Student1.
t u t
5. On the Accounts tab, select Create Internal Account.
7. Click twice.
s t i n .
I n i o
t
S
A tri b u
9. Log on as AdminMarty@saspw. How is the user identified?
10. Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2.
t S
11. Select the Connection link.
s
i g h d i
12. Select My Server and click .
r r e
13. Change the user to AdminMarty@saspw.
y
p
14. Click
o f o r .
C 15. Click
o t .
N
16. Click .
17. Select File Ö Open Ö Data.

18. Navigate to SAS Folders Ö Orion Star Ö Marketing Department Ö Data Ö
Orion Star Customers.
19. Click in the Error message window.

20. In the Server List, expand Servers Ö SASApp. You are prompted for credentials to start a workspace
server.
21. Click and close SAS Enterprise Guide.

Exercises
4. Unrestricted Users
a. The SAS Administrator user is directly a member of the Metadata Server: Unrestricted role.
Is the SAS Administrator user an indirect member of any role?
c .
In
b. Examine the adminUsers.txt file. What account is listed in the file?
5. Impersonating a User
u t e
a. In SAS Management Console, in the User Manager plug-in, open Henri’s properties.
Click
t
twice.i t
On the Accounts tab, select Create Internal Account. Type the password Student1.
.
I n s i o n
b. Log on to SAS Enterprise Guide with the Henri@saspw account. What can you access?
What can you not access?
S u t
c. Log on to SAS Web Report Studio with the Henri@saspw account. What can you access?
A tri
What can you not access?
S b
h t
d. Delete Henri’s password from the DefaultAuth login associated with his metadata identity. Log on
i s
to SAS Web Report Studio with the Henri@saspw account. What can you access? What can you
r g
not access?
i r e d
6. Creating a Dual User
p y r
a. Christine needs to connect to the metadata server as an unrestricted user sometimes and
o
C o t f
as a regular user other times. In the User Manager plug-in, create two metadata identities:
• Name: Christine
N o
• Display Name: Christine
• Groups and roles: Data Integrators, Report Content Creators, Marketing, Sales,
Orion Star Users
• Accounts
− User ID: localhost\Christine
− Password: Student1
− Authentication Domain: DefaultAuth
• Name: AdminChristine
• Display Name: Administrator | Christine
• Groups and roles: SAS Administrators, Metadata Server: Unrestricted
• Accounts
− Internal User ID: AdminChristine@saspw
b. Log on to SAS Management Console using the localhost\Christine account. Open a second
instance of SAS Management Console and log on using the AdminChristine@saspw account.
How are the two instances of SAS Management Console similar? How are they different?
7. Troubleshooting User Identities
a. In the User Manager plug-in, open the properties of the Harvey metadata identity. On the
Accounts tab, select the login and Edit. Remove localhost from the user ID to change the user
name to Harvey.
b. Log on to SAS Enterprise Guide using the localhost\Harvey user ID. What is the effect?
c .
In
c. Log on to SAS Data Integration Studio using the localhost\Harvey user ID. What is the effect?
e
8. Planning for Your Environment
t u t
d. Log on to SAS Web Report Studio using the localhost\Harvey user ID. What is the effect?
t i
a. Which users need to be unrestricted?
s n .
I n
b. Which users need dual accounts?
t i o
c. Which users need to be more powerful than regular users but not unrestricted? What roles should
S
they belong to?
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.3 Giving Users Access to Servers 7-33
7.3 Giving Users Access to Servers
Objectives
Determine how to give users access to processing
servers and data servers.
Explore SAS token authentication.
Define authentication domains.
c .
In

Determine when to store passwords in the metadata.
u t e
t i t .
I n s i o n
S u t
4
5
45
S A tri b
h t i s
r i g e d
Connecting to Processing Servers
and Data Servers
r
p y o r
After they are connected to the metadata server,
users typically need to connect to these servers:
C o t f
a processing server, such as
– workspace server
N o – pooled workspace server

– stored process server
– OLAP server
a third-party database server, such as
– Oracle
– DB2
– SQL Server
46
4
6
Before instantiating a server process, the object spawner always has the credentials under which the
process will run, authenticated by the host. This means that the following accounts must be able to be
authenticated by the host:
• shared account under which the pooled workspace server and stored process server run, typically sassrv
• any account used to launch a standard workspace server
Authentication Mechanisms
To connect to processing servers and data servers,
you can use one or more of the following authentication
mechanisms:
re-use of credentials supplied during initial connection
(cached credentials)
retrieval of credentials from the metadata repository
prompt for credentials

c .
Integrated Windows authentication
SAS token authentication
e In
t u t
s t i n .
4
7
47
I n t i o
S
A tri
User Context b u
t S s
Each client application maintains an in-memory list of
i g h d i
credentials (user context) for each connected user.
The initial list includes credentials that are provided when
y r r e
the applications are launched (cached credentials).
o p f o r
C o t
N
4
8
48 continued...
Credentials provided for initial connection are reused by default for servers in the DefaultAuth
authentication domain.
If Web authentication is configured, the password from the user’s interactive logon to a Web client
is not available to be added to the list.
If the user logs on with Integrated Windows authentication, the user’s password is not available
to be added to the list.
User Context
During the session, other credentials are added to the list:
credentials provided interactively during the session
(prompting)
logins from the user’s Accounts tab as they are
needed (retrieval from metadata)
logins from the Accounts tab of groups in the user’s
identity hierarchy as they are needed (retrieval from
c .
metadata)
e In
t u t
s t i n .
4
9
49
I n t i o
S
A tri b
SAS Token Authentication
u
t S s
SAS token authentication is when the metadata server
i g h d i
generates and validates a single-use identity token for
each authentication event. This enables the following
y r r e
SAS processing servers to accept users who are already
connected to the metadata server:
o p o r
OLAP server
f
C o t
N
50
5
0
In most new deployments, SAS token authentication is used for seamless connection to the participating
SAS servers. No additional configuration is required for these servers.
This pooling configuration is server-side pooling in which the object spawner manages requests.
SAS token authentication cannot be used for the initial connection to the SAS Metadata or to
connect to third-party database servers, and it is not used, by default, to connect to the standard
workspace server.
SAS Token Authentication
c .
e In
t u t
s t i n .
5
1
51
I n t i o
S
A tri b u
1. The user initiates a request that requires access to a target server (for example, a request in
SAS Enterprise Guide to open a cube associated with the OLAP server). Using the existing
t S
connection to the metadata server, the client requests an identity token for the target server.
s
2. The metadata server generates the token and returns it to the client.
g h d i
3. The client sends the token to the target server.
i
r r e
4. The target server sends the token back to the metadata server for validation.
y
o p f o r
5. The metadata server validates the token and returns an acceptance message and a representation
of the user to the target server.
C t
6. The target server accepts the connection.
o
N
Advantages of SAS Token Authentication

The benefits of SAS token authentication are listed here:
Individual, external accounts for credential-based
authentication are not required.
SAS copies of individual, external passwords
do not need to be stored in the metadata.
Reusable credentials are not transmitted across
the network.
c .
Metadata layer evaluations are based on the
requesting user’s identity.
e In
t u t
s t i n .
5
2
52
I n t i o
S
A tri b u
Limitations of SAS Token Authentication
t S s
The limitations of using SAS token authentication
i g h
are as follows:
d i
Host access is based on a shared login,
y r r e
if implemented for use on a standard
o p o r
workspace server.
It is only available for metadata-aware connections
f
to the target server.
C o t
This authentication is not available for access
to third-party database servers.
N
53
5
3
Because SAS token authentication essentially uses a shared login (typically, sassrv), host access
to resources is based on access rights associated with that account.
Metadata-aware connections are connections in which the client learns about the target server by reading
the server’s metadata definition. Direct connections to a SAS server (for example, from the SAS Add-In
for Microsoft Office to the OLAP server) cannot use SAS token authentication. Direct connections use
client-supplied credentials or, in some cases, Integrated Windows authentication (IWA).
Connection to Standard Workspace Servers

The preferred solution to providing seamless access
depends on whether the metadata server and the
workspace server host share the same platform or
authentication provider. For example:
If both servers are on Windows, IWA can be offered
on both servers.
If IWA is not available, use the same credential-based
c .
authentication provider for both servers (credential
caching).
e In
u t
If both servers are on UNIX or both on z/OS, use
credential-based authentication for both servers
t
(credential caching).
s t i n .
5
4
54
I n t i o continued...
server. S
A tri b u
If both servers share the Windows platform, IWA ensures seamless access to the standard workspace
t S
If IWA is not offered or the servers are not on Windows, using the same credential-based authentication
s
mechanism also provides seamless access. The reason for this is that SAS client applications cache the
i g h d i
credentials used for initial connection and attempt to reuse those credentials (in metadata-aware
situations) upon request for another SAS server. This is called credential caching.
y r r e
o p f o r
C o t
N
Connection to Standard Workspace Servers

However, if the two servers use different authentication
providers and both do not recognize the same
credentials, then a mixed provider environment exists.
Additional steps might be required, such as the following:
Convert the workspace server to use SAS token
authentication.
Align authentication so that both servers use the same
c .
provider (credential caching).
Store SAS copies of passwords (outbound logins) for
e In
(credential retrieval).
t u t
the workspace server’s authentication provider
s t i n .
5
5
55
I n t i o
S
A tri b u
Each solution has its advantages and disadvantages:
• Converting the standard workspace server to use SAS token authentication provides seamless access at
t S
the cost of host access via individual accounts.
s
• Aligning the authentication providers of both servers might not be possible in some mixed provider
i g h d i
environments, for example, Windows and UNIX servers using local or host accounts.
• Storing credentials in the SAS repository might mean additional administration if passwords are
r r e
required to change on a regular basis.
y
o p f o r
The best choice requires evaluating the goal of seamless access versus the cost of configuration effort,
maintenance effort, and granularity needed for host access from that server to SAS data.
C o t
N
Connection to External Database Servers

Providing access to a third-party database, such as
Oracle or DB2, usually requires maintaining a SAS copy
of external credentials in the metadata (outbound login).
The approach depends on access requirements, such
as these:
providing seamless access to the database server
providing seamless access, but preserving individual

c .
identity
e
providing seamless access with a few distinct In
identities
t u t
All of these represent a form of credential retrieval.
s t i n .
5
6
56
I n t i o
Solutions:
S
A tri b u
The reason is that most external database servers use their own authentication provider.
t S
• Store the user ID and password for one shared account in the metadata (on the Accounts tab of a group
s
g h
definition).
d i
• Store individual user IDs and passwords in the metadata (on the Accounts tab of each user definition).
i
y r r e
• Store a different shared user ID and password in the metadata (on the Accounts tab of a few different
group definitions).

o p f o r
Another alternative is to combine the second and third solutions into a hybrid approach.
C
o tAn option to preserving individual identity, but not seamless access, is possible. No configuration
is required. Users are prompted for credentials for the target server. However, not all applications
N and servers support secondary prompting and the user might not be aware of what credentials are
requested.
What Is an Outbound Login?

To support seamless access to database servers or
SAS processing servers, a login for “outbound use” can
be defined. Outbound logins must include these items:
fully-qualified external account
password
authentication domain
c .
e In
t u t
s t i n .
5
7
57
I n t i o
S
A tri
Outbound Logins b u
t S s
Outbound logins can be defined on the Accounts tab
i g h d i
of individual and group identities.
y r r e
o p f o r
C o t
N
58
5
8
What Is an Authentication Domain?

An authentication domain is a SAS metadata object that
pairs logins with the server definitions where those
credentials will correctly authenticate.
For example, an Oracle server definition and the
SAS copies of Oracle credentials (outbound logins)
have the same authentication domain value
(for example, “OracleAuth”) if those credentials
c .
authenticate on that Oracle Server.
e In
t u t
s t i n .
5
9
59
I n t i o
S
A tri
Authentication Domainsb u
t S s
i g h d i
y r r e
o p f o r
C o t
N
60
6
0
Authentication Domains
Authentication domains can be managed using the Server
Manager plug-in or the User Manager plug-in.
c .
e In
t u t
s t i n .
6
1
61
I n t i o
S
A tri b u
When to Store Passwords in the Metadata
t S s
In most deployments of the platform for SAS Business
i g h d i
Analytics, passwords for external accounts only need
to be stored in the metadata to support these types of
y r access:
r e
o p o r
seamless access to an external database
seamless access to the standard workspace server
fin a mixed provider environment where SAS token
C o t authentication is not applicable
N
62
6
2
Exercises
The following is an example of how a UNIX site might provide access to servers:
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
Here are some points about this example:
s
• The site cannot offer Integrated Windows authentication (IWA) because the metadata server is not on
Windows.
i g h d i
• The site chose to establish two levels of host access from the pooled workspace server. Notice that
r r e
there are two servers under the logical server, each with a different launch credential. The site gave
y
each credential different host layer access to SAS data sets. Another reason to define multiple servers
o p f o r
would be the use of different start-up scripts.
9. Documenting Authentication Choices
C o t
a. Complete the following template to show how things are set up in the classroom environment.
N Include the type of host for the metadata server and workspace server. Include the authentication
method used for the metadata server and workspace server.
b. Complete the following template to show how things are set up at your site. Include the type
of host for the metadata server and workspace server. Include the authentication method used
for the metadata server and workspace server.
c .
e In
t u t
s t i n .
I n t i o
10. Maintaining Passwords with the SAS Personal Login Manager
a. Select Start Ö All Programs Ö SAS Ö SAS Personal Login Manager 9.2.
S
A tri b u
b. Log on with the My Server connection profile as Marcel.
Manager?
t S
c. Where in SAS Management Console can you find what is displayed in SAS Personal Login
s
g h d i
d. Can Marcel modify an existing login?
i
r r e
e. Can Marcel add a new login?
y
o p f o r
11. Maintaining Passwords with SAS Enterprise Guide
a. Connect to SAS Enterprise Guide as Marcel.
C o t
b. Select Tools Ö SAS Enterprise Guide Explorer. In SAS Enterprise Guide Explorer, select
N File Ö Manage Logins.

c. Can Marcel modify an existing login?
d. Can Marcel add a new login?

1. Managing Users and Groups
a. Which metadata server role(s) assigns the ability to manage metadata identities?
Metadata Server: Unrestricted role and Metadata Server: User Administration
Who are the members of those roles?
Metadata Server: Unrestricted Ahmed, SAS Administrator
c .
Metadata Server: User Administration
e
SAS Administrators
b. Which SAS Management Console role(s) makes the User Manager plug-in available to users? In
t u t
Management Console: Content Management role and Management Console: Advanced role
t i
Who are the members of those roles? The Sasusers group is a member of the Management
.
Console: Content Management role and the SAS Administrators group is a member of the
s n
Management Console: Advanced role.
I
2. Identifying Requirementsn t i o
S u
Orion Star identified the following requirements:
A tri b
t S
In addition to the existing Sales and Marketing organizations, the Finance and Payroll Departments
will also participate in the SAS platform. Business users will only access data and content relevant
s
i g h d i
to their organizations except Payroll members will require access to Finance data and content.
Application developers, data integrators, and report content creators will have access to all data
y r r e
and be responsible for creating content across departments.
The following additional identities and groups are required:
o p o r
• Finance – Ben, Jennifer, Megan, Katie
f
• Payroll – Peter, Alex, Megan
C o t
• Application Developers – James, Cecily
• Data Integrators – Jim, Ray
N Based on these requirements, answer the following questions:

a. Do all Orion Star users require individual metadata identities? Yes
Why or why not? So they can at least fall into the Sasusers group and have RM access to
SAS metadata
b. Do all Orion Star users require inbound logins? Yes
Why or why not? Enables them to connect to the SAS Metadata Server and be identified
as something other than PUBLIC.
c. What additional group identities need to be defined? Finance and Payroll
d. What individual metadata identities need to be defined?
Ben, Jennifer, Megan, Katie, Peter, Alex, Megan, James, Cecily, Jim, and Ray
e. Diagram the identity hierarchies of the Finance and Payroll users.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3. Loading Users and Groups with User Import Macros
a. Use Windows Explorer to navigate to S:\Workshop\spaft. Use TextPad to open LoadUsers.sas.
Modify the code in the following ways:
C o t
1) In the OPTIONS statement, provide the correct host name for the metadata server in the
N METASERVER option and provide the credentials of an unrestricted user in the METAUSER
and METAPASS options.
In the section described below, add the following code:
/*----------------------------------------------------------
* FILL OUT INFO FOR METASERVER and METAUSER!!!!!!!!!
*----------------------------------------------------------*/
options metaserver="localhost"
metaport=8561
metauser="Ahmed"
metapass="Student1"
2) Add a line to the code that populates the group membership table to set Payroll to be a
member of Finance.
In the /* Create members of group table */ section of the code, add the
line:
G101,G102
3) Add the appropriate lines of code to create Ben.

In the section /* Create person table */, add the following code:
c .
P110,Ben, ,Business Analyst
e
In the section /* Create telephone table */, add the following code: In
u
P110,+19196775555,Office
t t
t i .
In the section /* Create table with locations */, add the following code:
s n
I n
,Cary,27513,NC,USA
t i o
P110,ORION Star Company,Office,ORION Star Boulevard 123
S u
In the section /* Create email table */, add the following code:
A tri b
t S
P110,ben@orion.com,business
s
In the section /* Create members of group table */, add the following code:
i g h d
G101,P110 i
y r r e
In the section /* input &logincoll; */, add the following code:
o p f o r
P110,localhost\Ben, ,A001
C o t
b. Right-click LoadUsers.sas and select Batch Submit with SAS 9.2. Search LoadUsers.log for
N errors.
c. Use SAS Management Console to verify that the new users and groups are created and that group
membership is correct.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Assign James and Cecily to the Application Developers group.

1) In SAS Management Console, right-click on the Application Developers group and select
Properties. Click the Members tab.
2) Select Show Users. Using the CTRL key, select Cecily and James and click to move
them to the Current Members pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Assign Jim and Ray to the Data Integrators group. Follow step 3.d. above.
f. Open the properties of the James identity. On the General tab, select External Identities.
What value is listed? Context of IdentityImport and an identifier of P106.
What is the purpose of this value? An external identity is an optional synchronization key
for a user, group, or role. Use to learn more about the fields in this display.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
4. Unrestricted Users
y
o p f o r
a. The SAS Administrator user is directly a member of the Metadata Server: Unrestricted role.
Is the SAS Administrator user an indirect member of any role? The SAS Administrator is a
C o t
member of the SAS Administrators group, which is a member of the following roles:
Management Console: Advanced, Metadata Server: Operation, Metadata Server:
User Administration, and Table Server Administrators.
N
b. Examine the adminUsers.txt file. What account is listed in the file? *sasadm@saspw
5. Impersonating a User
a. In SAS Management Console. In the User Manager plug-in, open Henri’s properties.
On the Accounts tab, select Create Internal Account. Type the password Student1.
Click twice.
1) In the User Manager plug-in, open Henri’s properties. On the Accounts tab, select
Create Internal Account.
2) Type the password into the New Password and Confirm Password fields and click
c .
In
Ö .
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
b. Log on to SAS Enterprise Guide with the Henri@saspw account.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
1) Click
r e .
o p 2) Click
f
3) Click
o r .
C o t
What can you access? Folders, cubes
NWhat can you not access? Libraries and the SASAPP server without providing further
credentials
c .
e In
t u t
t i .
c. Log on to SAS Web Report Studio with the Henri@saspw account.
s n
I n i o
What can you access? Open and view a report from the Orion Star/Marketing/Reports
folder. Create a new report using the wizard. View information maps.
t
S
A tri
can access.
b u
What can you not access? You can access all types of content that SAS Web Report Studio
t S
d. Delete Henri’s password from the DefaultAuth login associated with his metadata identity. Log on
s
to SAS Web Report Studio with the Henri@saspw account. What can you access? What can you
i g h
not access?
d i
y r r e
1) In Henri’s properties, select the DefaultAuth login and click . Delete the password
o p f o r
and click twice.
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
2) Log on to SAS Web Report Studio with the Henri@saspw account.
i g h d i
What can you access? Open and view a report from the Orion Star/Marketing/Reports
y r e
folder. Create a new report using the wizard. View information maps.
r
o p f o r
What can you not access? Reports based on information maps that run on a standard
workspace server
C t
6. Creating a Dual User
o
a. Christine needs to connect to the metadata server as an unrestricted user sometimes and
N as a regular user other times. In the User Manager plug-in, create two metadata identities:
• Name: Christine
• Display Name: Christine
• Groups and roles: Data Integrators, Report Content Creators, Marketing, Sales,
Orion Star Users
• Accounts
− User ID: localhost\Christine
− Authentication Domain: DefaultAuth
• Name: AdminChristine
• Display Name: Administrator | Christine
• Groups and roles: SAS Administrators, Metadata Server: Unrestricted
• Accounts
− Internal User ID: AdminChristine@saspw
1) Right-click User Manager and select New Ö User.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type Christine in the Name and Display Name fields.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Select the Groups and Roles tab. Using the CTRL key, select Data Integrators, Marketing,
Orion Star Users, Report Content Creators, and Sales. Click to move them to the
Member of pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Select the Accounts tab and click . Type Christine as the user ID. Verify that
the authentication domain is DefaultAuth. Click Ö . Unless it is
required, do not save the password in the login.
c .
e In
t u t
s t i n .
I n t i o
S u
5) Right-click User Manager and select New Ö User.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Type AdminChristine in the Name field. Type Administrator | Christine in

the Display Name field.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Select the Groups and Roles tab. Using the CTRL key, select Metadata Server:
Unrestricted and SAS Administrators. Click to move these to the Member of pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Select the Accounts tab and click . Verify that the internal user ID
is AdminChristine@saspw. Type Student1 in the New Password and Confirm
Password fields. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Log on to SAS Management Console using the localhost\Christine account. Open a second
instance of SAS Management Console and log on using the AdminChristine@saspw account.
How are the two instances of SAS Management Console similar? There are some of the same
plug-ins.
How are they different? There are many more plug-ins available for AdminChristine@saspw.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
7. Troubleshooting User Identities
y
o p f r
a. In the User Manager plug-in, open the properties of the Harvey metadata identity.
o
On the Accounts tab, select the login and click . Remove localhost from
C o t
the user ID to change the user name to Harvey.
1) Right-click Harvey and select Properties.
N
2) Click the Accounts tab. Select the desired login and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
3) Remove localhost\ from the user ID and click .
N
4) Select to add the change.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
b. Log on to SAS Enterprise Guide using the localhost\Harvey user ID. What is the effect?
C o t
N
c. Log on to SAS Data Integration Studio using the localhost\Harvey user ID. What is the effect?
d. Log on to SAS Web Report Studio using the localhost\Harvey user ID. What is the effect?
8. Planning for Your Environment

a. Which users need to be unrestricted?
b. Which users need dual accounts?
c .
c. Which users need to be more powerful than regular users but not unrestricted? What roles should
they belong to?
e In
9. Documenting Authentication Choices
t u t
a. Complete the following template to show how things are set up in the classroom environment.
s t i
Include the type of host for the metadata server and workspace server. Include the authentication
.
method used for the metadata server and workspace server.
n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
b. Complete the following template to show how things are set up at your site. Include the type
N of host for the metadata server and workspace server. Include the authentication method used for
the metadata server and workspace server.
10. Maintaining Passwords with the SAS Personal Login Manager

a. Select Start Ö All Programs Ö SAS Ö SAS Personal Login Manager 9.2.
b. Log on with the My Server connection profile as Marcel.
c. Where in SAS Management Console can you find what is displayed in the SAS Personal Login
Manager? User Manager plug-in, Marcel properties, Accounts tab
d. Can Marcel modify an existing login? Yes
e. Can Marcel add a new login? Yes
c .
11. Maintaining Passwords with SAS Enterprise Guide
e In
t u t
a. Connect to SAS Enterprise Guide as Marcel.
b. Select Tools Ö SAS Enterprise Guide Explorer. In SAS Enterprise Guide Explorer, select
File Ö Manage Logins.
s t i n .
I n
c. Can Marcel modify an existing login? Yes
t i
d. Can Marcel add a new login? Yes o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 8 Administering Data
Access
8.1 Registering Libraries and Tables in the Metadata ....................................................... 8-3

c .
Demonstration: Registering SAS Library and Table Metadata .............................................. 8-9
e In
Exercises .............................................................................................................................. 8-19
t u t
8.2
s i
Updating Table Metadata.............................................................................................. 8-24
t n .
Exercises .............................................................................................................................. 8-31
8.3
I n t i o
Pre-Assigning Libraries ............................................................................................... 8-32
S b u
Exercises .............................................................................................................................. 8-37
A tri
8.4
t S
Troubleshooting Data Access ..................................................................................... 8-38
s
8.5
i g h d i
y r r e
o p f o r
C o t
N
8-2 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.1 Registering Libraries and Tables in the Metadata 8-3
8.1 Registering Libraries and Tables in the Metadata
Objectives
Identify the two ways to access data.
Register a SAS library and tables in the metadata.
Register an Oracle library and tables in the metadata.
c .
In
Register an ODBC data source in the metadata.
u t e
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r
Data Sources
i g r e d
SAS can access a wide variety of data sources, including
p y o r
SAS data sets
RDBMS tables
C o t f
ODBC data sources.
N o For each type of data source, SAS uses the appropriate

engine to access the data.
4
4
The BASE engine is used to access SAS data sets. SAS data sets (tables) are the default SAS storage
format. A SAS table contains data values that are organized as a table of rows and columns that can
be processed by SAS software.
You can use the SAS/ACCESS Interface to Oracle product or the SAS/ACCESS Interface to ODBC
product to access Oracle tables. The SAS/ACCESS Interface to Oracle uses the ORACLE engine.
The SAS/ACCESS Interface to ODBC uses the ODBC engine.
Accessing Data
Accessing data can be done in a couple of ways:
writing SAS code to connect to the data source
libname orion "s:\workshop\orion";
referring to the metadata registration of the data

source
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
Even if you choose to register libraries in the metadata, you might find that stored processes and batch
jobs created at your site include their own library assignments.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Accessing Data
c .
e In
t u t
s t i n .
6
6
I n t i o
a network path. S
A tri b u
The data can be local to the workspace server machine or in a remote location, accessed using
t S
Other servers that can access data in this way:
s
g d
i i
• Pooled workspace server
h
r
• SAS/SHARE server
y r e
• OLAP server
p o r
• DATA Step Batch server
o f
• SAS/CONNECT server
C o t
Other applications that can access data in this way:
N
• SAS Management Console (metadata only)
• SAS OLAP Cube Studio
• SAS Information Map Studio
• SAS Enterprise Guide
• SAS Add-In for Microsoft Office
• SAS BI Visualization
Registering Tables in the Metadata

Table registrations rely on other information in the
metadata including library and server definitions.
The following applications can be used to register tables
and libraries in the metadata:
c .
e In
t u t
s t i n .
7
7
I n t i o
S u
You can register libraries in the metadata using the METADATA procedure.
A tri b
t S s
Accessing Tables Registered in the Metadata
g h d i
After tables are registered in the metadata, users can
i
y r e
access them using any of these applications:
r
o p f o r
C o t
N
8
8
The metadata LIBNAME engine can be used to access libraries and tables registered in metadata from
any coding interface.
How Applications Assign Libraries

By default, the following applications assign libraries
using the engine and connection information specified
in the metadata:
c .
e In
t u t
s t i n .
9
9
I n t i o
S
A tri b u
How Applications Assign Libraries
t S s
By default, the SAS Add-In for Microsoft Office and
i g h d i
SAS Enterprise Guide assign libraries using the
metadata LIBNAME engine.
y r r e
o p f o r
C o t
N
10
1
0
Metadata LIBNAME Engine

The metadata LIBNAME engine is similar to other engines
except instead of referencing the actual physical data,
it points to metadata. The engine
retrieves library connection information from the
metadata (physical location of data, credentials
if required, and so on)
enforces additional metadata permissions.
c .
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri b u
You can programmatically assign libraries using the metadata LIBNAME engine:
libname meta library="Orion Star Library";
t S
This is commonly done in stored process code to simplify code maintenance. You can use this in any code
s
i g h d i
that runs in a metadata-aware context, such as jobs scheduled using the SAS DATA Step Batch Server.
y r r e
o p f o r
C o t
N
Registering SAS Library and Table Metadata
Create a new SAS library using the New Library Wizard in SAS Management Console 9.2.
2. Use the My Server connection profile to log on as Marcel.
c .
3. On the Plug-ins tab, expand Data Library Manager.
e In
t u t
4. Right-click Libraries and select New Library….
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. Select SAS BASE Library and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
6. Type the name Marcel Orion Star Library 1. Click .
N
7. Navigate to SAS Folders Ö Orion Star Ö Marketing Department. Select Data and click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9. Move SASApp from the Available servers list to the Selected servers list. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C
o t This assignment makes the library available to the servers in the SASApp application server.
N
If you do not assign a library to an application server, the library is not available in several
client applications including SAS Enterprise Guide. Unless you intentionally want to limit
the accessibility of a library, you should assign each library to an application server.
10. Type marcel1 as the libref. Move the path s:\workshop\OrionStar\orgold to the Selected items list.
Click .
If the path is not in the Available Items list, click and add the path.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N A libref is a nickname or short reference to the physical location of the data.
It is a best practice to use unique librefs in the metadata. Uniqueness of librefs is not
enforced.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12. Under Data Library Manager, expand Libraries. Right-click Marcel Orion Star Library 1 and
select Register Tables….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
13. Verify the library settings and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
If you get prompted for credentials, you are probably logged in as an unrestricted user.
14. Hold down the CTRL key and select CUSTOMER_DIM, GEOGRAPHY_DIM,
ORGANIZATION_DIM, and TIME_DIM. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
16. The tables are registered in the metadata and now appear in SAS Management Console. Close
f
SAS Management Console.
C o t
N
Exercises
1. Using SAS Data Integration Studio to Register a SAS Library and Tables
a. Log on to SAS Data Integration Studio as Marcel using the My Server profile.
b. On the Folders tab, expand Orion Star Ö Marketing Department. Right-click Data and select
c .
In
New Ö Library….
u t
Type of library: SAS BASE Library e
c. Create a library with the following characteristics:
t i t
Name: Marcel Orion Star Library 2
.
I n s i o n
Location: /Orion Star/Marketing Department/Data
Selected servers: SASApp
S
Libref: marcel2
u t
S A tri b
Path specification: S:\Workshop\OrionStar\orgold
h t i s
d. Register the ORDER_FACT and PRODUCT_DIM tables.
i g d
e. Open the ORDER_FACT table.
r r e
p y
o r
Right-click ORDER_FACT and select Open.
C o t f
f. Register the CUSTOMER_DIM table. What error message do you get? What is the source
of the problem?
N o
g. Can Marcel create a library with the following characteristics? If not, what is the problem?
Type of library: SAS BASE Library
Location: /Shared Data

Libref: marcel3

2. Using SAS Enterprise Guide Explorer to Register a SAS Library

a. Open SAS Enterprise Guide. Change the connection to connect as Marcel.
Click the Connection link in the status bar

or select Tools Ö Options Ö Administration Ö Modify.
b. Select Tools Ö SAS Enterprise Guide Explorer.
c. Select File Ö New Ö Library….
c .
In
d. Create a library with the following characteristics:
Libref: marcel3
u t e
t i t .
Assign library using: Metadata Library Engine (with Show only tables with metadata
Server: SASApp
I n s
definitions selected)
i o n
S u t
Path: S:\Workshop\OrionStar\orgold
A tri b
Folder location: /Orion Star/Marketing Department/Data
S
h t
e. Expand Servers Ö SASApp Ö Libraries. Right-click Marcel Orion Star Library 3 and select
i s
Assign. Do any tables appear? Assign the Orion Star Library. Do any tables appear? Why do
r i g r e d
tables appear for one library but not the other?
f. Right-click Marcel Orion Star Library 3 and select Unassign. Right-click Marcel Orion Star
p y Library 3 and select Properties. Select Assignment and clear the Show only tables with
r
metadata definitions check box. Save the changes. Assign the library. Do any tables appear?
o
C o t f
g. With the library assigned, right-click on the library and select Properties. How are the properties
different than when the library is unassigned?
N o
3. Registering an Oracle Library and Tables

a. Log on to SAS Management Console as Marcel.
b. Create a new library with the following characteristics:
Type of library: Oracle Library
Name: Orion Start Oracle Library
c .
In
Libref: Ora001
u t e
Database Server: Orion Star Oracle Database Server (See the characteristics of the new server
below.)
t i t .
I n s
Database Schema Name: SCOTT
i o n
S u t
Create a new database server with the following characteristics:
A tri b
Name: Orion Star Oracle Database
S
h t
Major version number: 11
i s
r i g r e d
Minor version number: 1
Software version: 11.1.0.6.0
p y r
Vendor: Oracle Corporation
o
C o f
Associated Machine: localhost
t
N oPath: ora11g
Authentication Domain: OraAuth (Hint: You need to create this new authentication domain.)
c. In the User Manager plug-in, modify the properties of the Orion Star Users group. Add the
following login:
User ID: Scott
Password: tiger
Confirm Password: tiger
Authentication Domain: OraAuth
d. In the Data Library Manager plug-in, right-click Orion Star Oracle Library and select
Display LIBNAME Statement…. Verify that the value contains the USER= and PASSWORD=
options.
e. Register all of the tables for this library.
4. Registering an ODBC Data Source

a. Create an ODBC data source.
1) Select Start Ö Control Panel. Double-click Administrative Tools.
2) Double-click Data Sources (ODBC).
3) In the ODBC Data Source Administrator window, click the System DSN tab and click
.
c .
4) Select Microsoft Access Driver (*.mdb) as the driver type and click
e
5) Type SPAFT Course Data as the value for the Data Source Name field.
.
In
6) Click
t u t
in the Database area.
s t i n .
7) Navigate to s:\workshop\spaft in the Directories area and select SPAFT.mdb in the
I n
Database Name area. Click
t i o .
8) Click
S
A tri b
Ö
u .
b. Register metadata for a table in a Microsoft Access database.
t S
1) Log on to SAS Management Console as Ahmed. In the Plug-ins tab, right-click on the
s
i g h d i
Server Manager plug-in and select New Server….
y r r e
2) Create a server with the following characteristics:
Type of server: ODBC Server
o p f o r
Name: SPAFT Course Microsoft Access Database Server
C o t Data Source Type: ODBC – Microsoft Access

Datasrc: "SPAFT Course Data"
N Select the Datasrc radio button to type the value. The quotation marks are necessary
because the ODBC data source name has spaces.
3) Expand Data Library Manager, right-click on the Libraries folder, and select
New Library….
4) Create a library with the following characteristics:
Type of library: ODBC Library
Name: SPAFT Course Microsoft Access Database
Location: /Orion Start/Marketing Department/Data

c .
Libref: spftodbc
e In
t u t
Database Server: SPAFT Course Microsoft Access Database Server
s i
Connection: Connection: SPAFT Course Microsoft Access Database Server
t n .
5) Register the CustType table. Open the table.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.2 Updating Table Metadata
Objectives
Identify when it is necessary to update table metadata.
List the tools available for updating table metadata
and the differences between them.
Update table metadata using
c .
In

SAS Management Console.
Update table metadata using
t e
u

t i t
Update table metadata using SAS Enterprise Guide.
.
Update table metadata using the METALIB procedure.
I n s i o n
S u t
1
5
15
S A tri b
h t i s
r i g r e d
Why Update Table Metadata?
Updating table metadata enables you to do the following:
p y o r
add table metadata for tables that exist in the physical
library but have no metadata in the repository
C o t f
N o
Metadata
Physical data
1
6
16 continued...
8.2 Updating Table Metadata 8-25

update table definitions to match corresponding
physical tables including changes to the table’s
columns and indexes
c .
e In
t u t
s t i n .
1
7
17
S
A tri b
u
t S s
i g h d i
delete metadata for table definitions that exist in the
metadata repository but do not have a corresponding
y r r e
table in the physical library
o p f o r No match
C o t
N Metadata
Physical data
18
1
8
Methods for Updating Table Metadata

The METALIB procedure enables you to update table
metadata and is available in the following ways:
SAS Management Console’s update metadata feature
SAS Data Integration Studio’s update table metadata

feature
SAS Enterprise Guide Update Library Metadata task
c .
In
custom code using the METALIB procedure
u t e
t i t .
19
I n s i o n
t
1
9
S u
The SAS Enterprise Guide Update Library Metadata task is a capability under Role Management.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N

From the Data Library Manager plug-in, select one or
more tables and right-click to access the update metadata
feature.
c .
e In
t u t
s t i n .
2
0
20
I n t i o
S
A tri b u
t S s
If you select one or more tables, you can right-click
i g h d i
to access the update table metadata feature.
y r r e
o p f o r
C o t
N
21
2
1

In the Update Library Metadata task, select the
application server and library to update and the action
to perform.
c .
e In
t u t
s t i n .
2
2
22
I n t i o
S
A tri b u
The Update Library Metadata task is available either from the Task List, under the Tools category,
or by selecting Tools Ö Update Library Metadata.
t S s
i g h d i
METALIB Procedure
y r r e
The METALIB procedure gives you the most control over
the updating features and can be run in batch.
o p f o r Task
Specify the data source and connection
Statement
OMR statement
C o t
parameters for the metadata server
Exclude or select a table or list of tables
for processing
EXCLUDE or
SELECT statement
N Specify where the new metadata is stored

in SAS folders
Specify the maximum number of Job or
FOLDER or
FOLDERID statement
IMPACT_LIMIT
Transformation objects that can be affected statement
by updates to table definitions
2
3
23 continued...
METALIB Procedure
The METALIB procedure gives you the most control over
the updating features and can be run in batch.
Task Statement
Suppress the metadata changes from being NOEXEC statement
made
Specify a text string to add to the beginning
of all new metadata object names
PREFIX statement
c .
Create a report that summarizes metadata
changes
e
REPORT statement
In
t
Override default update behavior UPDATE_RULE
statement
t i t u .
24
I n s i o n
t
2
4
S u
The METALIB procedure syntax is as follows:
A tri b
t S
PROC METALIB;
OMR <=> (LIBID = <">identifier<"> | LIBRARY = <">name<">
s
i g h d i
| LIBRARY = "/folder-pathname/name" |
| LIBURI = "URI-format"
<server-connection-arguments>);
y r r e
<EXCLUDE <=> (table-specification <table-specification-n>);> |
o p f o r
<SELECT (table-specification <READ=read-password>
< table-specification-n <READ=read-password-n>>);>
C o t
<FOLDER <=> "/pathname";> |
<FOLDERID <=> "identifier.identifier";>
N <IMPACT_LIMIT = n;>
<NOEXEC;>
<PREFIX <=> <">text<">;>
<REPORT <<=> (report-arguments)>;>
<UPDATE_RULE <=> (<DELETE> <NOADD> <NODELDUP> <NOUPDATE>

<STATS_AUTH>);>
RUN;
For more information about the METALIB procedure, refer to SAS® 9.2 Language Interfaces to
Metadata.
METALIB Procedure
The Create permission on the library is required
if PROC METALIB is being used to add table
metadata.
The Update Library Metadata task in SAS Enterprise

Guide uses PROC METALIB.
c .
e In
t u t
s t i n .
2
5
25
I n t i o
S
A tri b u
Table Metadata Updating Functionality
t S s
The functionality available varies depending on the tool
i g h d i
used to update table metadata:
e
SAS Data SAS PROC
y r r r Integration Studio Enterprise METALIB

SAS Management Guide
o p f o
Report on differences
between metadata and
No
Console
Yes Yes
C o t
physical data
Select specific tables to Yes No Yes
N update
Add new table
registrations
Delete obsolete tables
No
No
Yes
Yes
Yes
Yes
26
2
6
You can register new tables or delete existing table metadata in SAS Data Integration Studio and
SAS Management Console, but not with the update table metadata feature.
The SAS Enterprise Guide Update Library Metadata task updates all of the existing table metadata
in a library and does not give you the option of selecting or excluding specific tables.
Exercises
5. Updating Table Metadata with SAS Data Integration Studio

a. Log on to SAS Data Integration Studio as Marcel.
b. Right-click on the CUSTOMER_DIM table and update the metadata.
c .
associated with?
e In
c. Right-click on the Orion Star Products table and select Analyze. What objects is this table
u t
6. Updating Table Metadata with SAS Enterprise Guide
t
t i .
a. Open SAS Enterprise Guide and verify that you are logged on as Marcel.
s n
b. Select Tools Ö Update Library Metadata….
I n t i o
c. Select SASApp as the server and Marcel Orion Star Library 1.
S u
d. Select Report on the differences between physical tables and the metadata repository.
A tri b
t S
e. View the results. Do any tables need to be updated? Do any tables need to be added?
Do any tables need to be deleted?
s
i g h d i
f. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion Star
Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1". Keep the
y r r e
same server and library, but choose to update and add table definitions in the metadata with the
o p f o r
actual tables and columns. Are any new tables defined? If so, are they duplicates of tables that
already exist in that folder?
C t
g. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion
Star Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1".
o
For which actions can you override the default credentials? What are the default credentials?
N Why or when might you want to override the default credentials?

7. Updating Table Metadata with SAS Management Console
a. In the Data Library Manager plug-in, select Marcel Orion Star Library 2.
b. Select one or more tables, right-click, and select Update Metadata….
8. (Optional) Updating Table Metadata with PROC METALIB
a. Write the code that you need to generate a report of the differences between the metadata
and physical data in the Orion Star library.
b. Save the code to a file with the .sas extension and submit it in batch.
c. Modify the code to update the tables. Submit the code in batch.
8.3 Pre-Assigning Libraries
Objectives
Identify how libraries can be assigned.
Pre-assign a library in the metadata.
Pre-assign a library using an autoexec file.
c .
e In
t u t
s t i n .
I n t i o
29 S
A tri b u
S
2
9
h t i s
r i g r e d
Library Assignment
Libraries can be assigned in two ways:
p y o r
By default, libraries are assigned by the client
applications but not until a user tries to access a
C o t f
library. In other words, library assignment is deferred
until it is needed.
N o Libraries can also be assigned when the server starts

(pre-assigned).
30
3
0
Pre-assigning a large number of libraries can have a negative impact on the time required to start
up the server.
8.3 Pre-Assigning Libraries 8-33
Pre-Assigning Libraries
You can pre-assign a library in a couple of ways:
in the metadata
in a server autoexec file
Libraries assigned by an autoexec file take precedence

over same-named libraries pre-assigned in the metadata.
c .
In
The best practice is to pre-assign libraries using only
one method if possible. Having configuration
u t e
information in two places increases maintenance.
t i t .
31
I n s i o n
t
3
1
S
A tri b u
Pre-assigning a library in the metadata attaches a flag to the library itself and therefore applies
to all servers that the library is assigned to.
t S
Pre-assigning a library in an autoexec file affects only the server(s) that uses that autoexec file.
s
i g h d i
y r r e
Advantages of Pre-Assigning Libraries
o p o r
If you pre-assign libraries,
you control which engine is used to access the data
f
library assignments are identical across all SAS client
C o t applications and servers

stored processes can access libraries without having
N to manage library assignments in the stored process

code
scheduled jobs running on a DATA Step Batch Server
can access the same libraries as when the process
was created.
32
3
2
When SAS Enterprise Guide accesses a pre-assigned library, it displays all of the tables in the physical
location that the user has access to. In other words, it ignores table metadata.
Disadvantage of Pre-Assigning Libraries

The biggest disadvantage of pre-assigning libraries is that
pre-assigning an excessive number of libraries can slow
the execution of SAS jobs for all users.
The server does not become available to the user until
all pre-assigned libraries are assigned.
c .
e In
t u t
s t i n .
3
3
33
I n t i o
S
A tri b u
Pre-Assigning Libraries in the Metadata
t S s
Use SAS Management Console to pre-assign libraries
i g h d i
in the metadata. In the Data Library Manager, right-click
on the library and select Properties Ö Options Ö
y r r e
Advanced Options… Ö Pre-Assign. Select the check
box.
o p f o r
C o t
N
34
3
4
Pre-Assigning Libraries in the Metadata

For each SAS/CONNECT server and each DATA Step
Batch Server, add the following SAS system option to the
sasv9_usermods.cfg file:
-metaautoresources
"omsobj:ServerComponent?@Name='SASApp'"
c .
e In
t u t
s t i n .
3
5
35
I n t i o
S
A tri b u
For the SAS/CONNECT server, the sasv9_usermods.cfg file is
in SAS-config-dir\Lev1\SASApp\ConnectServer.
t S
For the DATA Step Batch Server, the sasv9_usermods.cfg file is
s
in SAS-config-dir\Lev1\SASApp\BatchServer.
i g h d i
y r r e
Pre-Assigning Libraries in an Autoexec File
o p o r
1. Add the LIBNAME statement to the autoexec file.
f
C t
libname orstar "s:\workshop\OrionStar\orstar";
o 2. Restart the object spawner and any server processes
N whose autoexec files were modified.
36
3
6
Pre-Assigning Libraries with the Metadata

LIBNAME Engine
1. Register the library in the metadata.
2. Flag the library as pre-assigned.
3. Add the metadata LIBNAME statement
to an autoexec file.
libname orstar meta
library="Orion Star Library";
c .
4. Restart the object spawner and any server processes
e
whose autoexec files were modified. In
t u t
s t i n .
3
7
37
I n t i o
S
A tri b u
For information about the LIBNAME statement for the metadata engine, refer to the
SAS® Language Interfaces to Metadata.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
9. Pre-Assigning Libraries
a. What are the advantages of pre-assigning libraries for a stored process server?
What are the disadvantages?
c .
In
b. What are the advantages of pre-assigning libraries for a workspace server?
t e
c. What are the disadvantages of pre-assigning RDBMS libraries?
u
i t
d. Pre-assign the Orion Star Library in the metadata.
t .
configuration file.
I s i o n
e. Add the METAAUTORESOURCES= system option to the DATA Step Batch Server
n
S u t
10. Pre-Assigning Libraries in Autoexec Files
A tri b
a. If you want to pre-assign a library for the stored process server alone, which autoexec file would
you modify?
S
h t
you modify?
i s
b. If you want to pre-assign a library for all of the servers in SASApp, which autoexec file would
r i g r e d
p y o r
C o t f
N o
8.4 Troubleshooting Data Access
Objectives
Identify potential data access problems and how
to resolve them.
Test the LIBNAME statement generated from a library
metadata registration.
c .
Examine the use of formats and how to make them
available to SAS servers.
e In

t u t
Explore duplicate table registrations.
Identify the impact of not assigning a library

to a server.
s t i n .
Identify when the metadata LIBNAME engine
I n
is used to connect to data.
t i o
40 S
A tri b u
S
4
0
h t i s
r i g r e d
Connection Information
The New Library Wizard uses an instance of a workspace
p y o r
server to register new paths. If the path becomes
unavailable or changes, you can encounter an error when
C o f
connecting to the library.
t
N o
1 LIBNAME orstar BASE "S:\Workshop\OrionStar\orstar2";
NOTE: Library ORSTAR does not exist.
41
4
1
8.4 Troubleshooting Data Access 8-39
Connection Information
For RDBMS libraries, additional connection information
is required and could be erroneous:
server host
database name
schema name
credentials
c .
e In
t u t
s t i n .
4
2
42
I n t i o
S
A tri
RDBMS Libraries b u
t S s
i g h d i The correct
y r r e SAS/ACCESS product
must be licensed,
o p f o r installed,
and configured.
C o t
N
4
3
43 continued...
SAS/ACCESS must be on the same machine as the SAS process that will be accessing the data. In a
UNIX environment, the configuration of SAS/ACCESS requires setting some environment variables.
You can test SAS/ACCESS by submitting a LIBNAME statement from a SAS session.
RDBMS Libraries
c .
The database client
must be installed
e In
and configured on
same machine as
t u t
SAS/ACCESS.
s t i n .
4
4
44
S
A tri b u
The database client installation and configuration is typically done by a database administrator (DBA).
The DBA has access to tools that help test the configuration and connection to the database server.
t S s
i g h
RDBMS Libraries
d i
y r r e The database server
must be running and
o p f o r the connection typically

includes credentials
to be authenticated
t
by the database server.
C o
N
45
4
5
Databases typically maintain credentials separate from other authentication providers.

Library Metadata
The library metadata is converted to a LIBNAME
statement which you can access from the
Data Library Manager.
c .
e In
t u t
s t i n .
4
6
46
I n t i o
S
A tri b u
To retrieve the complete LIBNAME statement, including the user ID and password, you must be
connected to SAS Management Console as a user who has access in the metadata to credentials for
t S
the authentication domain associated with the database server.
s
i g h d i
y r r e
o p f o r
C o t
N
Testing LIBNAME Statement

Copy the LIBNAME statement from SAS Management
Console and submit in SAS session. For RDBMS
libraries, add SASTRACE= and SASTRACELOC= options
for additional information.
options sastrace=',,,d' sastraceloc=saslog;
LIBNAME ora002 ORACLE PATH=oracle9i
SCHEMA=SCOTT USER=scott
c .
In
PASSWORD="{sas002}F77E0C345A42C6A753443DCE";
u t e
t i t .
47
I n s i o n
t
4
7
S
A tri b u
The SASTRACE= option generates trace information from a DBMS engine. Setting the option to
',,,d' specifies that all SQL statements sent to the DBMS are sent to the log. These statements will
16 S
help the DBA troubleshoot potential connection problems.
t s
options sastrace=',,,d' sastraceloc=saslog;
17
g h d i
LIBNAME ora002 ORACLE PATH=oracle9i SCHEMA=SCOT USER=scott
17 ! PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
i
y
Engine:
r e
NOTE: Libref ORA002 was successfully assigned as follows:
r ORACLE
r
Physical Name: oracle9i
o p f o
SCHEMA used: SCOT 48 1552509816 Main 0 DMSEXP
49 1552509816 Main 0 DMSEXP
C t
ORACLE_1: Prepared: on connection 1 50 1552509816 Main 0 DMSEXP
o
SELECT OBJECT_NAME ,OBJECT_TYPE FROM ALL_OBJECTS OBJ WHERE (OBJ.OWNER ='SCOT') AND
N
(OBJ.OBJECT_TYPE IN ('TABLE','VIEW')) UNION ALL SELECT SYNONYM_NAME ,'SYNONYM' FROM
ALL_OBJECTS
OBJ,ALL_SYNONYMS SYN WHERE (SYN.OWNER ='SCOT') AND (OBJ.OBJECT_TYPE IN ('TABLE','VIEW')) AND
(SYN.TABLE_OWNER=OBJ.OWNER ) AND (SYN.TABLE_NAME=OBJ.OBJECT_NAME ) UNION ALL SELECT SYNONYM_NAME
,'SYNONYM' FROM ALL_SYNONYMS SYN WHERE (SYN.OWNER ='SCOT') AND DB_LINK IS NOT NULL 51
1552509816
Main 0 DMSEXP
52 1552509816 Main 0 DMSEXP
53 1552509816 Main 0 DMSEXP
ORACLE_2: Executed: on connection 1 54 1552509816 Main 0 DMSEXP
SELECT statement ORACLE_1 55 1552509816 Main 0 DMSEXP
56 1552509816 Main 0 DMSEXP
Formats
A format is an instruction that SAS uses to write data
values. SAS provides some standard formats and users
can create custom formats.
An example of a SAS standard format:
12345 Dollar12.2 $12,345.00
c .
In
An example of a custom format:
FR $COUNTRY France
u t e
t i t .
48
I n s i o n
t
4
8
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Formats
Formats can be associated with table column metadata.
If the format is not available, an error is generated.
c .
e In
t u t
s t i n .
4
9
49
I n t i o
1 S
A tri b u
Another error message that is produced for this problem:
LIBNAME osdmstar BASE "S:\workshop\OrionStar\orstar";
Engine:
S
NOTE: Libref OSDMSTAR was successfully assigned as follows:
t BASE
s
i g h d i
Physical Name: S:\workshop\OrionStar\orstar
ERROR: Format $COUNTRY not found or couldn't be loaded for variable Customer_Country.
r r e
ERROR: Format $GENDER not found or couldn't be loaded for variable Customer_Gender.
y
o f o r
If you cannot access the formats, you can bypass this error by including the following SAS option
p
to suppress the error and display the stored values:
t
OPTIONS NOFMTERR:
C o
N
Formats
The location of custom formats is specified in a sasv9.cfg
file. By default, the formats should be stored in a catalog
named FORMATS in the SASEnvironment/SASFormats
configuration directory.
-set APFMTLIB "SASEnvironment/SASFormats"

-insert fmtsearch APFMTLIB
c .
e In
t u t
s t i n .
5
0
50
I n t i o
S
A tri b u
The FMTSEARCH option specifies the order in which format catalogs are searched. The
WORK.FORMATS catalog is always searched first, and the LIBRARY.FORMATS catalog is searched
t S
next unless one of them appears in the FMTSEARCH= list.
s
The SET option assigns a libref to a physical location which is used here in the FMTSEARCH= list.
i g h d i
y r r e
Duplicate Table Registrations
o p o r
It is possible to register the same table twice which can
f
cause problems. Use the SAS Data Integration Studio
C o t
impact analysis tools to help determine if a duplicate can
be deleted.
51
5
1
Duplicate table registrations can be deleted using SAS Management Console, SAS Data Integration
Studio, or SAS OLAP Cube Studio. PROC METALIB can also delete duplicate table metadata, but you
cannot control which table is considered the duplicate.
Server Assignment
If a library is not assigned to a server context, the library
will not be available in the SAS Add-In for Microsoft Office
or SAS Enterprise Guide.
c .
e In
t u t
s t i n .
5
2
52
I n t i o
S
A tri b u
You can view or edit a library server assignment in SAS Management Console,
SAS Data Integration Studio, and SAS OLAP Cube Studio.
t S s
i g h
Security
d i
y r r e
Access to a table requires access to
server metadata for a server that will open data
o p f o r
database server metadata for RDBMS libraries
credentials for server(s)
C o t
table metadata
a table in an operating system or RDBMS.
N
53
5
3
Metadata Security
The level of metadata security applied to the tables
depends on whether the metadata LIBNAME engine
is used.
Metadata LIBNAME Metadata LIBNAME engine
engine used not used
Not pre-
assigned
SAS Enterprise Guide SAS Data Integration Studio
SAS Add-In for SAS OLAP Cube Studio
c .
In
Microsoft Office SAS Information Map Studio
Pre- Only if specified in If specified either in metadata
assigned
metadata engine
u t
autoexec file with
e or in autoexec file with non-
metadata engine
t i t .
54
I n s i o n
t
5
4
S
A tri b u
When the metadata LIBNAME engine is used, the Read, Write, Create, and Delete options
are enforced on the library and tables.
t S s
i g h d i
y r r e
o p f o r
C o t
N

1. Using SAS Data Integration Studio to Register a SAS Library and Tables
a. Log on to SAS Data Integration Studio as Marcel using the My Server profile.
b. On the Folders tab, expand Orion Star Ö Marketing Department. Right-click Data and select
New Ö Library….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Create a library with the following characteristics:

Libref: marcel2

1) In the New Library Wizard, select SAS BASE Library as the type of library
and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type the name of the library metadata definition and verify the correct folder location.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Make SASApp the selected server and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Type the name of the libref and specify the path specification.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r If the path is not in the Available Items list, click . Type the correct path
C o t or click to select the path. Click .
N
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Register the ORDER_FACT and PRODUCT_DIM tables.
1) Right-click on the new library and select Register Tables….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click in the Register Tables window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Select the tables and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
4) Click
r e .
o p f o r
C o t
N
e. Open the ORDER_FACT table.
Right-click ORDER_FACT and select Open.
f. Register the CUSTOMER_DIM table.

What error message do you get?
There is already a CUSTOMER_DIM table definition in the folder.
What is the source of the problem? The Register Tables… functionality does not allow
duplicate table names in the same metadata folder.
1) Right-click on the library and select Register Tables…. Click

c
in the Register.
Tables window. Select the CUSTOMER_DIM table and click
e
Ö
In .
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click to view the SAS log.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) The CUSTOMER_DIM table is already registered. Click .
o p f o r
C o t
N
g. Can Marcel create a library with the following characteristics? If not, what is the problem?
No. Marcel does not have permissions to create content in the Shared Data folder.
Location: /Shared Data

Libref: marcel3
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2. Using SAS Enterprise Guide Explorer to Register a SAS Library

a. Open SAS Enterprise Guide. Change the connection to connect as Marcel.
Click the Connection link in the status bar or select

Tools Ö Options Ö Administration Ö Modify. If necessary, set the My Server
connection profile as active.
b. Select Tools Ö SAS Enterprise Guide Explorer.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
c. Select File Ö New Ö Library….
y
o p f o r
C o t
N
d. Create a library with the following characteristics:

Libref: marcel3
Assign library using: Metadata Library Engine (with Show only tables with metadata
definitions selected)
Server: SASApp
Path: S:\Workshop\OrionStar\orgold
c .
Folder location: /Orion Star/Marketing Department/Data
e In
t u t
1) Type the name of the library definition. Click .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type the name of the libref. Verify that the Metadata Library Engine radio button is selected
and that the Show only tables with metadata definitions check box is selected. Click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Assign the SASApp server by selecting the check box. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Verify that the engine type is File System. Verify that the engine is BASE - Latest Version of
Base SAS and type the physical path of the library. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
5) Click
f o r on Step 5 of 7 – no options to specify.
C o t
N
6) Specify the metadata folder location and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Verify the information and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Expand Servers Ö SASApp Ö Libraries. Right-click Marcel Orion Star Library 3

and select Assign.
Do any tables appear? No
Assign the Orion Star Library. Do any tables appear? Yes
Why do tables appear for one library but not the other?
No table metadata is defined for Marcel Orion Star Library 3.
1) Right-click on the Marcel Orion Star Library 3 library and select Assign.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
No tables are defined.
C o t
N
2) Assign Orion Star Library. Tables are available.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
f. Right-click Marcel Orion Star Library 3 and select Unassign. Right-click on Marcel Orion
Star Library 3 and select Properties. Select Assignment and clear the Show only tables with
metadata definitions check box. Save the changes. Assign the library.
Do any tables appear? Yes
1) Right-click Marcel Orion Star Library 3 and select Unassign.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Open the properties and select Assignment. Clear the Show only tables with metadata
definitions check box. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u

t S s
The choice to show only tables with metadata definitions refers to an option for the
i g h d i
metadata LIBNAME engine, METAOUT.
r e
3) Right-click and select Assign from the menu.
y r
o p f o r
C o t
N
Tables now appear.
c .
e In
t u t
s t i n .

I n i o
The library might need to be refreshed to display the tables.
t
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
g. With the library assigned, right-click on the library and select Properties. How are the properties
different than when the library is unassigned?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1) Right-click on the library and select Unassign.
2) Right-click on the library and select Properties. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. Registering an Oracle Library and Tables

b. Click the Plug-ins tab. Expand the Data Library Manager plug-in and expand Libraries.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
1) Right-click Libraries and select New Library… from the menu.
o p f o r
C o t
N
2) Select Oracle Library as the type in the New Library Wizard. Click .
3) Type the library metadata name Orion Star Oracle Library. Verify that the location
of the new library is /Orion Star/Marketing Department/Data. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Make SASApp the selected server. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Type the libref ora001. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Notice that there are no Database Server definitions. Click to define a new
database server object.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Type the server name Orion Star Oracle Database Server. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Specify localhost as the host name of the Oracle server in the Associated Machine
field and verify the correct software and vendor information. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Type the Oracle Path information, ora11g. Verify that the authentication type is
User/Password. Define a new authentication domain by clicking .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t

N This Oracle server uses internal security, so the DefaultAuth authentication domain
will not work.
10) Define a new authentication domain, OraAuth. Click Ö .

11) Review the information and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12) The new database server is defined. Type SCOTT in the Database Schema Name field.
Accept the defaults for the connection details. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13) Review the information and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
c. In the User Manager plug-in, modify the properties of the Orion Star Users group.
o
Add the following login:
N User ID: Scott
Password: tiger
Confirm Password: tiger
Authentication Domain: OraAuth

1) Verify that you are logged on to SAS Management Console as Ahmed.
2) Select the User Manager plug-in. Change the display to show groups only. Right-click
on the Orion Star Users group and select Properties.
3) On the Accounts tab, click to define a new account.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
4) Type Scott as the user ID and tiger as the password. Select OraAuth as the
t S
authentication domain. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
5) The Orion Star Group now has a shared login to access the Oracle database. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
d. In the Data Library Manager plug-in, right-click Orion Star Oracle Library and select
options.
t S
Display LIBNAME statement…. Verify that the value contains the USER= and PASSWORD=
s
h d i
1) Verify that you are logged on to SAS Management Console as Marcel.
i g
y r r e
2) Expand Data Library Manager Ö Libraries, right-click Orion Star Oracle Library,
and select Display LIBNAME Statement….
o p f o r
C o t
N
3) Click .
c .
e In
t u t
s i
e. Register all of the tables for this library.
t n .
1) Right-click Orion Star Oracle Library and select Register Tables….
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Review the library information and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click , verify that the metadata folder location is

/Orion Star/Marketing Department/Data, and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r If needed, use to change the location to the correct metadata folder.
C o t
N
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
4. Registering an ODBC Data Source
o p o r
a. Create an ODBC data source.
f
C t
1) Select Start Ö Control Panel. Double-click Administrative Tools.
o
N
2) Double-click Data Sources (ODBC).
c .
e In
t u t
s t i n .
click n .
t i o
3) In the ODBC Data Source Administrator window, click the System DSN tab and
I
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Select Microsoft Access Driver (*.mdb) as the driver type and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
5) Type SPAFT Course Data as the value for the Data Source Name field.
h
6) Click
y r r e in the Database area.
o p f o r
C o t
N
7) Navigate to s:\workshop\spaft in the Directories area and select SPAFT.mdb in the Database
Name area. Click .
If the s:\ drive does not appear in the list, you need to change the s:\ drive properties so
that it is not hidden.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
8) Click
t S s
Ö .
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
b. Register metadata for a table in a Microsoft Access database.
g h d i
1) Log on to SAS Management Console as Ahmed. In the Plug-ins tab, right-click
i
y r r e
on the Server Manager plug-in and select New Server….
o p f o r
C o t
N
2) Create a server with the following characteristics:
Type of server: ODBC Server
Name: SPAFT Course Microsoft Access Database Server
Data Source Type: ODBC – Microsoft Access

Datasrc: "SPAFT Course Data"
a) Select ODBC Server as the server type. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) Type the name of the server. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c) Use the drop-down arrow to specify the data source type. Verify that the associated
machine is localhost. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d) Type the ODBC data source name. Accept User/Password as the default authentication
type and select DefaultAuth as the authentication domain. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t You must select the Datasrc radio button to type the value. The quotation marks
are necessary because the ODBC data source name has spaces.
N
e) Review the information and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3) Expand Data Library Manager, right-click on the Libraries folder, and select
C o tNew Library….
N
4) Create a library with the following characteristics:

Type of library: ODBC Library
Name: SPAFT Course Microsoft Access Database
Location: /Orion Start/Marketing Department/Data

Libref: spftodbc
c .
In
Database Server: SPAFT Course Microsoft Access Database Server
u e
Connection: Connection: SPAFT Course Microsoft Access Database Server
t
a) Select the type of library. Click .
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
b) Type the name of the library metadata definition. Verify that the metadata folder location
is correct. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c) Assign SASApp as the selected server. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d) Type the libref name. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e) Verify the Database Server and Connection information. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
f) Review the information. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Register the CustType table.
a) Right-click on the new library and select Register Tables….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c) Select the table, verify that the metadata folder location is correct, and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
e) Log on to an application such as SAS Data Integration Studio and open the table.
r
o p f o r
C o t
N
5. Updating Table Metadata with SAS Data Integration Studio

a. Log on to SAS Data Integration Studio as Marcel.
b. Right-click on the CUSTOMER_DIM table and select Update Metadata.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1) Click in the Warning dialog box.
c .
e In
2) Click
t
to view the details.
t u
s t i n .
I n t i o
S
A tri b u
t S
3) Review the SAS log and click
s
.
i g h d i
y r r e
o p f o r
C o t
N
c. Right-click on the Orion Star Products table and select Analyze. What objects is this table
associated with?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Review the associated objects. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
6. Updating Table Metadata with SAS Enterprise Guide
s
i g h d i
a. Open SAS Enterprise Guide and verify that you are logged in as Marcel.
y r r e
o p o r
b. Select Tools Ö Update Library Metadata….
f
C o t
N
c. Select SASApp as the server and Marcel Orion Star Library 1. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Select Report on the differences between physical tables and the metadata repository.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. View the results. Do any tables need to be updated? Yes, two tables
Do any tables need to be added? Yes, two tables
Do any tables need to be deleted? No
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
f. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion Star
Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1". Keep the
same server and library, but choose to update and add table definitions in the metadata with the
actual tables and columns. Are any new tables defined? Yes
If so, are they duplicates of tables that already exist in that folder? Yes
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1) Click in Step 1 of the wizard.
2) In Step 2, select Update and add table definition in the metadata with the actual tables
and columns. Do not click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N Updating libraries and tables requires the Create permission.
3) Verify that Marcel has the required permission to update the library. Go to SAS Management
Console. (Verify that you are logged in as Ahmed.) Using the Data Library Manger plug-in,
open the properties of the library.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click the Authorization tab. Highlight the Data Integrators group in the Users and Groups
pane and grant the Create permission. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N Because Marcel is a member of the Data Integrators group, granting Create to this
group ensures that Marcel has the required permission.
5) Return to Step 2 of the Update Metadata wizard in SAS Enterprise Guide.
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N 7) Click to replace the previous results.
8) Review the results.
c .
e In
t u t
s t i n .
I n t i o
S
9) Return to SAS Management Console, select the Folders tab, expand Orion Star Ö
u
Marketing Department, and select Data. Table names are duplicated.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
g. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion
Star Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1".
For which actions can you override the default credentials? Update and add table definitions
in metadata with the actual tables and columns, Update only the existing table definitions
in metadata with the current column information, and Delete obsolete entries from the
metadata library (tables that no longer exist)
What are the default credentials? Marcel/Student1
Why or when might you want to override the default credentials? If the user that you used
to log on to SAS Enterprise Guide does not have the appropriate permissions to update
libraries and tables
c .
7. Updating Table Metadata with SAS Management Console
e
a. In the Data Library Manager plug-in, select Marcel Orion Star Library 2. In
t u t
(Verify that you are logged on as Marcel.)
Update Metadata….
s i
b. Select one or more tables in Marcel Orion Star Library 2, right-click, and select
t n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1) Click in the Warning dialog box.
c .
e In
2) Click
t
to view the details of the SAS log.
t u
s t i n .
I n t i o
S
A tri b u
3) Click
t S
.
s
i g h d i
y r r e
o p f o r
C o t
N
8. (Optional) Updating Table Metadata with PROC METALIB

a. Write the code that you need to generate a report of the differences between the metadata and
physical data in the Orion Star library.
proc metalib;
omr (library="Orion Star Library"
user="Marcel"
pw="Student1");
noexec;
report;
c .
In
run;
b. Save the code to a file with the .sas extension and submit it in batch.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
c. Modify the code to update the tables. Submit the code in batch.
1) Remove the NOEXEC statement. Save the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Verify that Marcel was granted the Create permission on the library.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Submit the file in batch.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Review the SAS log for errors.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
9. Pre-Assigning Libraries
s
g h d i
a. What are the advantages of pre-assigning libraries for a stored process server?
i
y r r e
• Stored process code does not need to include LIBNAME statements, which simplifies
code maintenance.
o p f o r
• Access to data is the same for all stored processes assigned to that server.
• You control the engine that is used to access the libraries. If you pre-assign using the
C o t
metadata LIBNAME engine, all data level permissions are enforced.
N • Access to data is the same for all stored processes assigned to that server.
• An excessive number of pre-assigned libraries might affect server performance.
• Using pre-assigned libraries can introduce additional maintenance for an administrator
if a new stored process needs access to a library that is not already pre-assigned.
b. What are the advantages of pre-assigning libraries for a workspace server?
You control the engine that is used to access the libraries. If you pre-assign using the
metadata LIBNAME engine, all data level permissions are enforced.
An excessive number of pre-assigned libraries might affect server performance.
c. What are the disadvantages of pre-assigning RDBMS libraries?

• A connection to the database is established at server startup whether the user accesses the
data or not (unless the DEFER=YES option is specified as a library option). This can
result in a large number of connections, especially if the server is a workspace server.
• If the connection to the RDBMS takes a long time or fails, the server either takes a long
time or never becomes available to the requesting user.
d. Pre-assign the Orion Star Library in the metadata.
1) Open the Properties of the Orion Star Library.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click the Options tab and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) In the Advanced Options window, click the Pre-Assign tab and click the
Library is pre-assigned check box. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Add the METAAUTORESOURCES= system option to the SASApp DATA Step Batch Server
configuration file.
1) Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\BatchServer.
Right-click sasv9_usermods.cfg and select TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Add the following statement to the file:
–metaautoresources "omsobj:ServerComponent?@Name='SASApp'"
C o t
N

10. Pre-Assigning Libraries in Autoexec Files

a. If you want to pre-assign a library for the stored process server alone, which autoexec file would
you modify?
C:\SAS\Config\Lev1\SASApp\StoredProcessServer\autoexec_usermods.sas
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. If you want to pre-assign a library for all of the servers in SASApp, which autoexec file would
you modify?
C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 9 Securing Metadata
9.1 Introduction to Metadata Security ................................................................................. 9-3

Demonstration: Identifying the ACT Applied to an Item and Effective Permissions............. 9-14
c .
Exercises .............................................................................................................................. 9-19
9.2
e
Exploring Metadata Permissions ................................................................................ 9-21 In
u t
Demonstration: Identifying Applicable Permissions ............................................................. 9-25
t
t i .
Exercises .............................................................................................................................. 9-28
s n
9.3
I n i o
Exploring Predefined ACTs ......................................................................................... 9-30
t
S u
Exercises .............................................................................................................................. 9-34
A tri b
9.4
S
Securing Content in the Folder Tree ........................................................................... 9-36
t s
i g h d i
Exercises .............................................................................................................................. 9-46
9.5
y r e
Securing Content outside the Folder Tree ................................................................. 9-53
r
o p f o r
Exercises .............................................................................................................................. 9-56
C 9.6
t
Creating Additional ACTs............................................................................................. 9-57
o Exercises .............................................................................................................................. 9-67
9.7 N Solutions to Exercises ................................................................................................. 9-69

9-2 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.1 Introduction to Metadata Security 9-3
9.1 Introduction to Metadata Security
Objectives
Identify how the metadata authorization layer interacts
with other security layers.
Identify where metadata permissions are assigned.
Identify to whom metadata permissions are assigned.
c .
In

Identify how metadata permissions are assigned.

are made.
u e
Explore how metadata authorization decisions
t
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r i g r e d
Metadata Authorization Layer
SAS provides a metadata-based authorization layer that
p y o r
supplements protections from the host environment and
other systems.
C o t f Metadata
N o WebDAV
Database System
Operating System
4
4
Across authorization layers, protections are cumulative. To perform a task, a user must have sufficient
access in all applicable layers.
Metadata Authorization Layer

You can use the metadata authorization layer to manage
access to the following resources:
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri
Authorization Tab b u
t S s
Each item’s effective permission settings are displayed
i g h d i
on that item’s Authorization tab. Permissions are set for
users and groups.
y r r e
o p f o r
C o t
N
6
6
Only relevant permissions are displayed on the Authorization tab for a particular object.
Identity Hierarchy
Identity precedence affects authorization decisions when
a user has more than one relevant permission setting
because of the user’s group memberships.
c .
e In
t u t
s t i n .
7
7
I n t i o
S
A tri b u
To avoid introducing unnecessary complexity, do not make PUBLIC or SASUSERS a member of another
group. This is not an issue for roles.
t S s
i g h d i
Where Are Permissions Set?
y r Explicit
r eThe permission is set on the current item

and individually assigned to the selected
o p ACT
f o r identity.
The permission comes from an applied ACT
C o t whose pattern explicitly assigns the grant or

denial to the selected identity.
N Indirect The permission comes from someone else

or somewhere else.
8
8
Indirect settings can be derived from group membership, be inherited from a parent item, and for the
WriteMemberMetadata permission, can mirror the WriteMetadata setting.
Authorization Tab
The check box color indicates how the permission was
assigned.
c .
e
explicit (white)
ACT (green) In
t u t indirect (gray)
s t i n .
9
9
I n t i o
ACTs
S
A tri b u
t S
Each ACT consists
s
i g h d i
of a pattern of grants
and denials that are
y r r e
assigned to different
users and groups.
o p o r
ACTs are created and
f
managed using the
C o t
Authorization Manager
plug-in.
N
10
1
0
Applying an ACT
When you apply an ACT to an object, the ACT settings
are added to the object’s protections.
c .
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri
Advantages of ACTs b u
t S s
When you want to assign the same settings to several
i g h d i
objects, using an ACT is beneficial.
It is easier to apply an ACT than it is to repeatedly
y r r e
set each permission.
o p f o r
Updates to an ACT permission pattern affect each
resource where the ACT has been applied.
C o t
N
12
1
2
Indirect Settings
Indirect settings come from
another group with an explicit or ACT setting
on that resource
a parent resource
from the repository ACT.
c .
e In
t u t
s t i n .
1
3
13
I n t i o
setting. S
A tri b u
For the WriteMemberMetadata permission, gray can indicate that the setting mirrors the WriteMetadata
t S
For an unrestricted user, gray indicates that a grant cannot be removed.
s
i g h d i
y r r e
Inheritance Paths
o p o r
Children inherit the net effect of their parents’ access
controls.
f
Most objects inherit permissions from folders. A number
C o t
of objects inherit permissions directly from the repository
ACT.
14
1
4
If an item has more than one immediate parent, a grant from any inheritance path is sufficient to provide
access. Having multiple immediate parents is not a common situation.
Repository ACT
The repository ACT is a template that is designated to
provide repository-level controls.
A user must have WM in the repository ACT to create
an object anywhere in the metadata.
Permissions on the repository ACT are applied
indirectly to all objects in the metadata.
– If there are no direct settings on the object or on
c .
any of that object’s parents, then the repository
ACT determines the outcome.
e In
u t
– If the repository ACT’s pattern neither grants
nor denies the permissions, then the permission
t
is denied.
s t i .
– If there is no repository ACT, all permissions
n
1
5
15
I n
are granted.
t i o
S
A tri b u
You should always have a designated repository ACT.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Authorization Decision Flowchart
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Permission conditions constrain explicit grants of the Read permission on OLAP dimensions (limiting
access to members) or information maps (limiting access to rows). On the Authorization tab, the presence
of an Edit Condition or Edit Authorization button indicates that a permission condition is assigned to the
currently selected user or group.
Precedence Principles for Authorization
Principle Example Outcome
Settings on an item have priority LibraryA has an explicit denial for PUBLIC. Joe cannot see
over settings on the item’s LibraryA’s parent folder has an explicit grant LibraryA.
parents. for Joe.
Conflicting settings on an item LibraryA has an explicit denial for GroupA Joe cannot see
are resolved by identity
precedence.
and an explicit grant for GroupAA. Joe is a
direct member of GroupA. GroupA is a direct
LibraryA.
c .
In
member of GroupAA.
If identity precedence does not

resolve a conflict, explicit
settings have priority over ACT
u e
LibraryA has an ACT denial for GroupA and
t
an explicit grant for GroupB. Joe is a direct
member of both GroupA and GroupB.
Joe can see
LibraryA.
settings.
t i t .
I n s
If identity precedence and the
type of setting do not resolve a
o n
LibraryA has an explicit denial for GroupA
and an explicit grant for GroupB. Joe is a
i
Joe cannot see
LibraryA.
conflict, the outcome is a denial.
S u t
direct member of both GroupA and GroupB.
A grant from any inheritance path ObjectA has no explicit or ACT settings, one Joe can see
S A tri
can provide access.
b immediate parent that conveys a grant, and
another immediate parent that conveys a
LibraryA.
h t i s denial.
r i g e d
The settings described for these examples are the only explicit or ACT settings for ReadMetadata
on LibraryA or ObjectA.
r
p y o r
C o t f
N o
Relative Precedence of Access Controls
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S u
Explicit and ACT settings on an object always have priority over settings on the object’s parent.
A tri b
t S
Security Plan
s
i g h d i
It is very important to create a security plan that
y r r e
documents how your environment is or will be secured.
The security plan should contain the following:
o p f o r
metadata users and groups and corresponding identity
hierarchies
C o t
roles and their membership
repository ACT settings and additional ACTs
N folder structure and permission settings
permission settings for servers, users, groups, roles,

ACTs, and so on
18
1
8
Identifying the ACT Applied to an Item and Effective

Permissions
1. In SAS Management Console, click the Folders tab.

2. Right-click SAS Folders and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
3. Click the Authorization tab.
i g h d i
y r r e
o p f o r
C o t
N
4. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5. In the Currently Using pane, expand Foundation. The SAS Administrator Settings ACT has been
applied to this item.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
6. In the Available pane, expand Foundation, Ole’s Work Repository, and Barbara’s Work
Repository. Additional ACTs are available. Each repository has a repository ACT named
Default ACT.
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Click .
8. On the Authorization tab, click .

9. The Inheritance tab identifies the other items from which this item can inherit permissions.
Click the Explore Authorizations tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10. Type Marcel in the Name or Display name field. Click . Marcel’s effective
permissions for this item are displayed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11. Click twice.
Exercises
1. Reporting about Existing Security

a. Use Windows Explorer to navigate to S:\Workshop\spaft. Create two subfolders named
Report and Security.
c .
In
b. Copy secrpt.sas from C:\Program Files\SAS\SASFoundation\9.2\core\sample to
S:\Workshop\spaft\Report.
t e
c. Open S:\Workshop\spaft\Report\secrpt.sas in TextPad.
u
1) Scroll to the bottom.
t i t .
I s i o n
2) Locate the OPTIONS statement. Provide the correct value for the METASERVER=,
n
METAUSER=, and METAPASS= system options.
S u t
3) Locate the FILENAME statement that assigns the rptdir fileref and provide
S:\Workshop\spaft\Report as the path value (in double quotation marks).
A tri b
4) Locate the LIBNAME statement that assigns the permlib libref and provide
S
S:\Workshop\spaft\Security as the path value (in double quotation marks).
h t i s
5) Locate the FILENAME statement that assigns the report fileref and provide
r i g r e d
S:\Workshop\spaft\Report\index.html.
6) Save the changes.
p y o r
d. Create a new file using TextPad. Type the following code and save the file as Report.sas in
C o t f
S:\Workshop\spaft\Report:
options metaserver=localhost metauser="Ahmed" metapass="Student1";
N o
libname permlib "s:\workshop\spaft\Security";
%mdsecds(outdata=permlib.mdsecds);
%include "S:\Workshop\spaft\Report\secrpt.sas";
The MDSECDS macro extracts security information from the metadata.
The LIBNAME statements and macro options are set to save the output SAS data sets
into folders under S:\Workshop\spaft\Security.
e. In Windows Explorer, right-click Report.sas and click Batch Submit with SAS 9.2.
Review Report.log for errors.
f. Open S:\Workshop\spaft\Report\index.html.
g. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.
Open mdsecds.sas using TextPad. In addition to the OUTDATA= parameter, what parameters can
you use with this macro?
2. Reporting about Existing Users and Groups

a. Create a new subfolder named User_group under S:\Workshop\spaft.
b. Create a new file using TextPad. Type the following code and save the file as User_extr.sas in
S:\Workshop\spaft\User_group:
libname ugroups "s:\workshop\spaft\User_group";
%mduextr(libref=ugroups);
The MDUEXTR macro is part of the user import macros and extracts information
c .

including user and group membership.
e In
t u t
into folders under S:\Workshop\spaft\User_group.
i
c. In Windows Explorer, right-click User_extr.sas and click Batch Submit with SAS 9.2.
t
Review User_extr.log for errors.
s n .
I n o
d. Open and examine the tables created by the code.
t i
S
e. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.
u
Open mduextr.sas using TextPad. In addition to the LIBREF function, what parameters can you
A tri
use with this macro?
b
t S
3. Creating and Applying an Access Control Template (ACT)
s
i g h d i
a. Use the Authorization Manager to create a new ACT with the following characteristics:
y r e
Name: Test Access Control Template
r
o p f o r
Permission Pattern: Deny RM and WM to Barbara
b. Apply an ACT.
C o t
1) Before applying the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
N 2) Apply the ACT to the Orion Star metadata folder.

3) After you apply the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
4) Can you remove Barbara from the Authorization tab?
5) Remove the ACT from the Orion Star metadata folder.
9.2 Exploring Metadata Permissions 9-21
9.2 Exploring Metadata Permissions
Objectives
Explore the use and enforcement of the different
metadata permissions.
c .
e In
t u t
s t i n .
I n t i o
22 S
A tri b u
S
2
2
h t i s
r i g r e d
Metadata Permissions
The permissions list on each Authorization tab includes
p y o r
at least two permissions:
ReadMetadata, which controls the ability to view
C o t fan item
WriteMetadata, which controls the ability to update
N o or delete an item
Other permissions are specialized and only affect
certain types of items.
23
2
3
Only permissions relevant to the item are displayed on the Authorization tab.
Use of Each Permission

ReadMetadata (RM) View an item or navigate past
a folder.
WriteMetadata (WM) Edit, delete, change
permissions for, or rename
an item.
WriteMemberMetadata Add an item to a metadata
c .
In
(WMM) folder or delete an item from
a metadata folder.
t e
CheckInMetadata (CM) Check in and check out items
u
in a change-managed area.
t i t .
24
I n s i o n
t
2
4
S
A tri b u
In any change-managed areas of a foundation repository, change-managed users should have CM instead
of WM and WMM. Change management is a SAS Data Integration Studio feature.
t S
WMM is only meaningful for metadata folders.
s
i g h d i
y r r e
o p o r
Here are some general rules to follow when assigning
permissions:
f
All users with a metadata identity should have RM and
C o t WM permissions in the foundation repository ACT.

It is recommended that if you grant WM, you do not
N deny WMM.
To enable someone to interact with a folder’s contents
but not with the folder itself, grant WMM and deny WM.
Before you deny RM on a folder, consider the
navigational consequences.
25
2
5
A folder’s WMM settings mirror its WM Settings unless the folder has explicit or ACT settings of WMM.
A grant (or deny) of WMM on a folder becomes an inherited grant (or deny) of WM on the items and
subfolders in that folder. WMM is not inherited from one folder to another.

Administer (A) Monitor an OLAP server; stop, pause,
resume, refresh, or quiesce a server
or spawner.
For the metadata server, the ability to stop, pause,

resume, and quiesce is managed by the Metadata Server:
c .
In
Operation role, not by the Administer permission.
u t e
t i t .
26
I n s i o n
t
2
6
S
A tri
Use of Each Permissionb u
t S
Read (R)
s Read data.
i g h
Create (C)
d i Add data.
y r Write (W)
r e Update data.
o p f o r
Delete (D) Delete data.
C o t Some clients, such as SAS Data Integration Studio

and SAS Enterprise Guide, enable users to create
N and run SAS programs that access data directly,

bypassing metadata layer controls.
27
2
7
The Read permission applies to several types of data including SAS tables, RDBMS tables,
information maps, and cubes. The other permissions are only enforced when accessing data using
the metadata LIBNAME engine.
The table server supports additional permissions for objects that are under the Table Server plug-in
in SAS Management Console. See the SAS® 9.2 Table Server Administrator’s Guide.
Enforcement of Each Permission

The Read, Create, Write, and Delete permissions only
affect certain types of items.
Read Create Write Delete
OLAP data 9
Information maps
Data accessed
9
9 9 9 9
c .
through metadata
LIBNAME engine
e In
Dashboard objects
Publishing channels
t u t 9 9
9
9
s t i n .
2
8
28
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Identifying Applicable Permissions
1. In SAS Management Console, on the Plug-ins tab, expand Server Manager.

2. Right-click SASApp and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
3. Click the Authorization tab. Only the RM, WM, and A permissions are listed.
t S s
i g h d i
y r r e
o p f o r
C o t
N
4. Click .
5. Click the Folders tab.

6. Expand System and select Types.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
7. Right-click Application server and select Properties.
s
i g h d i
y r r e
o p f o r
C o t
N
8. Click the Advanced tab. The ApplicablePermissions property identifies the permissions applicable to
this type of item.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9. Click .
Exercises
4. Identifying Permissions
Use SAS Management Console to identify which permissions appear on the permission lists for the
following types of items:
c .
Folder
RM WM WMM
e
CM A R C W
In D
Library
t u t
Table
s t i n .
Cube
Information I n t i o
map
S
A tri
(relational)
b u
t S
SAS Report
s
i g h
Workspace
Server
d i
y rUser
r e
o p o r
User Group
f
C o t
Role
N ACT
5. Assigning WriteMetadata and WriteMemberMetadata Permissions

b. On the Folders tab, right-click Data Mart Development and select New Folder. Create
a new folder named Parent.
c. Right-click on the Parent folder. Select Properties and the Authorization tab. Select PUBLIC
and add an explicit grant of WM. How does this affect WMM for PUBLIC?
d. Select the grant WM box for PUBLIC again to clear the explicit setting. How does this affect
WMM for PUBLIC?
c .
e. Add an explicit grant of WMM for PUBLIC. How does this affect WM for PUBLIC?
e In
t u t
f. Remove the explicit WMM grant for PUBLIC. How does this affect WM for PUBLIC?
explicit grant of WMM.
s i
g. Add Gloria to the permissions list for the Parent folder with an explicit denial of WM and an
t n .
I n t i o
h. Right-click on the Parent folder and select New Folder. Create a new folder named Child.
i. On the Authorization tab of the Child folder, select Gloria. What are the settings for WM
and WMM?
S
A tri b u
t S
j. Right-click My Folder. Are the following actions available or dimmed: New Folder,
New Stored Process, Rename, and Delete?
s
i g h d i
k. Right-click Parent. Are the following actions available or dimmed: New Folder,
y r r e
l. Delete the Parent folder.
o p f o r
C o t
N
9.3 Exploring Predefined ACTs
Objectives
Explore the settings of the predefined ACTs.
Explore where the predefined ACTs are assigned
by default.
c .
e In
t u t
s t i n .
I n t i o
32 S
A tri b u
S
3
2
h t i s
r i g r e d
Predefined Access Control Templates
The predefined ACTs are used in the initial configuration.
p y o r
The permission pattern should not be modified:
Default ACT
C o t f
Portal ACT
Private User Folder ACT
N o SAS Administrator Settings
33
3
3
If you do not have the SAS Information Delivery Portal at your site, you will not have the Portal ACT.
You might need to alter the membership of the Portal ACT.
If you need to modify the repository ACT, a best practice is to leave the current repository ACT
alone, create a new ACT with the settings you want and designate it as the repository ACT. This
enables you to revert to the previous repository ACT, if needed.
9.3 Exploring Predefined ACTs 9-31
Default ACT
Default ACT acts as the repository ACT by default:
RM WM WMM CM A R W C D
PUBLIC 8 8 8 8 8 8 8 8 8
SAS Administrators 9 9 9 9
SASUSERS
SAS System Services
9
9
9
9
9
9
c .
This ACT provides registered users with RM and WM
e In
repositories.
t u t
at the repository level. CM only affects users with project
8 = deny
t
9 = grant
s i n .
3
4
34
I n t i o
S
A tri
Portal ACT b u
t S s
The Portal ACT is used to set permissions on the
i g h d i
Permissions tree, which designates who can administer
the SAS Information Delivery Portal. By default, the
y r r e
SAS Trusted User is the only administrator for the portal.
o p f o
PUBLIC r RM WM WMM CM A
8 8
R W C D
t
SAS Trusted User 9 9
C o
N
35
3
5
Private User Folder ACT

The Private User Folder ACT is automatically applied
to each user’s personal folder.
PUBLIC 8 8 8
SAS Administrators
SAS System Services
9
9
9
8
9
8
c .
This ACT is applied to each user’s personal folder in
e
conjunction with explicit settings to grant the user RM, In
WMM, CM, and R.
t u t
s t i n .
3
6
36
I n t i o
S u
The user, by default, is also indirectly granted WM and A on the folder.
A tri b
t S s
SAS Administrator Settings
i g h d i
The SAS Administrator Settings ACT is used to grant
y r r e
the SAS Administrators group and SAS System Services
group access to metadata.
o p f o r
SAS Administrators
RM WM WMM CM A
9 9 9 9
R W C D
C o t
SAS System Services 9
N
37
3
7
The RM grant for SAS System Services preserves access for the SAS Trusted User.
Permission Pattern Tab and Authorization Tab

Do not confuse an ACTs Authorization tab with
its Permission Pattern tab.
c .
e In
t u t
s t i n .
3
8
38
I n t i o
S
A tri b u
Authorization tabs control who can modify the item in question. The Authorization tab on an ACT
controls who can modify the ACT, including the permission pattern.
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
6. Investigating the Repository ACT

a. Why is SASUSERS granted RM and WM in the repository ACT?
b. Why is SASUSERS granted CM in the repository ACT?
c .
c. Why is PUBLIC denied all permissions in the repository ACT?
e In
t u t
d. What changes, if any, would you make to the repository ACT?
7. Exploring the SAS Administrator Settings ACT
t i .
a. Verify that the SAS Administrator Settings ACT is applied to secure the predefined ACTs.
s n
Would you apply the SAS Administrator Settings ACT to any user-defined ACTs as well?
Why or why not?
I n t i o
S
A tri b u
b. To which roles is the SAS Administrator Settings ACT applied?
c. To which SAS server definitions is the SAS Administrator Settings ACT applied?
t S
Hint: Recall that some servers are defined to perform administration tasks.
s
i g h d i
d. Verify that the SAS Administrator Settings ACT is applied to the SAS Folders folder.
What additional explicit permissions are set on SAS Folders? Who can create and manage
y r r e
subfolders defined directly under SAS Folders?
o p
f o r You can only create folder items under SAS Folders because it is not a true folder.
The ability to add subfolders under SAS Folders is controlled by WM, not WMM.
C t
8. Applying the Private User Folder ACT
o
N a. Where is the Private User Folder ACT applied?
Hint: Recall that users who log on to applications that use the folder structure will have a personal
folder.
b. Who can create and manage folders under the Users folder?
9. (Optional) Analyzing the Portal ACT
a. What changes were made to the permission pattern of this predefined ACT? Why?
b. In the Plug-ins tab, navigate to Authorization Manager Ö Resource Management Ö
By Type Ö Tree. Verify that the Portal ACT is applied to the Portal Application Tree. What is the
parent of this object in the metadata?
Hint: Use the Advanced button on the Authorization tab to discover an object’s inheritance path.
c. Verify that the Portal ACT is applied to the Orion Star Users Permission Tree and
Eric Permission Tree.
10. Determining ACT Security

Use the Authorization tab on each ACT to determine how it is secured.
ACT Direct Permissions Indirect Permissions
Repository ACT
c .
e In
t u t
SAS Administrator
Settings ACT
s t i n .
I n t i o
S
A tri b u
t S s
i g h
Private User Folder
d i
ACT
y r r e
o p f o r
C o t
N
Portal ACT
9.4 Securing Content in the Folder Tree
Objectives
Explore permissions required for tasks involving the
following:
folders
libraries and tables

c .
OLAP cubes
stored processes
e In
information maps
t u t
reports
s t i n .
I n t i o
41 S
A tri b u
S
4
1
h t i s
r i g r e d
Permissions for Objects in the Folder Tree
You are going to explore permissions for selected items
p y o r
in the folder tree:
root folder schema
C o t f folder
information map
cube
cube component
N o report
stored process
library
table
channel column
dashboard
42
4
2
9.4 Securing Content in the Folder Tree 9-37
The Root Folder

The root folder is the first folder on the Folders tab.
Users need RM to this folder to access subfolders.
Most users do not need WM on this folder.
Unlike other folders, the root folder does not have

WMM in its permission list because the root folder
is not a true folder but a software object component.
c .
In
It can only contain other folders.
u t e
t i t .
43
I n s i o n
t
4
3
S u
Custom repositories appear as folders under the SAS Folders root.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Folders
Follow these guidelines for setting security on metadata
folders:
RM Provide users a clear path of RM grants to all
content they need to access.
WM Grant WM only to users who should be able to
delete, move, or rename that folder.
c .
In
WMM Grant WMM to users who need to add items
to a folder.
u t e
t i t .
44
I n s i o n
t
4
4
in that folder. S
A tri b u
Do not assume that every permission listed on a folder’s Authorization tab is relevant for every item
t S
If you deny RM on a folder, make sure that you do not prevent the SAS Trusted User from having that
s
permission on all cubes and schemas within that folder. It is a best practice to leave the broad grant of RM
i g h d i
for SAS System Services (which includes SAS Trusted User) in place.
r e
Folders: Permissions for Selected Tasks
y r
o p f o r
Task Repository
ACT
Parent Folder Folder Item
C o t
Add a folder
Delete a folder
RM, WM
RM
RM, WMM
RM, WMM
-
RM, WM
-
N
Rename a folder
Set folder permissions

RM
RM
RM
RM
RM, WM
RM, WM
-
Add an item to a folder RM, WM RM RM, WMM -
Delete an item from a folder RM RM RM, WMM RM, WM
Copy/export items RM RM RM RM
Paste/import items RM, WM RM RM, WMM -
If the parent folder is the root folder, you need RM and WM on the root folder in order to add or delete a
folder.
Libraries
To associate a library with an application server, you
need WM permission for the server.
For a library accessed via the metadata LIBNAME engine,
you need the Create permission on the library item in
order to add tables and the Delete permission in order
to delete tables.
c .
e In
t u t
s t i n .
4
5
45
I n t i o
S u
Libraries and Tables: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
ACT
Application
Server
Library Parent
Folder
Table Column
i g h
Register a table
d iRM, WM RM RM, WM RM,

WMM
- -
y r
Delete a table
r e RM RM RM, WM RM, RM, WM -
o p f
Set table
o r RM - RM
WMM
RM RM, WM -
C o t
permissions
RM, RMLE RM, RMLE
N
Access table data
Register a library
RM
RM, WM
RM
RM, WM -
RM
RM,
WMM
-
RM
If a column is associated with a user defined format, the table is not displayed if the formats are
not available to the SAS server. The sasv9.cfg file in the application server folder points to the
location of the formats catalog. By default, the formats are stored in a catalog named FORMATS
in SAS-configuration-directory/Levn/application-server/SASEnvironment/SASFormats.
RMLE indicates that the Read permission is required only if the data is accessed through the metadata
LIBNAME engine.
Tables
To associate a table with a library, you need WM for the
table and the library.
For a table accessed via the metadata LIBNAME engine,
you need Read in order to access data.
c .
e In
t u t
s t i n .
4
6
46
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
OLAP Cubes
To register cubes, you need WM permission for the
OLAP schema and WMM permission for the target folder.
Read permission is enforced for cubes.
c .
e In
t u t
s t i n .
4
7
47
I n t i o
S u
Cubes: Permissions for Selected Tasks
A tri b
Task
t S Repository
ACT
s
Application
Server
OLAP
Schema
Parent
Folder
Cube Source
Data Sets
cube
i g h
Register a RM, WM
d i RM RM, WM RM, WMM - RM, RMLE
y r
Delete a
r eRM RM RM, WM RM, WMM RM, WM -
o p cube
f
Rebuild a
o r RM RM RM RM RM, WM RM, RMLE
C cube
o t RM, RMLE
N
Refresh a
cube
Set cube
RM
RM
RM
-
RM
RM
RM
RM
RM, R
RM, WM -
permissions
Access RM RM RM RM RM, R -
cube data
Register a RM, WM RM, WM - RM, WMM - -

schema
Use the RM A - - - -
OLAP
Server
Monitor
LIBNAME engine.
Stored Processes
To register a stored process, you need WM permission
for the target application server and WMM permission
for the target folder.
To run a stored process, you need RM permission
on the stored process.
c .
e In
t u t
s t i n .
4
8
48
I n t i o
S u
Stored Processes: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
Parent
Folder
Application
Server
Stored
Process
Data
i g
process h
Register a stored
d i RM, WM RM, WMM RM, WM - -
y r r
Delete a stored e RM RM, WMM RM, WM RM, WM -
o p process
f o r
Set stored process RM RM RM RM, WM -
C t
permissions
o RM, RMLE,, ROLAP
N
Run a stored
process
RM RM RM RM
LIBNAME engine.
ROLAP indicates that the OLAP data can also be involved (the Read permission is always required
for OLAP data)
Information Maps
To access data through an information map, you need
R on that information map.
When accessing data through an information map,
you need R on the data if
data is accessed through the metadata LIBNAME
engine (RMLE)
the map is accessing OLAP data (ROLAP).
c .
e In
t u t
s t i n .
4
9
49
I n t i o
S u
Information Maps: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
Parent
Folder
Information
Map
Stored
Process
Data
i g h
Create and save a
new information
d i
RM, WM RM, WMM - RM RM, RMLE,, ROLAP
r
map
y r e
o p Delete an
o r
information map
f
RM RM, WMM RM, WM - -
C o t
Set information
map permissions
RM RM RM, WM - -
N
Edit or rename an
information map
RM RM RM, WM - -
Run queries in an RM RM RM, R RM RM, RMLE,, ROLAP

information map
LIBNAME engine.
for OLAP data).
Reports
Reports can either be static (pre-generated) or dynamic.
For a dynamic report, the underlying data is queried
every time the report is opened.
For a pre-generated or batch report, the data is
contained in the report and is not queried unless
the report is refreshed.
c .
e In
t u t
s t i n .
5
0
50
I n t i o
S u
Reports: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
Parent
Folder
Report Stored
Process
Information
Map
Data
i g h
Create and save
new report
d i
RM, WM RM,
WMM
- RM RM, R RM, RMLE,,
ROLAP
y r
Delete report
r e RM RM, RM, WM - - -
o p f o r
View or refresh RM
WMM
RM RM RM RM, R RM, RMLE,,
C report
o t ROLAP
N
View a batch
report
Edit or rename
RM
RM
RM
RM
RM
RM, WM
-
-
-
-
-
-
report
Set report RM RM RM, WM - - -

permissions
LIBNAME engine.
for OLAP data).
Reports
If a user cannot run a report, check the following:
Does the user have R permission for the underlying
information map?
Does the user have R permission for any underlying
OLAP cube?
Does the user have R permission for any underlying
relational data that is accessed via the metadata
c .
LIBNAME engine?
e
Does the SAS Trusted User have RM permissions In
for any underlying cube?
t u t
Does the account that retrieves the data have physical
t
access to the data?
s i n .
Is the underlying information map in a legitimate
5
1
51
folder?
I n t i o

S u
By default, SAS Web Report Studio can interact with information maps regardless of their
A tri b
location within the folder structure. The administrator can choose to establish a more controlled
t S
environment in which SAS Web Report Studio can interact with information maps only in
designated locations. See the wrs.map.accessibility.check property in the SAS® 9.2 Intelligence
s
i g h d i
Platform: Web Application Administration Guide.
y r r e
o p f o r
C o t
N
Exercises
11. Securing Folders

a. Connect to SAS Enterprise Guide as Ellen. Would Ellen be likely to have SAS Enterprise Guide
installed on her desktop?
c .
Ellen is a Report Content Creator for Sales.
e In
b. In the SAS Folders pane, select
t u t
. Make sure no folders are highlighted and select .
Is Ellen able to successfully create a folder? If not, show the details of the error and find the text
t i .
that follows <SASMessage severity="Error">.
s n
c. Expand the Orion Star folder. What subfolder does Ellen see?
I n t i o
d. Select the Orion Star folder. Can Ellen create a subfolder?
S
A tri b u
e. Select the subfolder under Orion Star and select . Can Ellen create a folder here?
t S
If the new folder was created, delete the folder.
s
i g h d i
f. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions on the
Permission Pattern tab of the repository ACT? On the Folders tab, what are Ellen’s permissions
y r r e
to SAS Folders, Orion Star, and Sales Department?
o p f o r
g. Given Ellen’s permissions and the following table, should Ellen be able to create a subfolder
under SAS Folders, Orion Star, and Sales Department?
C o tFolders: Permissions for Selected Tasks

Task Repository Parent Folder Item
N Add a folder
ACT
RM, WM
Folder
RM, WMM - -
Delete a folder RM RM, WMM RM, WM -
Rename a folder RM RM RM, WM -
Set folder permissions RM RM RM, WM -
Add an item to a folder RM, WM RM RM, WMM -
Delete an item from a folder RM RM RM, WMM RM, WM
Copy/export items RM RM RM RM
Paste/import items RM, WM RM RM, WMM -
If the parent folder is the root folder, you need RM and WM on the root folder in order to add
or delete a folder.
h. Modify the security settings on the Sales Department folder structure so that Ellen and the other
Report Content Creators can only add content to the following folders, but not modify the folders
themselves: Information Maps, Reports, and Stored Processes.
12. Securing Libraries and Tables
a. Log on to SAS Data Integration Studio as Ellen. Would Ellen be likely to have
SAS Data Integration Studio installed on her desktop?
b. Register a SAS BASE library with the following characteristics:
c .
Name: Sales Data
e In
t u t
Location: /Orion Star/Sales Department/Data
Selected Server: SASApp
Libref: sales
s t i n .
I n i o
t
S
A tri b u
Is Ellen successful? If not, where does she fail and what is the error message?
c. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions to the
t S
Orion Star/Sales Department/Data folder?
s
g h d i
d. Given Ellen’s permissions and the following table, should Ellen be able to register libraries
and tables in the Data folder?
i
y r r e
o p f o r
Task Repository
ACT
Application
Server
Library Parent
Folder
Table Column
C o t
Register a table RM, WM RM RM, WM RM,
WMM
- -
N Delete a table RM RM RM, WM RM,

WMM
RM, WM -
Set table RM - RM RM RM, WM -

permissions
Access table data RM RM RM, RMLE RM RM, RMLE RM
Register a library RM, WM RM, WM - RM, - -

WMM
If a column is associated with a user-defined format, the table is not displayed if the
formats are not available to the SAS server. The sasv9.cfg file in the application server
folder points to the location of the formats catalog. By default, the formats are stored
in a catalog named FORMATS in SAS-configuration-directory/Levn/application-
server/SASEnvironment/SASFormats.
e. If necessary, modify the security settings in the Data folder so that only the Administrators
and Data Integrators can register libraries and tables in that folder. All members of the Sales
Department should be able to open data in the Data folder.
f. Log on to SAS Data Integration Studio as a user who can register a library and tables.
Register the Sales Data library and all available tables.
g. Log on to SAS Data Integration Studio as Ellen and verify that she can view the data in the Sales
Data ORDER_FACT table.
13. Securing OLAP Cubes

c .
a. Log on to SAS OLAP Cube Studio as Ellen. Would Ellen be likely to have SAS OLAP Cube
Studio installed on her desktop?
e In
u t
b. Create a cube with the following characteristics:
t
Name: Sales_Cube
s t i
OLAP Schema: SASApp – OLAP Schema
n .
I n t i o
Location: /Orion Star/Sales/Department/Data
S u
Physical cube path: S:\workshop\SPAFT\cubes
A tri b

t S You need to create the Cubes folder in the operating system.
s
i gDimension
d i
Selected table: Sales Data Ö ORDER_FACT
h
y r r e
Name: Time
o p f o r Caption: Time Dimension
C o t Type: TIME
Sort order: Ascending Unformatted
N Level: Add supplied time hierarchies

Input column: Delivery_Date
Supplied Time Hierarchy: YQM
Measures: Total_Retail_Price (Minimum, Maximum, Sum, Average)
CostPrice_Per_Unit (Minimum, Maximum, Sum, Average)
Quantity (Minimum, Maximum, Sum, Average, Count)
Orion Star/Sales Department/Data folder?
d. Given Ellen’s permissions and the following table, should Ellen be able to create a cube
in the Data folder?
Task Repository Application OLAP Parent Cube Source

ACT Server Schema Folder Data Sets
Register a RM, WM RM RM, WM RM, WMM - RM, RMLE

cube
c .
In
Delete a RM RM RM, WM RM, WMM RM, WM -
cube
Rebuild a
cube
RM RM RM RM
u t e
RM, WM RM, RMLE
Refresh a
cube
RM
s
RM
n . RM
tit
RM RM, R RM, RMLE
Set cube
permissions I
RM
n t i o - RM RM RM, WM -
Access cube S
A tri RM
b u RM RM RM RM, R -
data
t
Register aS s
RM, WM RM, WM - RM, WMM - -
schema
i g h d i
y r
Use the
OLAP
r e RM A - - - -
o p Server
f
Monitor
o r
C t
e. Log on to SAS Enterprise Guide as Ellen and verify that she can view the data in
o
Sales Order_Cube.
N
14. Securing Stored Processes

a. Connect to SAS Enterprise Guide as Ellen.
b. Select File Ö New Ö Stored Process and create a stored process with the following
characteristics:
Name: Ellen Stored Process
Location: /Orion Star/Sales Department/Stored Processes
Replace with code from my computer: s:\workshop\sbip\osdm\ProdOrderAnalysis.sas

c .
Select Yes to turn off the appending macros.
e In
t u t
Save SAS code as: S:\Workshop\spaft
s i
t n .
I n t i o
Orion Star/Sales Department/Stored Processes folder?
d. Given Ellen’s permissions and the following table, should Ellen be able to register a stored
S u
process in the Stored Processes folder?
A tri b
t S
Task
s Repository Parent Application Stored Data
i g h d i Folder Server Process
y r process
r e
Register a stored RM, WM RM, WMM RM, WM - -
o p f o r
Delete a stored
process
RM RM, WMM RM, WM RM, WM -
C o tSet stored process RM RM RM RM, WM -
N permissions
Run a stored
process
RM RM RM RM RM, RMLE,, ROLAP
e. Will modifying the current permissions enable Ellen to successfully register a stored process?
f. Make the source code repository path available by using SAS Management Console. Return
to SAS Enterprise Guide as Ellen and register and test the stored process.
You might need to add the new path and you cannot add this path from SAS Enterprise
Guide. In SAS Enterprise Guide, you are limited to registering server paths underneath the
default navigation location, which is the user’s home directory.
Return to SAS Management Console. On the Folders tab, right-click on any folder and select
New Stored Process…. Provide a name for the stored process and click . Select the
SASApp – Logical Stored Process Server and click . In the Manage Source Code
Repositories window, click . Provide the desired path and, if you choose, a description.
Click twice. Click to end the stored process creation. The path is now
c .
In
available.
15. Securing Information Maps
u t e
a. Log on to SAS Information Map Studio as Ellen.
t i t .
b. Create an information map named Sales Map with all of the columns from the Sales Reporting
s n
Library ORDER_FACT table. Save the information map in Orion Star/Sales
n
Department/Information Maps as Ellen Map.
I i o
S u t
A tri b
c. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions to the Orion
Star/Sales Department/Information Maps folder?
S
h t i s
d. Given Ellen’s permissions and the following table, should Ellen be able to register an information
map in the Information Map folder?
r i g r e d
p y o r
Task Repository Parent
Folder
Information
Map
Stored
Process
Data
C o t f
Create and save a RM, WM RM, WMM - RM RM, RMLE,, ROLAP
N onew information
map
Delete an RM RM, WMM RM, WM - -

information map
Set information RM RM RM, WM - -

map permissions
Edit or rename an RM RM RM, WM - -

information map
Run queries in an RM RM RM, R RM RM, RMLE,, ROLAP

information map
e. Return to SAS Information Map Studio as Ellen and run a test query on the sales map.
Is Ellen successful? If not, modify the permissions to enable her to access the map.
16. Securing Reports

a. Log on to SAS Web Report Studio as Ellen.
b. Create a new report using the Report wizard. Use Sales Map as the data source and select Finish.
Can Ellen view the report? If not, what is the error message?
c. Save the report in /Orion Star/Sales Department/Reports as Sales Report. Is Ellen successful?
If not, where does she fail and what is the error message?
d. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions to the Orion
Star/Sales Department/Reports folder?
c .
e. Given Ellen’s permissions and the following table, should Ellen be able to save a report
e In
in the Reports folder?
t u t
Task
s t i
Repository
n .
Parent
Folder
Report Stored
Process
Information
Map
Data
I
Create and save n RM, WM
t i o RM, WMM - RM RM, R RM, RMLE,,
new report
S
A tri
Delete report
b RMu RM, WMM RM, WM - -
ROLAP
t S
View or refresh
s
RM RM RM RM RM, R RM, RMLE,,
i g h
report
d i ROLAP
y r report
r e
View a batch RM RM RM - - -
o p f o r
Edit or rename
report
RM RM RM, WM - - -
C o tSet report
permissions
RM RM RM, WM - - -
N A stored process is not a required component of a report.

f. If necessary, modify the permissions so that Ellen can save a report in the Orion Star/Sales
Department/Reports folder. Return to SAS Web Report Studio and create and save the report
as Ellen.
g. Log on to SAS Information Delivery Portal as Ellen and search for and view the sales report.
9.5 Securing Content outside the Folder Tree 9-53
9.5 Securing Content outside the Folder Tree
Objectives
Explore permissions required for tasks that involve the
following:
servers
users and groups

c .
access control templates
e In
t u t
s t i n .
I n t i o
54 S
A tri b u
S
5
4
h t i s
r i
Servers
g r e d
To monitor or operate servers other than the metadata
p y o r
server, you need the Administer permission on the server.
To associate a stored process, OLAP cube, or library with
C o t f
an application server, you need WM permission for that
application server.
N o
55
5
5
Hiding Servers
To limit the use of a particular server, deny the
RM permission to hide the server.
Make sure the SAS System Services group has
RM permission for server metadata. This enables
the object spawner, connecting as SAS Trusted User,
to discover server metadata.
Make sure the SAS General Servers group has
c .
RM permission for server metadata. This is required
for stored process servers and pooled workspace
e In
servers.
u t
Any user who uses a server needs RM permission
t
for that server.
s t i n .
5
6
56
I n t i o
for that server. S
A tri b u
Users who need to access a client-side pooled workspace server do not need RM permission
t S s
i g h
Identities
d i
y r r e
User administration capabilities enable you to create,
update, and delete users, groups, and roles.
o p f o r
An identity’s Authorization tab has no effect on what that
identity can do. The Authorization tab controls who can
C o t
modify the metadata identity.
N
57
5
7
9.5 Securing Content outside the Folder Tree 9-55
ACTs
To create an ACT you need repository-level WM
permission.
It is important to add protection to any ACT that you
create.
c .
e In
t u t
s t i n .
5
8
58
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
17. Securing Servers

a. Log on to SAS Management Console as Ellen.
Which servers can Ellen see?
Which servers can Ellen modify?
c .
Would Ellen be likely to have SAS Management Console installed on her desktop?
e
b. Connect to SAS Enterprise Guide as Ellen. View the Server List. In
Which servers can Ellen see?
t u t
s i
c. Log on to SAS Management Console as Ahmed.
t n .
What are Ellen’s permissions on the following servers:
SASMeta
I n t i o
SASMeta - Logical Metadata Server
S
A tri b u
SASMeta - Logical Workspace Server
SASMeta - Logical SAS DATA Step Batch Server
t
SASAppS s
i g h d i
SASApp - Logical Workspace Server
y r r e
SASApp - Logical Pooled Workspace Server
SASApp - Logical SAS DATA Step Batch Server
o p o r
SASApp - Logical Stored Process Server
f
C t
18. Securing Identities
oa. Log on to SAS Management Console as Ellen.
N Which users, groups, and roles can she see?

Which users, groups, and roles can she modify?
Can she create a new user, group, or role?
b. Log on to SAS Management Console as Ahmed. View the properties of any user, group, or role.
How are the effective permissions of the SAS Administrators group different than the effective
permissions of other users and groups that are listed?
What makes the effective permissions for the SAS Administrators group different?
9.6 Creating Additional ACTs 9-57
9.6 Creating Additional ACTs
Objectives
Create baseline ACTs.
Use baseline ACTs to secure folders.
c .
e In
t u t
s t i n .
I n t i o
61 S
A tri b u
S
6
1
h t i s
r i g r e d
General Use ACTs
Most of the metadata that needs to be secured is stored
p y o r
in folders and inherits permissions from folders. One
approach to securing folders is to create and apply some
C o t f
general-use ACTs.
The ACTs can be applied to folders in combination with:
N o explicit permissions granting access back to particular

groups
additional ACTs that grant access back to particular
groups
62
6
2
If you choose to create additional ACTs, be careful not to create conflict by granting and denying
permissions to multiple groups in a user’s identity hierarchy. For this reason, it can be easier to combine
the general use ACTs with explicit permissions.
General Use ACTs

It is useful to create several general use ACTs to prevent
some form of access for most users:
Hide prevents visibility for users who are
not in the SAS Administrators group.
Protect prevents updates, deletions, and
contributions by users who are not
c .
In
in the SAS Administrators group.
LimitData prevents access to data through the
t e
OLAP server, information maps, and
u
the metadata LIBNAME engine for
t i t
all restricted users.
.
63
I n s i o n
t
6
3
S
A tri
The Hide ACT b u
t S s
The Hide ACT gives SAS Administrators and service
i g h d i
identities exclusive read access to metadata.
y r PUBLIC
r e RM WM WMM CM A
8
R W C D
o p f o r
SAS Administrators
SAS System Services
9
9
C o t
N
64
6
4
The Protect ACT

The Protect ACT gives SAS Administrators exclusive
write access to metadata.
PUBLIC 8 8 8 8 8
SAS Administrators 9 9 9 9 9 9
c .
e In
t u t
s t i n .
6
5
65
I n t i o
S
A tri
The LimitData ACT b u
t S s
The LimitData ACT prevents all restricted users from
i g h d i
accessing data that requires the Read permission.
y r PUBLIC
r e RM WM WMM CM A R W C D
8
o p f o r
C o t
N
66
6
6
The Read permission is required when accessing data in an OLAP cube, through an information map,
or through the metadata LIBNAME engine.
It is not typical to use an ACT to limit a single permission for a single group, but applying an ACT
enables you to track where the permission has been denied. To remove the denial of the permission,
remove the ACT.
Creating Custom Folders

If you have multiple divisions/groups/organizations using
the metadata, you can create organizational folders.
For example, under the Orion Star folder, we have two
organizational folders:
Marketing Department
Sales Department
c .
e In
t u t
s t i n .
6
7
67
I n t i o
S u
You can further subdivide the organizational folder structure by creating subfolders as needed.
A tri b
t S s
Securing Organizational Folders
i g h d i
If you have a central group that creates all content,
y r e
you could secure the organizational folders as follows:
r
o p f o r
C o t
N
68
6
8
The ability to create, manage, and delete content is shut off at the top by the Protect ACT on Orion Star.
The constraint is inherited through the tree except where there are supplemental grants of WMM.
The Hide ACT on Marketing Department prevents Sales from seeing that folder structure.
If you further subdivided the department level folders, the supplemental grants at the department level
only need to grant RM to the appropriate groups:
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
If the Marketing Department includes managers that need to consume the content in all of the Marketing
C t
subfolders you can grant them RM on the Marketing Department folder and RM and R on each region
o
folder.
N
In this example, the Marketing Department folder is used to share content with the Marketing group.
Creating Additional Folders

Under the organizational folders, you can subdivide
content in a couple of ways:
by project
by function
c .
e In
t u t
s t i n .
6
9
69
I n t i o
S
A tri
Project Folders b u
t S s
If you choose to create project folders, you need
i g h
to decide
d i
who should be able to create and modify the project
y r r e
folders themselves
o p f o r
who should be able to create and modify content
within the folders.
C o t
N
70
7
0
The project folders would contain all the different objects that are used within a given project, including
libraries, tables, jobs, maps, stored processes, and reports.
Securing Project Folders

You can enable all members of the organizational group
to access the project folders and create and modify the
content within those folders.
c .
e In
t u t
s t i n .
7
1
71
I n t i o
S
A tri b u
This example relies on SAS Administrators to create and manage project folders.
An alternative would be to leave the maintenance of existing project folders to the administrators, but to
t S
enable members of the Marketing group to create new folders. This is done by granting Marketing WMM
s
at the Marketing folder level. To prevent members of the Marketing group from modify the existing
i g h
in the folders,
d i
project folders (for example, renaming them), but to enable them to create and modify the content
r r e
• apply the Protect ACT to the project folders to override the inherited WM from the explicit WMM
y
o p f o r
on the group folder
• supplement by granting Marketing WMM on each project folder.
C o t
N
Functional Folders
If your organization includes custom groups that represent
users who perform similar job functions, you can create
and secure subfolders as follows:
c .
e In
t u t
s t i n .
7
2
72
I n t i o
S
A tri b u
For Data Integrators, Map Creators, and Report Creators to have access to the Marketing
Department folder, you need to either make those groups members of the Marketing group
t S
or add explicit grants for them at the Marketing folder level.
s
g h d i
You can choose to add the Protect ACT to the functional subfolders, but the permissions inherited from
Orion Star should be sufficient and uninterrupted.
i
r r e
Nothing in these settings prevents the creation of a certain type of content. For example, a map creator
y
o o r
can create a report and add it to the map folder. Do not forget to do the following:
p
• Use roles to limit functionality like creating reports in SAS Web Report Studio.
f
C t
• Manage WM on the server to limit users’ ability to register libraries, stored processes, and
o
OLAP schemas.
N
• Use the map accessibility check configuration option, if needed, to limit the locations from which
SAS Web Report Studio use relational maps.
If the functional settings are repeated for other folders, for example, under the Sales folder, you can
choose to create ACTs for the functional group settings.
Additional Considerations
In general, it is not necessary to add protection
to predefined folders.
To hide a branch, apply the Hide ACT to a particular
folder and grant back RM to any groups who should
have access.
To enable a group to contribute to a particular folder,
grant that group WMM on the folder and consider
c .

adding the Protect ACT on immediate subfolders.
Grant R on folders that contain data to groups that
e In
ACT on subfolders.
t u t
need to access it and consider applying the LimitData
s t i n .
7
3
73
I n t i o
S
A tri b u
A user who can update an item can add settings to that item. In addition to SAS Management Console,
users can set permissions in other applications including SAS Information Map Studio,
t S
SAS Data Integration Studio, SAS OLAP Cube Studio, and SAS Enterprise Guide.
s
A user who can contribute items for a folder can also create subfolders.
g h d i
If you give someone CM on a folder, they can check content into the folder, as well as update
i
y r r e
or delete the folder through change management. Change management is only available through
o p f o r
C o t
Backing Up the Environment
Before you make a significant change, such as
N implementing changes to existing ACTs or creating

new ones, it is a good idea to back up the
metadata first.
74
7
4
ACTs (Review)
To create an ACT, you need repository-level
WM permission.
It is important to add protection to any ACT you create.
c .
e In
t u t
s t i n .
7
5
75
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
19. Securing ACTs

a. Log on to SAS Management Console as Ellen. Which ACTs can she see? Which ACTs can
she modify?
c .
In
b. Log on to SAS Management Console as Ahmed. How are the custom ACTs secured?
Modify security if necessary.
t
20. Creating and Securing Custom Folders
u e
i t
Hint: Before making major security changes to existing folder structures, back up the metadata.
t .
I s i o n
a. Do the existing Marketing and Sales folders use project or functional subfolders?
n
b. Create the Hide, Protect, and LimitData ACTs.
S
c. Secure the new ACTs.
u t
A tri b
d. Under Orion Star, create a subfolder named Finance with the following subfolders:
S
Data
h t
Information Maps
i s
r i g
Jobs
r e d
p y Reports
r
Stored Processes
o
C o f
e. Secure the Finance folder and subfolders as follows:
t
N oIn Orion Star, the Data Integrators group will register libraries, tables, and cubes in the Data
subfolder and create jobs in the Jobs subfolder.
The Report Content Creators group will create maps in the Information Maps subfolder, stored
processes in the Stored Processes subfolder, and reports in the Reports subfolder.
All of Finance should be able to use the information under Finance.
The Data Integrators and Report Content Creators groups are not part of the Finance group
so ensure that they have access to the Finance folder.
f. Verify that the effective permissions are set on the new folders for Sales, Marketing, Finance,
Data Integrators, Report Content Creators, Jacques, Gloria, Bruno, and Robert. Test the
permission settings.
Hint: Use the Advanced button on the Authorization tab to explore the effective permissions for
a user or group not listed on the particular Authorization tab.
g. (Optional) Examine the security settings on the Marketing folder structure. Apply or modify
security if required.
21. Adjusting Conflicting Permission Settings

a. Create a new metadata group named Group A. Assign Harvey as a member.
b. Create a new metadata group named Group B. Assign Harvey as a member.
c. Create an ACT named Allow Group A, which grants Group A RM.
d. On the Authorization tab of the Shared Data folder, apply the Allow Group A ACT and deny
Group B RM.
e. What is the effective permission for Harvey to the Shared Data folder?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N

1. Reporting about Existing Security
a. Use Windows Explorer to navigate to S:\Workshop\spaft. Create two subfolders named
Report and Security.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Copy secrpt.sas from C:\Program Files\SAS\SASFoundation\9.2\core\sample to
S:\Workshop\spaft\Report.
c. Open S:\Workshop\spaft\Report\secrpt.sas in TextPad.
1) Scroll to the bottom.
2) Locate the OPTIONS statement. Provide the correct value for METASERVER=,
METAUSER=, and METAPASS= system options.
options metaserver=localhost metaport=8561 metauser="Ahmed"
metapass="Student1";
3) Locate the FILENAME statement that assigns the rptdir fileref and provide
S:\Workshop\spaft\Report as the path value (in double quotation marks).
/* Assign a fileref to the report directory. */
filename rptdir "S:\Workshop\spaft\Report";
4) Locate the LIBNAME statement that assigns the permlib libref and provide
S:\Workshop\spaft\Security as the path value (in double quotation marks).
/* Assign the permlib library to location where the permission
information is located. */
libname permlib "S:\Workshop\spaft\Security";
5) Locate the FILENAME statement that assigns the report fileref and provide
S:\Workshop\spaft\Report\index.html.
filename report "S:\Workshop\spaft\Report\index.html";
6) Save the changes.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Create a new file using TextPad. Type the following code and save the file as Report.sas in
S:\Workshop\spaft\Report:
libname permlib "s:\workshop\spaft\Security";
%mdsecds(outdata=permlib.mdsecds);
%include “S:\Workshop\spaft\Report\secrpt.sas”;
The MDSECDS macro extracts security information from the metadata.
into folders under S:\Workshop\spaft\Security.
e. In Windows Explorer, right-click Report.sas and click Batch Submit with SAS 9.2. Review
Report.log for errors.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
f. Open S:\Workshop\spaft\Report\index.html.
s
i g h d i
y r r e
o p f o r
C o t
N
g. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.

Open mdsecds.sas using TextPad. In addition to the OUTDATA= parameter, what parameters can
you use with this macro?
Folder name of metadata folder where reporting should start.
IncludeSubFolders indicates whether the macro should extract information for the entire
subtree or just the specified folder. Valid values are YES and NO (specified
without quotation marks).
The default is YES.
c .
In
MemberTypes comma-separated list of the public object types for the folder members that
should be included in the data set. Specifying "*" will return all types.
memfilters
u e
The default is "*".
t
expression in the form of @attrname comp "value" used to filter the folder
t i t
"members" association. The default is no filter.
.
perms
I n s o n
comma-delimited list of permissions on which to report. This is an optional
parameter. The default is to report on only the permissions that apply
i
S t
to a specific object type. This is determined by information stored in the
metadata type dictionary.
u
S A tri
IdentityTypes
bcomma-delimited list of identity types to report on. The two types are
IdentityGroup and Person. The default is to report on all types.
h t i s
IdentityTypes and IdentityNames lists must be used in parallel to specify
identities for which authorizations are desired.
r i g r e d
IdentityNames comma-delimited list of identity names (for example, Fred Flintstone).
IdentityTypes and IdentityNames must be used as parallel comma-
p y o r delimited lists to specify specific identities for which authorizations are

desired.
C o t f
outdata base name of the data sets/views that will be created by a macro or those
that it calls. The default is work.mdsecds. Data sets that are created will
N o have an underscore and suffix appended to the base name.

Data sets that are created are listed below:
xxx_objs data set containing folder and member information
xxx_permsl (list) each perm grant/deny on separate row
xxx_permsw (wide) each permission treated as a column
xxx_pconds permission conditions; expressions that regulate

conditional grants
xxx_join view that joins the xxx_objs data set with permissions
in the xxx_permsw data set
2. Reporting about Existing Users and Groups

a. Create a new subfolder named User_group under S:\Workshop\spaft.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Create a new file using TextPad. Type the following code and save the file as User_extr.sas in
S:\Workshop\spaft\User_group:
libname ugroups "s:\workshop\spaft\User_group";
%mduextr(libref=ugroups);
The MDUEXTR macro is part of the user import macros and extracts information
including user and group membership.

c
.
In
into folders under S:\Workshop\spaft\User_group.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
c. In Windows Explorer, right-click User_extr.sas and click Batch Submit with SAS 9.2.
Review User_extr.log for errors.
d. Open and examine the tables created by the code.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
e. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.
i
y r e
Open mduextr.sas using TextPad. In addition to the LIBREF function, what parameters can you
r
use with this macro? There are no other parameters to be used for this code.
o p f o r
3. Creating and Applying an Access Control Template (ACT)
a. Use the Authorization Manager to create a new ACT.
C o t
1) Expand Authorization Manager. Right-click Access Control Templates and select
N New Access Control Template.

2) On the General tab, type the name Test Access Control Template.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click the Permission Pattern tab and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Move Barbara from the Available Identities pane to the Selected Identities pane.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Deny Barbara RM and WM. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Apply an ACT.
1) Before applying the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
a) On the Folders tab, right-click Orion Star and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) Select the Authorization tab.

The following identities appear on the Authorization tab: Application Developers,
Data Integrators, PUBLIC, SAS System Services, SAS Administrators, and SASUSERS.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Apply the ACT to the Orion Star metadata folder.
a) Click .
b) Move the Test Access Control Template from the Available pane to the Currently Using
pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) After you apply the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
The following identities appear on the Authorization tab: Application Developers, Data
Integrators, PUBLIC, SAS System Services, SAS Administrators, SASUSERS, and Barbara.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Can you remove Barbara from the Authorization tab?
a) With Barbara highlighted, click .
b) The error indicates that because the identity was added to the Authorization tab as part
of an ACT, it cannot be removed individually. You need to remove the ACT to remove the
identity. Click .
c .
e In
t u t
s t i n .
5) Remove the ACT from the Orion Star metadata folder.
a) Click I n t i o .
S
A tri b u
b) Move Test Access Control Template from the Currently Using pane to the Available
t S
pane. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
c) Barbara is no longer listed on the Authorization tab. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4. Identifying Permissions
Use SAS Management Console to identify which permissions appear on the permission lists for the
following types of items:
RM WM WMM CM A R C W D
Folder X X X X X X X X X
Library
Table
X
X
X
X
X
X
X
X
X
X
X X
X
c .X
Cube X X
e
X
In
Information
map
X X
t u t X
(relational)
SAS X
s t iX
n .
Report
I n t i o
Workspace
Server S
A tri
X
b
X
u X
User
t S X
s
X
i g h
User Group
d i
X X
y r
Role
r e X X
o p
ACT
f o r X X
C o t
N
5. Assigning WriteMetadata and WriteMemberMetadata Permissions

b. On the Folders tab, right-click Data Mart Development and select New Folder. Create a new
folder named Parent.
1) On the Folders tab, right-click Data Mart Development and select New Folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type the name Parent and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Right-click on the Parent folder, select Properties, and then click the Authorization tab. Select
PUBLIC and add an explicit grant of WM. How does this affect WMM for PUBLIC?
It changes WMM to Grant with an indirect background color.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Select the grant WM box for PUBLIC again to clear the explicit setting. How does this affect
WMM for PUBLIC?
It changes both WM and WMM back to indirect Deny.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Add an explicit grant of WMM for PUBLIC. How does this affect WM for PUBLIC?
No change for WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
f. Remove the explicit WMM grant for PUBLIC. How does this affect WM for PUBLIC?
No change for WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
g. Add Gloria to the permissions list for the Parent folder with an explicit denial of WM and
an explicit grant of WMM.
1) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Select Gloria from the list in the left pane. Select to move Gloria to the right pane.
Click to add Gloria to the folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Select Deny for WriteMetadata and Grant for WriteMemberMetadata. Click to

save the changes.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
h. Right-click on the Parent folder and select New Folder. Create a new folder named Child.
Click to create the folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
i. On the Authorization tab of the Child folder, select Gloria.

What are the settings for WM and WMM?
Both WM and WMM are granted indirectly.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
j. Right-click My Folder.
Are the following actions available or dimmed: New Folder, New Stored Process, Rename, and
Delete?
New Folder and New Stored Process are available.
Rename and Delete are dimmed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
k. Right-click Parent.
Are the following actions available or dimmed: New Folder,
y r r e
o p f o r
All are available choices.
C o t
N
l. Delete the Parent folder.

1) Right-click on the Parent folder and select Delete from the drop-down menu.
c .
e In
t u t
s t i n .
I n t i o
2) Click
S
A tri b u
to confirm the delete request.
t S s
i g h d i
y r r e
o p f o r
C t
6. Investigating the Repository ACT
o
a. Why is SASUSERS granted RM and WM in the repository ACT?
N After they are given an identity in SAS Management Console as a registered user, users
would be able to access SAS information based on permissions set for them by the platform
administrator. It also enables them to create metadata objects, which most users will do,
even if it is only in the private folders.
b. Why is SASUSERS granted CM in the repository ACT?
For use with SAS Data Integration Studio and project repositories
c. Why is PUBLIC denied all permissions in the repository ACT?
In this way, you are unable to access SAS information unless you become a registered user
in SAS Management Console.
d. What changes, if any, would you make to the repository ACT?
None
7. Exploring the SAS Administrator Settings ACT

a. Verify that the SAS Administrator Settings ACT is applied to secure the predefined ACTs. Would
you apply the SAS Administrator Settings ACT to any user defined ACTs as well? Why or why
not?
Yes, so that you can secure who can make changes to user defined ACTs
b. To which roles is the SAS Administrator Settings ACT applied?
Metadata Server: Unrestricted, Metadata Server: User Administration,
Metadata Server: Operation
c .
In
c. To which SAS server definitions is the SAS Administrator Settings ACT applied?
SASMeta - Logical Workspace Server, SASMeta - Logical SAS DATA Step Batch Server
t e
Hint: Recall that some servers are defined to perform administration tasks.
u
t t
d. Verify that the SAS Administrator Settings ACT is applied to the SAS Folders folder. What
i .
additional explicit permissions have been set on SAS Folders?
I s i o n
Data Integrators grant RM and CM; PUBLIC denies WM and CM
n
Who can create and manage subfolders defined directly under SAS Folders?
SAS Administrators
S u t

A tri b
You can only create folders items under SAS Folders because it is not a true folder.
S
The ability to add subfolders under SAS Folders is controlled by WM, not WMM.
t s
8. Applying the Private User Folder ACT
h i
r g e d
a. Where is the Private User Folder ACT applied?
i
The user’s My Folder folder
r
p y o
folder.
r
Hint: Recall that users who log onto applications that use the folder structure will have a personal
C o t f
b. Who can create and manage folders under the Users folder?
N o
SAS Administrators
9. (Optional) Analyzing the Portal ACT
a. What changes were made to the permission pattern of this predefined ACT? Why?
The Application Developers Group is added to the ACT so that the members can act
as portal administrators.
b. In the Plug-ins tab, navigate to Authorization Manager Ö Resource Management Ö
By Type Ö Tree. Verify that the Portal ACT is applied to the Portal Application Tree.
1) Expand Authorization Manager Ö Resource Management Ö By Type Ö Tree.
2) Right-click Portal Application Tree and select Properties.
3) Click the Authorization tab and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) In the Currently Using pane, expand Foundation. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h
5) Click
i g d i .
y r r e
6) The Inheritance tab indicates that the parent object is the SAS Folders folder.
o p f o r
Click twice.
C o t
N
c. Verify that the Portal ACT has been applied to the Orion Star Users Permission Tree and
Eric Permission Tree.
1) Expand Authorization Manager Ö Resource Management Ö By Type Ö Tree.
2) Right-click Orion Star Users Permissions Tree and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) In the Currently Using pane, expand Foundation. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
5) Right-click Eric Permissions Tree and select Properties.
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) In the Currently Using pane, expand Foundation. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10. Determining ACT Security

Use the Authorization tab on each ACT to determine how it is secured.
ACT Direct Permissions Indirect Permissions
Repository ACT SAS Administrator PUBLIC deny WM PUBLIC deny RM

Settings SAS System Services
deny WM
SASUSERS grant RM
c .
In
and deny WM
Data Integrators grant
u t e RM and deny WM
SAS System Services
SAS Administrator
Settings ACT
t
SAS Administrator
i
Settings
t .
PUBLIC deny WM
deny WM
I n s i o n PUBLIC deny RM
SASUSERS grant RM
S u t and deny WM
S A tri b RM and deny WM

SAS System Services
ACT
h t
Private User Folder
i s
SAS Administrator
Settings
PUBLIC deny WM
deny WM
r i g r e d PUBLIC deny RM
SASUSERS grant RM
p y o r
and deny WM
C o t f RM and deny WM
N o
Portal ACT SAS Administrator
Settings
PUBLIC deny WM
SAS Trusted User grant
RM and WM
SAS System Services
deny WM
PUBLIC deny RM
SASUSERS grant RM
and deny WM
RM and deny WM
11. Securing Folders

a. Connect to SAS Enterprise Guide as Ellen. Would Ellen be likely to have SAS Enterprise Guide
installed on her desktop? Yes
b. In the SAS Folders pane, click . Make sure no folders are highlighted and click .
Is Ellen able to successfully create a folder? If not, show the details of the error and find the text
that follows <SASMessage severity="Error">. No, Ellen cannot create a folder. The
error is “The user does not have permission to perform this action.”
c. Expand the Orion Star folder. What subfolder does Ellen see?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
d. Select the Orion Star folder. Can Ellen create a subfolder?
t S
No, the new folder icon is not available.
s
i g h d i
e. Select the subfolder under Orion Star and select . Can Ellen create a folder here? Yes
y r r e
If the new folder was created, delete the folder.
o p f o r
C o t
N
f. Log on to SAS Management Console as Ahmed.

What are Ellen’s permissions on the Permission Pattern tab of the repository ACT?
Ellen does not appear on the Permissions tab, but she indirectly receives a grant for RM,
WM, and CM from SASUSERS.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
On the Folders tab, what are Ellen’s permissions to SAS Folders, Orion Star, and the Sales
Department?
1) Right-click SAS Folders and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
3) Click the Explore Authorizations tab. Select the Search Name radio button. Select Contains
A tri b u
in the Name or Display name field and type Ellen. Select .
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) View the results for Ellen and notice that she has RM permission for the SAS Folders.
Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) On the Folders tab, right-click Orion Star and select Properties.
7) Click the Explore Authorizations tab. Select the Search Name radio button. Select Contains
in the Name or Display name field and type Ellen. Select .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Ellen has RM. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Expand Orion Star, right-click Sales Department, and select Properties.
11) Click the Explore Authorizations tab. Select the Search Name radio button. Select
Contains in the Name or Display name field and type Ellen. Select .
12) Folder Ellen has RM, WM, WMM, and R. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
g. Given Ellen’s permissions and the following table, should Ellen be able to create a subfolder
under SAS Folders? No
Orion Star? No
Sales Department? Yes
Folders: Permissions for Selected Tasks
Task Repository Parent Folder Item

ACT Folder
Add a folder RM, WM RM, WMM - -

c .
Delete a folder RM RM, WMM RM, WM
e In-
Rename a folder
Set folder permissions

t
RM
RM
RM
RM
RM, WM
RM, WM
u t -
s
Add an item to a folder
t i n .
RM, WM RM RM, WMM -
I n
Delete an item from a folder
t i o RM RM RM, WMM RM, WM
S
Copy/export items
A tri
Paste/import items
b u RM
RM, WM
RM
RM
RM
RM, WMM
RM
t S s
If the parent folder is the root folder, you need RM and WM on the root folder in order to add
i g h d i
or delete a folder.
y r r e
o p f o r
C o t
N
h. Modify the security settings on the Sales Department folder structure so that Ellen and the other
Report Content Creators can only add content to the following folders, but not modify the folders
themselves: Information Maps, Reports, and Stored Processes.
1) In the Sales Department folder, add the Report Content Creators group and verify that they
are only granted RM.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) In the folders for Information Maps, Reports, and Stored Processes, go to the Authorization
tab. Verify that the RM is indirectly granted and explicitly deny WM and explicitly grant
WMM for the Report Content Creators group.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12. Securing Libraries and Tables

a. Log on to SAS Data Integration Studio as Ellen. Would Ellen be likely to have
SAS Data Integration Studio installed on her desktop? No
b. Register a SAS BASE library with the following characteristics:
Name: Sales Data
Location: /Orion Star/Sales Department/Data

c .
Selected Server: SASApp
e In
Libref: sales
t u t
s i
t n .
I n
1) Select New Ö Library….
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Select SAS BASE Library and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Type the name Sales Data.
4) Click to set the location. Navigate to Orion Star Ö Sales Department Ö

Data. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Move SASApp to the Selected servers pane and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
7) Type sales as the libref.
C o t
8) Click to specify the path.
N
9) Click to create the new path. Navigate to S:\Workshop\Orion Star. Select the
orgold subfolder and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
10) Click
d i .
y r r e
o p f o r
C o t
N
The new path is available and selected.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11) Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The library registration now appears in the Data folder. Ellen is successful.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N

What are Ellen’s permissions to the Orion Star/Sales Department/Data folder?
Ellen has indirect grant for RM, WM, WMM, and R. She has an indirect deny for the other
permissions.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Given Ellen’s permissions and the following table, should Ellen be able to register libraries and
tables in the Data folder?
Yes
Task Repository Application Library Parent Table Column

ACT Server Folder
Register a table RM, WM RM RM, WM RM,

WMM
-
c . -
Delete a table RM
e
RM RM, WM RM,
WMM
RM, WM
In -
Set table RM
t u t - RM RM RM, WM -
permissions
Access table data

s t
RMi n .
RM RM, RMLE RM RM, RMLE RM
Register a library
I nRM, WM
t i oRM, WM - RM,
WMM
- -
S
A tri b u
If a column is associated with a user-defined format, the table is not displayed if the
t S
formats are not available to the SAS server. The sasv9.cfg file in the application server
folder points to the location of the formats catalog. By default, the formats are stored
s
i g h d i
in a catalog named FORMATS in SAS-configuration-directory/Levn/application-
server/SASEnvironment/SASFormats.
r r e
e. If necessary, modify the security settings in the Data folder so that only the Administrators
y
o p f o r
and Data Integrators can register libraries and tables in that folder. All members of the Sales
Department should be able to open data in the Data folder.
C o t
Data Integrators already have indirect grants of RM, WM, WMM, CM, and R, which
is sufficient. SAS Administrators already have indirect grants of RM, WM, WMM, CM,
R, and A, which is sufficient.
N In the Data folder, deny Sales WM and grant Report Content Creators R.
f. Log on to SAS Data Integration Studio as a user who can register a library and tables. Register
the Sales Data library and all available tables.
1) Right-click on the Sales Data library and select Register Tables….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
While the user, Bruno, has the permissions required to perform this action, you cannot register
duplicate tables in the same folder.
o p f o r
C o t
N
g. Log on to SAS Data Integration Studio as Ellen and verify that she can view the data in the
Sales Data ORDER_FACT table.
1) Right-click on the Sales Data ORDER_FACT table and select Open.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. Securing OLAP cubes
a. Log on to SAS OLAP Cube Studio as Ellen. Would Ellen be likely to have
SAS OLAP Cube Studio installed on her desktop? No
b. Create a cube with the following characteristics:
Name: Sales_Cube
OLAP schema: SASApp – OLAP Schema

Location: /Orion Star/Sales/Department/Data
Physical cube path: S:\workshop\spaft\cubes
You need to create the cubes folder in the operating system.
Selected table: Sales Data Ö ORDER_FACT

Dimension
Name: Time
Caption: Time Dimension
Type: TIME
Sort order: Ascending Unformatted
Level: Add supplied time hierarchies
c .
In
Input column: Delivery_Date
u t e
Supplied Time Hierarchy: YQM
Measures: Total_Retail_Price (Minimum, Maximum, Sum, Average)
t i t .
CostPrice_Per_Unit (Minimum, Maximum, Sum, Average)
I n s i o n
Quantity (Minimum, Maximum, Sum, Average, Count)
S u t
1) Select New Ö Cube… to start building the new cube.
S A tri b
2) Type Sales_Cube in the Name field.
h
3) Select
t i sfor the location. From the drop-down menu, select SAS Folders.
r i g r e d
Navigate to Orion Star Ö Sales Department. Select the Data folder and click .
p y o r
C o t f
N o
4) Click for the Physical Cube path. Navigate to S:\Workshop\spaft.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
5) Click the New Folder icon (
s
). Type Cubes as the folder name. Press ENTER and then
i g h d i
select the Cubes folder. Click .
y r r e
o p f o r
C o t
N
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
Because you secured the Data folder in Exercise 12.e, this step results in an error:
C o t
N

What are Ellen’s permissions to the Orion Star/Sales Department/Data folder?
Ellen has indirect grant for RM and R. She has an indirect deny for the other permissions.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Given Ellen’s permissions and the following table, should Ellen be able to create a cube in the
Data folder?
No
Task Repository Application OLAP Parent Cube Source

ACT Server Schema Folder Data Sets
Register a
cube
RM, WM RM RM, WM RM, WMM -
c .
RM, RMLE
Delete a
cube
RM RM
e
RM, WM RM, WMM RM, WM
In -
Rebuild a RM
t u tRM RM RM RM, WM RM, RMLE

cube
Refresh a RM
s t i RM
n . RM RM RM, R RM, RMLE
cube
Set cube I
RM n t i
- o RM RM RM, WM -
permissions
S
A tri b u
data
t S
Access cube RM
s
RM RM RM RM, R -
i g
schemah
Register a
d i
RM, WM RM, WM RM, WMM - -
y r
Use the
r e RM A - - - -
o p OLAP
Server
f o r
C o t
Monitor
e. Log on to SAS Enterprise Guide as Ellen and verify that she can view the data in the
NSales Order_Cube.
1) Open SAS Enterprise Guide. Verify that you are connected as Ellen. If not, click on the
connection and modify the profile.
2) Select File Ö Open Ö OLAP Cube….
3) Select Folders and navigate to Orion Star\Sales Department\Data. Select
Sales Order_Cube and click .
Ellen is able to view the cube.

14. Securing Stored Processes

a. Connect to SAS Enterprise Guide as Ellen.
b. Select File Ö New Ö Stored Process and create a stored process with the following
characteristics:
Name: Ellen Stored Process
Location: /Orion Star/Sales Department/Stored Processes

Replace with code Ö From My Computer…: S:\Workshop\sbip\osdm\ProdOrderAnalysis.sas
c .
Select Yes to turn off the appending macros.
e In
t u t
Save SAS Code As: S:\Workshop\spaft
s i
You might need to add the new path.
t n
1) Select File Ö New Ö Stored Process.
.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type the name Ellen Stored Process. Click and navigate to

Orion Star\Sales Department\Stored Processes. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click and select From My Computer….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Navigate to S:\Workshop\sbip\osdm. Select ProdOrderAnalysis and click .

Click Ö to continue.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Click in the Save SAS Code As pane in the Execution Options dialog box.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) S:\Workshop\spaft is not in the Source file path drop-down menu. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Ellen is unable to select or create the correct path. Click three times.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
Is Ellen successful? No
o
If not, where does she fail and what is the error message?
N
Unable to register S:\Workshop\spaft as the source code repository.

What are Ellen’s permissions to the Orion Star/Sales Department/Stored Processes folder?
Ellen has indirect grants of RM, WMM, and R.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Given Ellen’s permissions and the following table, should Ellen be able to register a stored
process in the Stored Processes folder?
Yes
Task Repository Parent Application Stored Data

Folder Server Process
Register a stored
process
RM, WM RM, WMM RM, WM -
c . -
Delete a stored
process
RM
e
RM, WMM RM, WM RM, WM
In -
Set stored process RM
t u t RM RM RM, WM -
permissions
Run a stored
s t
RMi n .
RM RM RM RM, RMLE,, ROLAP
process
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Will modifying the current permissions enable Ellen to successfully register a stored process?
No
f. Make the source code repository path available by using SAS Management Console. Return to
SAS Enterprise Guide as Ellen and register and test the stored process.
1) In SAS Management Console, navigate to the Orion Star\Sales Department\Stored
Processes folder for the Sales Department. Right-click on the folder and select
New Stored Process….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type any name and click to continue.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Select SASApp – Logical Stored Process Server from the drop-down list.
4) Click for the source code repository.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t
5) ClickS s
to add the new path.
i g h d i
y r r e
o p f o r
C o t
N
6) Type the path S:\Workshop\spaft and click .
c .
e In
t u t
7) Click Ö
s t i .
n .
this exercise.
I n t i o
8) In SAS Enterprise Guide, create the stored process using the steps that you used in part b of
S
A tri b u
9) Select S:\Workshop\spaft from the Source file path drop-down menu and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
10) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11) Click in the Prompts dialog box.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12) Verify that Run stored process when finished is not selected and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
15. Securing Information Maps
o
a. Log on to SAS Information Map Studio as Ellen.
N
b. Create an information map named Sales Map with all the columns from the
Sales Reporting Library ORDER_FACT table. Save the information map in Orion Star/Sales
Department/Information Maps as Ellen Map.
1) In the Resources pane, select the Server Tree tab ( ).
2) Expand Sales Reporting Library and double-click on the ORDER_FACT table.

3) In the Selected Resources pane, expand Sales Reporting Library and move the
ORDER_FACT table to the Information Map Contents pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
4) Select
d i
. From the menu, select SAS Folders. Navigate to Orion Star Ö
Sales Department Ö Information Maps. Type Ellen Map as the name. Click .
y r r e
o p f o r
C o t
N
Is Ellen successful? Yes


What are Ellen’s permissions to the Orion Star/Sales Department/Information Maps folder?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Given Ellen’s permissions and the following table, should Ellen be able to register an information
map in the Information Map folder?
Yes
Task Repository Parent Information Stored Data

Folder Map Process
Create and save a

new information
RM, WM RM, WMM - RM
c .
RM, RMLE,, ROLAP
In
map
Delete an
information map
RM
u t eRM, WMM RM, WM - -
Set information
map permissions
RM
t i t RM
.
RM, WM - -
Edit or rename an
I n s RM
i o n RM RM, WM - -
information map
S
Run queries in an RM
u t RM RM, R RM RM, RMLE,, ROLAP
A tri
information map
S b
h t i s
r i g r e d
p y o r
C o t f
N o
e. Return to SAS Information Map Studio as Ellen and run a test query on the sales map.
Is Ellen successful?
Yes
1) Select to run a test on the map.
2) Select to send everything in the Available items list to the Selected items list.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
4) Click .
N
16. Securing Reports

a. Log on to SAS Web Report Studio as Ellen.
1) Open a Web browser and select Favorites Ö SAS Web Report Studio.
c .
e In
t u t
s t i n .
I n t i o
S
2) Type Ellen as the value of the User name field and Student1 as the value
for the Password field.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Create a new report using the report wizard. Use Sales Map as the data source and select Finish.
Can Ellen view the report? If not, what is the error message?
1) Select New Report Using Wizard.
2) Click . Expand Orion Star Ö Sales Department Ö

Information Maps. Select Ellen Map and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Highlight ORDER_FACT and click to move the items to the Selected data items list.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Select to see the report.

Ellen can see the report.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Save the report in /Orion Star/Sales Department/Reports as Sales Report.

Is Ellen successful?
Yes
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1) Select the file from below SAS Web Report Studio.

2) Select the Orion Star Ö Sales Department Ö Reports folders. Type Sales Report
as the name. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
d. Log on to SAS Management Console as Ahmed.
N What are Ellen’s permissions to the Orion Star/Sales Department/Reports folder?

e. Given Ellen’s permissions and the following table, should Ellen be able to save a report in the
Reports folder?
Yes
Task Repository Parent Report Stored Information Data

Folder Process Map
Create and save

new report
RM, WM RM,
WMM
- RM RM, R
c
ROLAP.
RM, RMLE,,
Delete report RM
e
RM,
WMM
RM, WM - -
In -
View or refresh RM
t u t RM RM RM RM, R RM, RMLE,,

report
View a batch
s t
RM i n
RM
. RM - -
ROLAP
-
report
Edit or rename I n RM
t i o RM RM, WM - - -
report
S
A tri b u
Set report
t S
permissions
s
RM RM RM, WM - - -
i g h d i
A stored process is not a required component of a report.
y r r e
f. If necessary, modify the permissions so that Ellen can save a report in the
Orion Star/Sales Department/Reports folder. Return to SAS Web Report Studio and
o p f o r
create and save the report as Ellen. No changes need to be made.
g. Log on to the SAS Information Delivery Portal as Ellen and search for and view the sales report.
C o t
1) Open a Web browser and select Favorites Ö SAS Information Delivery Portal.
N
2) Type Ellen as the value in the User ID field and Student1 as the value for the
Password field. Click Search.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) In the Keywords section, type Sales. Select SAS report in the Content Types area and
click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
4) Click on the sales report that matches the location criteria to view the report.
C o t
N
Ellen is able to view the report.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
5) Select Log Off Ellen and close the Web browser window.
y r r e
o p f o r
C o t
N
17. Securing Servers

a. Log on to SAS Management Console as Ellen. Which servers can Ellen see? None
Which servers can Ellen modify? None
Would Ellen be likely to have SAS Management Console installed on her desktop? No
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
b. Connect to SAS Enterprise Guide as Ellen. View the Server List. Which servers can Ellen see?
C o t
Local, SASAPP, and OLAP Servers
In SAS Enterprise Guide, select from the left panel, or select View Ö Server List.
N

What are Ellen’s permissions on the following servers?
SASMeta - indirect grant of RM and WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASMeta - Logical Metadata Server – indirect grant of RM and WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASMeta - Logical Workspace Server – All permissions indirectly denied
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASMeta - Logical SAS DATA Step Batch Server – indirect grant of CM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASApp - indirect grant of RM and WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASApp - Logical Workspace Server – indirect grant of RM and WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASApp - Logical Pooled Workspace Server – indirect grant of RM and WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASApp - Logical SAS DATA Step Batch Server – indirect grant of RM, WM, and CM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
SASApp - Logical Stored Process Server – indirect grant of RM and WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
18. Securing Identities

a. Log on to SAS Management Console as Ellen. Which users, groups, and roles can she see?
Ellen can see all users, groups, and roles.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Which users, groups, and roles can she modify?

Ellen cannot modify any users, groups, or roles.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Can she create a new user? No

Group? No
Role? No
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Log on to SAS Management Console as Ahmed. View the properties of any user, group, or role.
How are the effective permissions of the SAS Administrators group different than the effective
permissions of other users/groups listed?
Other groups get indirect settings from the repository ACT, which includes an indirect
grant of RM for SASUSERS.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
What makes the effective permissions for the SAS Administrators group different?
SAS Administrators have user administration capabilities because the group is a member
of the Metadata Server: User Administration role.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
In addition, the SAS Administrator Settings ACT is applied by default to some groups,
for example, SAS Administrators.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
19. Securing ACTs
s
g h d i
a. Log on to SAS Management Console as Ellen.
Which ACTs can she see?
i
y r r e
Ellen can see all ACTs.
o p f o r
C o t
N
Which ACTs can she modify?

Except for the Test Access Control Template, Ellen cannot modify any of the ACTs.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Log on to SAS Management Console as Ahmed. How are the custom ACTs secured?
The SAS Administrator Settings ACT is applied to the predefined ACTs in conjunction with
explicit deny WM for PUBLIC. Modify security if necessary. No modifications are needed
except to possibly delete or secure the Test Access Control Template.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
20. Creating and Securing Custom Folders
s
i g h d i
Hint: Before making major security changes to existing folder structures, back up the metadata.
y r e
a. Do the existing Marketing and Sales folders use project or functional subfolders?
r
Functional subfolders
o p f o r
b. Create the Hide, Protect, and LimitData ACTs.
1) Right-click Access Control Templates and select New Access Control Template.
C o t
N
2) Type the ACT name on the General tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click the Permission Pattern tab and select the permissions as described in Section 9.6 or
step 5 of these solutions.
4) Click . Clear the Show Users check box to only list groups.
5) Use the CTRL key to select the desired groups. Select to move them to the Selected
Identities pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Select the required grant and deny settings for permissions for each group.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
8) Click to create the ACT.
N
9) Follow the same steps to create the Protect and LimitData ACTs.
Hide ACT RM WM WMM CM A R W C D
PUBLIC 8
SAS 9
Administrators
SAS System
Services
9
c .
Protect ACT RM WM
e
WMM CM A R W C In D
PUBLIC 8
t u t
SAS
Administrators
9
s t i n .
LimitData RMI n WM
t i o
WMM CM A R W C D
ACT
S
A tri b u
PUBLIC
t S s
8
g d i
c. Secure the new ACTs.
h
1) Right-click on the newly created ACT and select Properties.
i
y r r e
o p f o r
C o t
N
3) Expand Foundation in the Available pane.
4) Select the SAS Administrator Settings ACT and select to move this to the Currently
Using pane to secure the ACT.
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Select PUBLIC and explicitly deny WM. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Under Orion Star, create a subfolder named Finance with the following subfolders:
Data, Information Maps, Jobs, Reports, Stored Processes
1) On the Folders tab in SAS Management Console, right-click on the Orion Star folder and
select New Folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type Finance as the folder name and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) Right-click on the new Finance folder and select New Folder. Create the following
o p f o r
subfolders: Data, Information Maps, Jobs, Reports, and Stored Processes.
C o t
N
e. Secure the Finance folder and subfolders as follows:

In Orion Star, the Data Integrators group will register libraries, tables, and cubes in the Data
subfolder and create jobs in the Jobs subfolder.
Indirect permissions from the Orion Star folder
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The Report Content Creators group will create maps in the Information Maps subfolder, stored
processes in the Stored Processes subfolder, and reports in the Reports subfolder.
1) Right-click on the Reports folder in the Finance folder and select Properties.
Click .
2) Select the Report Content Creators group and click to move to the Selected Identities
pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Grant RM and WMM and deny WM. Click . Grant the same permissions for the
Information Maps and Stored Processes folders.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
All of Finance should be able to consume the information under Finance.
1) Right-click on the Finance folder and select Properties. Click .
2) Select the Finance group and click to move to the Selected Identities pane.
Click .
3) Grant RM and R.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) To keep Sales and Marketing and any other unauthorized individuals from accessing the
Finance folder, deny SASUSERS all permissions and grant back RM and other permissions
as required for the groups that will need access: Application Developers, Data Integrators,
Report Content Creators, SAS System Services, and SAS Administrators.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click .
f. Verify the effective permissions on the new folders for Sales, Marketing, Finance, Data
Integrators, Report Content Creators, Jacques, Gloria, Bruno, and Robert. Test the permission
settings.
Hint: Use the Advanced button on the Authorization tab to explore the effective permissions
for a user or group not listed on the particular Authorization tab.
g. (Optional) Examine the security settings on the Marketing folder structure. Apply or modify
security if required.
No change is needed. Finance is indirectly denied access from the SASUSERS settings.
c .
21. Adjusting Conflicting Permission Settings
e In
t u t
a. Create a new metadata group named Group A. Assign Harvey as a member.
1) Right-click User Manager and select New Ö Group.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Type Group A as the name.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click the Members tab. Select Harvey and to move to the Current Members pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N4) Click .
b. Create a new metadata group named Group B. Assign Harvey as a member.

1) Right-click User Manager and select New Ö Group.
2) Type Group B as the name.
3) Click the Members tab. Select Harvey and to move to the Current Members pane.
4) Click .
c. Create an ACT named Allow Group A, which grants Group A RM.

1) Expand Authorization Manager.
2) Right-click Access Control Templates and select New Access Control Template.
3) Type Allow Group A for the name.
4) On the Permission Pattern tab, add Group A and grant RM.
5) Click .
c .
Group B RM.
e In
d. On the Authorization tab of the Shared Data folder, apply the Allow Group A ACT and deny
t u t
1) Right-click on the Shared Data folder and select Properties. Click the Authorization tab.
2) Click
s t i .
n .
I n
3) Expand Foundation and select Allow Group A from the Available pane. Click
i
it to the Currently Using pane.
t o
to move
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click .
5) Click . Select Group B and to move to the Selected Identities pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p 6) Click
f o
.
r
C o t
N
7) Explicitly deny RM for Group B and make sure that the other permissions are indirectly
denied.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Click .
e. What is the effective permission for Harvey to the Shared Data folder?
Harvey is denied all permissions.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 10 Moving Metadata
10.1 Promoting Selected Content ....................................................................................... 10-3

Demonstration: Promoting Content.................................................................................... 10-11
c .
Exercises ............................................................................................................................ 10-38
e
10.2 Solutions to Exercises ............................................................................................... 10-39 In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-2 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-3
10.1 Promoting Selected Content
Objectives
Identify the types of objects that can be promoted.
Explore when to use promotion.
Use the Export SAS Package and
Import SAS Package wizards.
c .
Use the batch export tool and the batch import tool.
e In
t u t
s t i n .
I n t i o
2 S
A tri b u
S
2
h t i s
r i g r e d
p y o r
C o t f
N o
Promotion
Promotion The process of copying selected
metadata and associated content within
or between planned deployments of SAS.
After preparing the source and target environments,
the promotion process involves
exporting selected objects and folders from the
c .
In
source environment into a SAS package file
importing some or all of the contents of a SAS
u t e
package file into the target environment.
t i t .
3
I n s i o n
t
3
and Windows. S
A tri b u
The promotion process is platform-independent. For example, you can promote content between UNIX
t S
Preparing the source and target environments includes ensuring that required servers are configured
s
and running. If you are promoting from one metadata server to another, you must prepare the target
i g h d i
environment by creating folders for the metadata, directories for the physical files, and setting up security.
y r r e
o p f o r
C o t
N
Promotion within a Planned Deployment
c .
e In
t u t
s t i n .
4
4
I n t i o
S
A tri b u
Objects can be promoted from one location in the SAS Folder tree to another location in the same tree.
For example, you might want to promote a newly created or modified object from a user’s home folder
t S
to a shared location.
s
Promotion can also be used to create a backup of specific folders and objects.
g h d i
The package format is the same regardless of the host machine’s operating system or the tool (wizard
i
r e
or batch tool) used to create it.
y r
o p f o r
Promotion between Planned Deployments
C o t
N
5
5
You can promote objects between development, test, and production environments. You can also promote
content that was exported from a SAS 9.1.3 environment into a 9.2 environment.
Promoting Selected Content

You can selectively promote content:
Select multiple nested folders.
Include all or selected objects

in a folder.
Include or exclude dependent
objects.
c .
In
Use a filter to select objects
based on object name, object
type, or time period during
which the object was created
or last modified.
u t e
t
Include empty folders.
i t .
6
content.
I s
Include associated physical
n i o n
t
6
S
A tri b
Promoting Selected Content
u
t S s
Only objects under the SAS Folder tree can be promoted:
i g h
Actions
Applications
d i Documents
Event subscribers
OLAP schemas
Prompts
y r r e
Burst definitions Event subscriber groups Prompt groups
o p
Channels
f o r
Conditions
Condition action sets
External files
Folders
Generated transformations
Queue managers
Reports
Report components
C o t
Content subscribers
Content subscriber
Information maps
Jobs
Report images
SAS Add-In for Microsoft
N groups
Cubes
Data explorations
Libraries
Message queues
Office documents

projects
Stored processes
Deployed flows Mining results Tables
7 Deployed jobs Notes Web services

7
SAS Data Integration Studio and SAS OLAP Cube Studio can only import and export objects that pertain
to the application.
Limitations
Certain types of objects cannot be promoted:
users, groups, and roles
servers
portal pages
ACTs
You cannot promote ACTs, but you can promote

c .
direct settings and ACT associations if the identities
and ACTs exist in the target environment.
e In
t u t
s t i n .
8
8
I n t i o
S
A tri
Promotion Tools b u
t S s
Among the promotion tools are
i g h d i
the Export SAS Package and Import SAS Package
wizards in SAS Management Console, SAS Data
y r r e
Integration Studio, and SAS OLAP Cube Studio
o p f o r
the batch export tool and the batch import tool.
C o t
N
9
9
The wizards are available in SAS Management Console on the Folders tab.
The batch import and export tools can only be used with a SAS 9.2 Metadata Server. The batch import
tool and export tool are called ImportPackage and ExportPackage and are located in SAS-installation-
directory\SASPlatformObjectFramework\9.2.
Promoting Associated Physical Content

For most object types, you can promote the metadata
and the content.
Wizards You can choose whether to include or

exclude some of the content types.
Batch tools Promotion automatically includes all
associated content except tables and
c .
external files.
e In
t u t
s t i n .
1
0
10
I n t i o
S
A tri b u
If the promotion of an object’s associated content is optional, information about the associated content
is displayed in the wizard’s Options tab.
t S
For details about which types of content are exported and imported with metadata, refer to the
s
SAS® 9.2 Intelligence Platform System Administration Guide.
i g h d i
y r r e
o p f o r
C o t
N
Considerations for Importing

In order for objects to function properly in the target
environment, you must also import dependent objects,
unless those resources already exist in the target
environment.
c .
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri b u
When importing objects, you might need to establish associations to some objects such as a SAS
Application Server, library, or physical path. You can choose to restore the same metadata associations
t S
that were established in the source environment or to establish different associations.
s
Depending on the type of objects that you are importing, you might need to establish associations with
i g h d i
the following objects and entities on the target system:
y r e
• a SAS Application Server
r
• a SAS Content Server
o p
• libraries
f o r
• base path on a SAS Content Server
C • tables
o t
• external files
N
• physical locations for external files or for libraries
• physical locations for custom code that is associated with jobs, if the code is stored outside
the metadata
• OLAP schemas
• mining results
• a source code repository (for stored processes)
Additional Considerations
Before promoting content, you should consider the impact
of the following:
including direct assignments of ACEs and ACTs
including physical tables lengthens processing time

and package file size
ensure user performing promotion has appropriate
access to metadata and associated content
c .
special considerations when promoting content from
9.1.3 to 9.2
e In
t u t
s t i n .
1
2
12
I n t i o
S u
Fewer object types can be promoted in SAS 9.1.3.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Promoting Content
1. Log on to SAS Management Console as an unrestricted user.

2. Click the Folders tab.
3. Expand the Orion Star folder and right-click on the Marketing Department folder.
c .
In
Select Export SAS Package….
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
4. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
5. Navigate to S:\workshop\spaft and type the filename Export_Demo. Click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
If you specify a filename that already exists, then a warning displays when you click
. Click to overwrite the existing package, or click
to return to the package specification page and rename the package.
6. Select the Include dependent objects when retrieving initial collection of objects check box for
the export option. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. In the Types section, select Clear All. Select only Information map (OLAP) and
Information map (relational). Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9. Under the Information Maps folder, select Orion Star Customer Orders Cube. The Dependencies
tab shows that the dependent objects have been checked to be included in the package, as well.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10. Accept the defaults and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11. Review the summary and click to begin exporting.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C
o tIf you are prompted to log on to SASApp or to SASApp - DATA Step Batch Server, type

N Marcel as the value in the User ID field and Student1 as the value for the Password
field.
If you log on to SAS Management Console as a user who has sufficient access to the
SASApp Workspace Server and the SASApp DATA Step Batch Server, you will not
be prompted for credentials.
12. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
13. Review the log for warnings and errors. Click to close the Export Log.
t S s
i g h d i
y r r e
o p f o r
C o t
N
14. Click .
c .
e In
t u t
s t i n .
I n t i o
S u
15. Use Windows Explorer to navigate to S:\workshop\spaft. Verify that the spk file was created.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. In SAS Management Console, right-click SAS Folders and select New Folder.
17. Name the new folder Orion Star Test and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
18. Right-click Orion Star Test and select Import SAS Package….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
19. Navigate to S:\Workshop\spaft\Export_Demo.spk. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
20. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N If you try to import an object that already exists in the destination folder, the object has a red
exclamation mark on it.
21. In the Import Warning dialog box, click .
c .
e In
t u t
22. Click .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
23. Accept SASApp as the target application server and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
24. Click in the Error dialog box.
25. Click twice and clear the SASApp - OLAP Schema check box.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
26. Click three times to return to the point at which the error originally occurred. Accept the
default OLAP Schema mapping and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
27. Accept the directory path mappings and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
28. Verify that the summary is correct and click to begin importing.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
29. The import process finished with warnings. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
30. Locate the warnings in the log. The problem is that you tried to register objects that already exist in
the target environment and cannot be duplicated. Library names must be unique within an application
S
server and cube names must be unique within an OLAP schema. The objects were registered with
t
different names that begin with "Copy of". Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
31. Click .
c .
e In
t u t
s t i n .
I n t i o
S u
32. In SAS Management Console, expand the Orion Star Test folder.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
33. Expand the Marketing Department folder and select the Information Maps folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Using the Batch Export Tool

1. Select Start Ö Run.
2. Type cmd and click .
c .
e In
t u t
s t i n .
I n
3. Type CD\ and press ENTER.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
4. Type cd program files\SAS\SASPlatformObjectFramework\9.2 and press ENTER.
5. Type the following code on the command line and press ENTER:
ExportPackage –host "localhost" –port "8561" –user "Marcel" –
password "Student1" –domain "DefaultAuth" –package
"S:\workshop\spaft\export_batch.spk" –objects "/Orion Star/Marketing
Department" -types "InformationMap"
Enter the command without line breaks.

c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6. Use Windows Explorer to navigate to S:\workshop\spaft and verify that export_batch.spk was
created.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Use Windows Explorer to navigate to the location of the log file created, C:\Documents and
Settings\student\Application Data\SAS\Logs. Open the most recent export log file and review
it for warnings and errors.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exercises
1. Creating a Package and a Folder

a. Create a package from the Orion Star Ö Marketing Department folder, but export only stored
processes. Save the package in S:\Workshop\spaft\export_stp.spk.
c .
In
b. Create a new metadata folder under SAS Folders named Import_Exercise. Import export_stp.spk
into this new folder.
2. Promoting a Report
u t e
t i t
a. Create a package from the Orion Star Analysis report in the Orion Star\Marketing
.
Department\Reports folder. Do not include the underlying information map, Orion Star
Employees.
I n s i o n
b. Navigate to Orion Star\Marketing Department\Information Maps and rename the Orion Star
S u t
Employees map by adding _OLD to the end of the name.
A tri b
c. Import the package in the Import_Exercise folder. Were you successful? If not, why not?
S
d. Rename the information map by removing _OLD from the end of the name.
h t i s
3. Importing with the Batch Tool
r i g r e d
a. In SAS Management Console, create a new folder under SAS Folders called Orion Batch Test.
p y o r
b. Use the following command to generate a list of the contents of the export_batch.spk file:
ImportPackage –host "localhost" –port "8561" –user "Marcel"
C o t f
–password "Student1" –domain "DefaultAuth" –package
"S:\workshop\spaft\export_batch.spk" –target "/Orion Batch Test"
N o
-noexecute
c. Did the process produce an error? If so, modify the environment and rerun the command. When
the command is successful, review the contents of the package file. Do they match what was
exported? Review the generated log.
d. Issue the same command without the –NOEXECUTE option to import the package contents.
Review the log for warnings and errors. Use SAS Management Console to verify that the package
contents were successfully imported.

1. Creating a Package and a Folder
a. Create a package from the Orion Star Ö Marketing Department folder, but export only stored
processes. Save the package in S:\Workshop\spaft\export_stp.spk.
1) On the Folders tab in SAS Management Console, expand Orion Star Ö
Marketing Department.
c .
In
2) Right-click Marketing Department and select Export SAS Package….
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
3) Change the path to S:\Workshop\spaft\export_stp.spk and select .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) In the Types pane, select Clear All. Scroll down through the types and select Stored Process.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) Select each stored process and verify that there are no dependencies. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Review the summary and click .
c .
e In
t u t
s t i n .
I n t i o
8) Click S
A tri b
. u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Review the log for warnings and errors. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
11) Open Windows Explorer and navigate to S:\Workshop\spaft. Verify that export_stp.spk
i
y r e
exists and close Windows Explorer.
r
o p f o r
b. Create a new metadata folder under SAS Folders named Import_Exercise. Import export_stp.spk
into this new folder.
C o t
1) On the Folders tab in SAS Management Console, right-click SAS Folders and select
New Folder.
N
2) Type the name Import_Exercise and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) Right-click on the Import_Exercise folder and select Import SAS Package….
o p f o r
C o t
N
4) Verify that the location of the input SAS package file is S:\Workshop\spaft\export_stp.spk.
Accept the defaults and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Accept the defaults and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
6) If you receive an import warning, click
o
.
N
7) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Accept the application server mapping from SASApp to SASApp by clicking .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Accept the source code repository mapping by clicking .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
14) On the Folders tab, expand Import_Exercise Ö Marketing Department Ö Stored
C o t Processes. Select Stored Processes to see the two registered stored processes.
N
2. Promoting a Report
a. Create a package from the Orion Star Analysis report in the Orion Star\Marketing
Department\Reports folder. Do not include the underlying information map,
Orion Star Employees.
1) On the Folders tab in SAS Management Console, expand Orion Star Ö
Marketing Department Ö Reports.
2) Right-click Reports and select Export SAS Package….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Change the path to S:\Workshop\spaft\export_report.spk and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Verify that only the Orion Star Analysis report is listed. Select the report and verify that the
information map is not included. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
6) Click
r e .
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
b. Navigate to Orion Star\Marketing Department\Information Maps and rename the
i
y r e
Orion Star Employees map by adding _OLD to the end of the name.
r
o p f o r
1) Navigate to Orion Star Ö Marketing Department Ö Information Maps. Right-click
Orion Star Employees and select Properties.
C o t
N
2) Type _OLD at the end of the name and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Import the package in the Import_Exercise folder. Were you successful? If not, why not?
1) Right-click on the Import_Exercise folder and select Import SAS Package….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Verify that the location of the input package is S:\Workshop\spaft\export_report.spk and

click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) The information map that the report was originally associated with no longer exists (because it
was renamed). Select to select Orion Star Employees_OLD as the target map.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6) On the Folders tab, expand Orion Star Ö Marketing Department Ö Information Maps.
Select Orion Star Employees_OLD. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
12) On the Folders tab, expand Import_Exercise. Select Reports to see the registered report.
The import process was successful but because there no longer was an information map
by the name specified in the report. You had to map the report to another information
map.
d. Rename the information map by removing _OLD from the end of the name.
1) Navigate to Orion Star Ö Marketing Department Ö Information Maps. Right-click
Orion Star Employees_OLD and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Remove _OLD from the end of the name and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The new report imported into the Import_Exercise folder no longer works because
it is pointing to a nonexistent information map. The original copy of the report in
Orion Star Ö Marketing Department Ö Report does function.
3. Importing with the Batch Tool

a. In SAS Management Console, create a new folder under SAS Folders named Orion Batch Test.
1) On the Folders tab in SAS Management Console, right-click SAS Folders and select
New Folder.
c .
e In
t u t
s t i n .
I n t i o
2) Type the name Orion Batch Test and click .
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Use the following command to generate a list of the contents of the export_batch.spk file:
-noexecute
1) Select Start Ö Run.
2) Type cmd and select OK.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
3) Type CD\ and press ENTER.
t S s
i g h d i
y r r e
o p f o r
C o t
N 4) Type cd program files\SAS\SASPlatformObjectFramework\9.2 and press
ENTER.
5) Type the following code on the command line and press ENTER:
-noexecute
Enter the command without line breaks.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Did the process produce an error? If so, modify the environment and rerun the command. When
the command is successful, review the contents of the package file. Do they match what was
exported? Review the log generated.
The process included several warnings indicating that Marcel does not have permission to
import objects into the Orion Batch Test folder.
1) On the Folders tab in SAS Management Console, right-click on the Orion Batch Test folder
and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N 2) Click the Authorization tab.
3) Marcel is a member of the Data Integrators group. With Data Integrators highlighted, grant
WriteMemberMetadata. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
You can grant the WriteMemberMetadata permission to Marcel specifically
as an alternative.
4) Return to the command window and retype the command line. The command produced
no errors or warnings. The contents of the package file match what was exported.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
r e
o p f o r You can view the log stored in C:\Documents and Settings\student\Application
Data\SAS\Logs. The location and filename are listed in the Command window.
C o t
N
d. Issue the same command without the –NOEXECUTE option to import the package contents.
Review the log for warnings and errors. Use SAS Management Console to verify that the package
contents were successfully imported.
1) In the Command window, type the command without the –NOEXECUTE option. No errors
are produced. Close the Command window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) On the Folders tab in SAS Management Console, expand Orion Batch Test Ö
Marketing Department Ö Information Maps. The folder includes three information maps.
The package was successfully imported.
c .
e In

t u t
Refresh.
s i
If the Orion Batch Test folder appears empty, right-click on the folder and select
t n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
®
Chapter 11 Updating the SAS
Environment
c
11.1 Applying Hot Fixes to Your SAS Environment .......................................................... 11-3
.
In
Demonstration: Exploring the SAS Technical Support Web Site ......................................... 11-7
e
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11-2 Chapter 11 Updating the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11.1 Applying Hot Fixes to Your SAS Environment 11-3
11.1 Applying Hot Fixes to Your SAS Environment
Objectives
Identify which hot fixes to apply.
Receive notifications about new hot fixes.
Identify considerations when applying hot fixes.
c .
e In
t u t
s t i n .
I n t i o
2 S
A tri b u
S
2
h t i s
r i g r e d
What Is a Hot Fix?
Hot fixes can serve several purposes, such as the
p y o r
following:
providing a quick fix for an immediate problem
C o f
providing an essential fix for a recurring problem
t
N o Hot fixes are tested and fully supported, and most hot
fixes are incorporated into the next scheduled release.
ftp.sas.com/techsup/download/hotfix/hotfix.html
3
3
A hot fix bundle is an accumulation of one or more individual hot fixes.

The Hot Fix FAQ can be found at ftp.sas.com/techsup/download/hotfix/faq.html.
Selecting Hot Fixes to Apply

There are two approaches that you can take when
deciding which hot fixes to apply:
Install only what is needed.
Install every hot fix that is available.
c .
e In
t u t
s t i n .
4
4
I n t i o
S
A tri b
Install Only What Is Needed
u
t S s
Some sites choose only to fix problems when they occur.
i g h d i
Install just the fixes that are needed to keep existing
jobs running successfully.
y r r e
Minimize number of changes, regression testing, and
o p o r
time spent installing hot fixes.
Do not install hot fixes for problems that do not affect
f
users at the site, except for hot fixes labeled as “Alert”
C o tthat apply to products installed at the site.
N
5
5
Installing hot fixes that address problems labeled as “Alert” for any product that is installed at the site can
prevent some serious problems before they are encountered.
Install Every Fix That Is Available

Some sites seek to keep their SAS installation updated
with all of the latest hot fixes. The most efficient approach
is to download and install hot fixes at set intervals of time.
c .
e In
t u t
s t i n .
6
6
I n t i o
S
A tri
Hot Fix Notifications b u
t S s
When hot fixes become available, announcements are
i g h d i
posted to a listserv named tsnews-l.
You can subscribe to this listserv from the following URL:
y r r e
support.sas.com/techsup/news/tsnews.html
o p f o r
C o t
N
7
7
Considerations when Applying Hot Fixes

Before applying hot fixes, consider the following:
Back up the environment.
Stop all SAS processes gracefully.
Read the messages and instructions that come with

the hot fix carefully.
Apply hot fixes everywhere they are needed.
c .
In
If possible, test hot fixes outside of your production
environment.
u t e
t i t .
8
I n s i o n
t
8
S u
If SAS is still running on a machine, a hot fix might not be fully installed.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
Exploring the SAS Technical Support Web Site
1. Open Internet Explorer.

2. Type the SAS Technical Support URL: support.sas.com/techsup.
3. Select Downloads & Hot Fixes.

c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
4. Select Technical Support Hot Fixes and SAS Service Packs.
i g
y r r e
o p f o r
C o t
N
5. The Hot Fix Quick Links on the left side include links to hot fixes by release and by product,
as well as a link to the Hot Fix FAQ. Select SAS 9.2.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6. The SAS 9.2 Phase 1 release includes SAS Foundation. The SAS 9.2 Phase 2 release includes the
platform for SAS Business Analytics. Select SAS 9.2 (TS2M0) Hot Fix Downloads.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Select Sorted by SAS Product.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
8. The table at the top of the page shows you which products include hot fixes. You can select a specific
N
product or scroll through the list. Close Internet Explorer.
Chapter 12 Learning More
12.1 SAS Resources ............................................................................................................. 12-3
c .
12.2 Beyond This Course ..................................................................................................... 12-6
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12-2 Chapter 12 Learning More
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12.1 SAS Resources 12-3
12.1 SAS Resources
Objectives
Identify areas of support that SAS offers.
List additional resources.
c .
e In
t u t
s t i n .
I n t i o
3 S
A tri b u
S
3
h t i s
r
Education
i g r e d
Comprehensive training to deliver greater value
p y o r
to your organization.
more than 200 course offerings
C o t f
world-class instructors
multiple delivery methods: instructor-led
N o and self-paced
training centers around the world
4
4 support.sas.com/training
SAS Publishing
SAS offers a complete selection of publications to help
customers use SAS software to its fullest potential.
Multiple delivery methods: e-books,
CD-ROM, and hard-copy books.
Wide spectrum of topics.
Partnerships with outside authors,

other publishers, and distributors.
c .
e In
t u t
s t i n .
5
5
I n
support.sas.com/publishing
t i o
S
A tri b u
SAS Global Certification Program
t S s
SAS offers several globally recognized certifications.
i g h d i
Computer-based
certification exams –
y r r e
typically 60-70 questions
o p o r
and 2-3 hours in length,
Preparation materials and
f
practice exams available.
C o t
Worldwide directory of
SAS Certified Professionals.
N
6
6 support.sas.com/certify
12.1 SAS Resources 12-5
Support
SAS provides a variety of self-help and assisted-help
resources.
SAS Knowledge Base
downloads and hot fixes
license assistance
SAS discussion forums
c .
In
u t e
t i t .
7
I n s
support.sas.com/techsup
i o n
t
7
S
A tri
User Groups b u
t S s
SAS supports many local, regional, international,
i g h d i
and special-interest SAS user groups.
SAS Global Forum
y r r e
online SAS community:
o p f o r
www.sasCommunity.org
C o t
N
8
8 support.sas.com/usergroups
12.2 Beyond This Course
Objectives
Introduce the different types of SAS training.
Identify where to find the current classroom training
for the SAS platform.
Identify where to find the current e-learning for the
c .
In

SAS platform.

u t e
Identify the next set of courses that follow this course.
t i t .
I n s i o n
S u t
1
1
11
S A tri b
h t i s
r i g r e d
Several “Flavors” of SAS Training
Choose from a variety of training formats designed
p y r
to satisfy your learning style.
o
o Classroom Courses taught by certified SAS instructors
C t f
training or business experts in real time.
Public courses – Attend courses at training
N o centers across the country.

Live Web classes – Enjoy a real-time
classroom experience from your desktop.
On-site training – Bring SAS training to
your team's location on dates you choose.
e-learning Courses and e-lectures that provide self-
paced training from your desktop 24/7.
12
1
2
12.2 Beyond This Course 12-7
SAS Platform: Classroom Training

The platform for SAS Business Analytics Training page
on the Web is the best place to find the current training
offerings and schedules.
c .
e In
t u t
s t i n .
1
3
13
I n i
support.sas.com/platformtraining
t o
S
A tri b
SAS Platform: e-Learning
u
t S s
The SAS Self-Paced e-Learning page on the Web is the
i g h d i
best place to find the current offerings in that format.
y r r e
o p f o r
C o t
N
1
4
14 support.sas.com/selfpaced
Next Steps – Job Role Training
SAS Platform
Administration: Fast Track
Business BI Applications
c .
In
User Developer
Data Integration
Developer
u t e Platform
Administrator
SAS Programming
t i t . SAS Analytics
15
I n s i o n
t
1
5
S
A tri b u
Next Steps – Possible Courses
t S s
To learn more about this: Enroll in the following:
i g h SAS Data
d i
Integration Studio
SAS Data Integration Studio:
Administration
y r r e
SAS Enterprise SAS Enterprise Guide:
o p f o r
Guide
SAS Enterprise
Administration
SAS Enterprise Miner:
C o t Miner
SAS OLAP
Administration
SAS OLAP Environment:
N Environment
SAS Scalable
Performance Data
Server
Administration
SAS Scalable Performance

Data Server: Administration
1
6
16 continued...
Next Steps – Possible Courses

To learn more about this: Enroll in the following:
Migrating
Migrating to SAS 9.2
to SAS 9.2
Installing and Configuring the

Installing SAS 9.2
SAS Intelligence Platform
Middle Tier
SAS Platform Administration:
c .
In
SAS Middle Tier Applications
e
SAS Platform Administration 4:
Optimization
t u t Optimization
s t i n .
1
7
17
I n t i o
S
A tri b u
SAS Intelligence Platform Documentation
t S s
The SAS 9.2 platform administration documentation can be
i g h d i
found on this Web site:
support.sas.com/documentation/onlinedoc/intellplatform/index.html
y r r e link to SAS 9.1.3
o p f o r platform administration
documentation
C o t link to product-specific
documentation
grouped by software
N offering
18
1
8
consolidated reference
to what is new in all
SAS 9.2 products
c .
In
provides an overview
of the SAS platform
u t e
t i t .
19
I n s i o n
t
1
9
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
20
2
0
c .
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
22
2
2
c .
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri
SAS Papers b u
t S s
There are different types of technical papers that can
i g h d i
provide the following:
information for different industries and solutions
y r r e
technical details to achieve specific goals and harness
o p f o r
robust features of the software
C o t
N
24
2
4
SAS Papers
Different types of papers can be found on the following
sites:
SAS Technical Papers
support.sas.com/resources/papers/
SAS Presents
.

support.sas.com/rnd/papers/index.html
White Papers
www.sas.com/whitepapers/index.html
In c
Conference Proceedings
u t e
support.sas.com/events/sasglobalforum/previous/online.html
t i t .
25
I n s i o n
t
2
5
S
A tri
SAS Global Forum conference.
b u
The conference proceedings include the SAS Presents papers as well as user papers from the
t S
An example of a SAS Presents paper referenced in this course is
s
Using SAS® 9.2 Metadata Security Reporting and Auditing Features, which can be found at
i g h d i
support.sas.com/resources/papers/proceedings09/321-2009.pdf.
y r
following:
r e
Additional links to documentation and papers which cover topics relevant to this course include the
o p f o r
• SAS® 9.2 Management Console Guide to Users and Permissions
support.sas.com/documentation/cdl/en/mcsecug/61708/PDF/default/mcsecug.pdf
C t
• How to Configure SAS Token Authentication
o
support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/a003276218.htm
N
• Removing a SAS Configuration
support.sas.com/documentation/cdl/en/biig/60946/HTML/default/remove.htm
• How to Configure Integrated Windows Authentication
support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/a003276221.htm
• Using the Batch Export and Import Tools
support.sas.com/documentation/cdl/en/bisag/60945/HTML/default/a003261084.htm
• V9 OLAP: An Architectural Overview
www2.sas.com/proceedings/sugi27/p176-27.pdf
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Appendix A Index
business user, 1-16
A
C
accessing data, 8-4–8-5
ACT, 9-6
advantages, 9-7
client applications, 6-3, 6-50
client tier, 1-4, 1-14–1-18
c .
In
applying to an object, 9-7 Clients tab, 4-31
creating additional, 9-58–9-59, 9-65 client-side pooling, 4-9, 4-21
ACT, predefined, 9-30–9-33
Default ACT, 9-31
u t e connection profiles, 6-4–6-12

Connection Profile window, 6-5–6-6
Portal ACT, 9-31
Private User Folder ACT, 9-32
t i t .
storing user credentials in, 6-15
Windows applications, 6-14
administrative roles, 7-28
I
administrative users, 7-22
n s
SAS Administrator Settings ACT, 9-32
i o n
Connections tab, 4-30
connectivity
establishing, 2-8
adminUsers.txt file, 3-43, 3-46, 7-29
backing up, 5-11
S u t credentials cache
clearing, 4-21
location, 3-43
S A tri
ALLOWXCMD option, 5-8 b custom repository, 3-21, 6-43
h t
appenders, 4-46, 4-50–4-52
assigning libraries, 8-7
i s
D
data access
g
host-based, 7-8
r r e d
authentication, 7-4–7-7
i
identification phase, 7-14
troubleshooting, 8-38–8-47
data integration developer, 1-16
p y o r
Integrated Windows authentication
(IWA), 7-10–7-11, 12-13
data sources, 8-3
establishing connectivity to, 2-8
C o t f
internal, 7-26
LDAP and active directory, 7-9
DATA Step Batch Server, 4-14, 4-16, 5-43–
5-44, 8-35
data tier, 1-20
N o
logging, 4-46
SAS token authentication, 7-34–7-38, 12-
13
Web authentication, 7-12–7-13
dfPower Studio from DataFlux, 1-18
F
authentication domains, 3-51, 7-41–7-43 FMTSEARCH option, 8-45
authentication mechanisms, 7-7 folder trees
Authorization tab, 9-4, 9-6, 9-21, 9-33, 9-54 information maps, 9-43
stored processes, 9-42
B tables, 9-40
folders
backing up metadata
exploring, 6-41–6-50
scheduling, 5-43–5-44
inheritance, 9-8
backing up SAS environment, 2-6
libraries, 9-39
backing up metadata, 5-49–5-51
OLAP cubes, 9-41
backing up physical files, 5-49–5-53
reports, 9-44
Backup Wizard, 5-8–5-11
root folder, 9-37
batch servers, 4-14, 4-16, 5-43–5-44
SAS folders, 6-41–6-50
BI applications developer, 1-15
securing content in folder tree, 9-22–9-33
business analyst, 1-15
A-2 Index
securing content outside of folder tree, 9- metadata authorization layer, 9-3

53–9-55 metadata folder structure, 2-9, 6-41–6-50, 9-
tables, 9-39–9-40 38
formats, 8-43–8-45 metadata LIBNAME engine, 8-6–8-8, 8-36,
foundation repository, 3-21 8-47
metadata permissions, 9-3–9-66
G METADATA procedure, 8-6
metadata repositories, 2-10, 3-20–3-22
group identities, 7-14
creating, 7-16
importing, 7-16–7-17
metadata security, 2-7, 9-3–9-66
ACT, 9-6–9-7
Authorization tab, 9-4, 9-6
c .
In
synchronizing, 7-18
identity hierarchy, 9-5
H
Hosts tab, 4-30
u t e indirect settings, 9-8
inheritance paths, 9-8
permissions, 9-21–9-24
hot fixes, 11-3–11-10
t i t .
security plan, 9-13
metadata server, 1-20
I
I n
identity hierarchy, 7-15, 9-5s i o n configuration files, 3-43–3-44
journaling, 3-45
indirect settings, 9-5, 9-8
S
inheritance paths, 9-8
u t roles, 7-28
states, 3-18–3-19
S
7-10–7-11, 12-13A tri b
Integrated Windows authentication (IWA), METALIB procedure, 8-26, 8-28–8-30
middle tier, 1-19
monitoring servers, 2-5, 4-20, 4-29–4-35
h t
internal accounts, 7-24, 7-26
i s
internal authentication, 7-25, 7-27
O
L
r i g r e d object spawner, 4-12–4-13

OLAP, 4-13
p y
LIBNAME statement, 8-4, 8-41
testing, 8-42
libraries
o r OLAPOPERATE procedure, 4-35
OMABAKUP macro, 5-5–5-8
C o t f
pre-assigning, 8-32–8-36, 8-47
library assignment, 8-7, 8-32
syntax, 5-33
Online Analytical Processing. See OLAP
o
library metadata, 8-41
N
Log tab, 4-33, 4-48–4-49
LOGCONFIGLOC= system option, 4-46
Options tab, 4-33
outbound login, 7-39–7-42
P
loggers, 4-46–4-47
Loggers tab, 4-33 passwords
logging, 4-45 storing in the metadata, 7-43
enabling server logging, 4-46 updating for service accounts, 4-60–4-62
logging configuration files, 4-54 Permission Pattern tab, 9-33
logging levels, 4-50 permissions, 9-5, 9-21–9-24
modifying server logging, 4-53–4-55 platform administrator, 1-7
login tasks, 2-3
inbound, 7-14 platform for SAS Business Analytics
outbound, 7-39–7-42 overview, 1-3–1-12
pre-assigning libraries, 8-33–8-36
M advantages, 8-33
metadata disadvantages, 8-34
analysis and repair tools, 3-51 in an autoexec file, 8-35
troubleshooting, 3-51–3-52 in the metadata, 8-34–8-35
Index A-3
metadata security, 8-47 logging, 4-55

with the metadata LIBNAME engine, 8- monitoring, 4-34
36 SAS OLAP Server Monitor plug-in, 4-35
predefined groups, 7-15 SAS platform applications, 1-19
Processes tab, 4-31 by job role, 1-17
project repository, 3-21–3-22 SAS Pooled Workspace Server, 4-7, 4-9
promotion, 10-4–10-37 SAS resources, 12-3–12-5
between planned deployments, 10-5 SAS servers, 4-3–4-15
consideration, 10-10
considerations, 10-9
limitations, 10-7
SAS Services Application, 3-4
SAS Stored Process Server, 4-11–4-12
SAS Table Server, 3-4
c .
within a planned deployment, 10-5
promotion tools
e benefits, 7-37 In
SAS token authentication, 7-35, 12-13
Export SAS Package, 10-7

Import SAS Package, 10-7
t u t limitations, 7-37
SAS training, 12-6–12-13
R
REORG option, 5-7, 5-33–5-35
s t i SAS Visual BI, 1-18
.
SAS Web Report Studio, 1-18
n
SAS Workspace Server, 4-4–4-7
I n
repositories, 2-10, 3-21–3-23
repository ACT, 9-9
t i osas.servers script, 3-6–3-8
SAS/CONNECT Server, 4-15
S
repository manager, 3-21
A tri b
restoring your environment, 5-36 u SAS/CONNECT Spawner, 3-4
SAS/SHARE Server, 3-4
SASTRACE option, 8-42
roles, 6-22–6-38
t S
creating, 6-25–6-26
s
security plan, 9-13
server assignment, 8-46
g h
features, 6-23
managing, 6-24
i d i server logging configurations

modifying, 4-52–4-55
security, 6-24
y r r e server operations methods, 3-3–3-13

server tier, 1-19
o
S
p f o r
SAS 9.2 logging facility, 4-45
SAS Add-In for Microsoft Office, 1-17
servers, 2-4
additional functions, 4-22
C o t
SAS AppDev Studio, 1-17
SAS application server, 4-16
as Windows services, 3-5
managing, 4-20
monitoring, 2-5, 4-20, 4-29–4-35
N
SAS BI Dashboard, 1-17
SAS configuration
securing, 1-8–1-12
Servers tab, 4-29
Sessions tab, 4-32
Spawned Server Activity tab, 4-34
SAS Content Server, 3-4, 5-49–5-51, 6-42 spawners, 4-12–4-13
SAS Data Integration Studio, 1-17, 8-27 standard workspace server, 4-6
SAS Deployment Manager, 4-63–4-78
SAS Enterprise Guide, 1-17, 8-28 T
SAS folders, 2-9, 6-41–6-50, 9-38
table metadata
SAS Information Delivery Portal, 1-17
accessing, 8-6
SAS Information Map Studio, 1-17
registering in metadata, 8-6
SAS Information Maps, 4-7–4-8
securing, 9-39–9-40
SAS Management Console, 1-18
updating, 8-24–8-30
monitoring activity of servers, 2-5
tables
SAS Metadata Server, 1-20
duplicate table registrations, 8-45
SAS Object Spawner, 4-12–4-13
troubleshooting
SAS OLAP Cube Studio, 1-18
SAS servers, 4-62
SAS OLAP Server, 4-14
A-4 Index
troubleshooting data access, 8-38–8-47 administrative, 7-22

connection information, 8-38 giving access to servers, 7-33–7-43
RDBMS libraries, 8-39–8-40 unrestricted, 7-22
trustedUsers.txt file, 3-46
W
U
Web Application Server, 1-19
updating table metadata, 8-24–8-30 Web authentication, 7-12–7-13
methods, 8-26 workspace server pooling, 4-7, 4-9
user administration, 7-3–7-5
user identities, 7-5
workspace servers, 4-4–4-6
connecting to, 7-39
c .
In
creating, 7-16
importing, 7-16–7-17 X
synchronizing, 7-18
user types, 7-21
u t e
XCMD option, 5-31, 5-44
users
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o

Spaft 003 WM

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Spaft 003 WM

Uploaded by

Copyright:

Available Formats

c .

SAS® Platform Administration: Fast Track Course Notes

Course Description .................................................................................................................... viii

N Demonstration: Checking the State of the SAS Servers ........................................... 3-9

3.2 Exploring the Metadata Server and Repositories ........................................................... 3-17

3.3 Troubleshooting the Metadata Server ............................................................................ 3-43

3.4 Solutions to Exercises .................................................................................................... 3-59

Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers ............... 4-1

4.1 Overview of SAS Server Types ....................................................................................... 4-3

4.2 Monitoring SAS Servers and Spawners ......................................................................... 4-20

C o t Backup Wizard .............................................................................. 5-12

Exploring OMABAKUP ................................................................................................ 5-29

5.3 Scheduling Backups ....................................................................................................... 5-42

5.4 Backing Up Physical Files ............................................................................................. 5-49

5.5 Solutions to Exercises .................................................................................................... 5-56

Chapter 6 Administering Client Applications ...................................................... 6-1

6.1 Exploring Connection Profiles......................................................................................... 6-3

o r Administering Users ............................................................................ 7-1

7.2N o Exercises.................................................................................................................. 7-19

Defining Administrative Users....................................................................................... 7-21

7.3 Giving Users Access to Servers ..................................................................................... 7-33

7.4 Solutions to Exercises .................................................................................................... 7-46

Chapter 8 Administering Data Access ................................................................. 8-1

8.1 Registering Libraries and Tables in the Metadata ............................................................ 8-3

Demonstration: Registering SAS Library and Table Metadata ................................. 8-9

8.2 Updating Table Metadata ............................................................................................... 8-24

8.3 Pre-Assigning Libraries ................................................................................................. 8-32

9.4N Securing Content in the Folder Tree .............................................................................. 9-36

9.5 Securing Content outside the Folder Tree ...................................................................... 9-53

9.6 Creating Additional ACTs .............................................................................................. 9-57

9.7 Solutions to Exercises .................................................................................................... 9-69

Chapter 10 Moving Metadata................................................................................. 10-1

10.1 Promoting Selected Content .......................................................................................... 10-3

10.2 Solutions to Exercises .................................................................................................. 10-39

i g h d i Also, see the Publications Catalog on the Web at support.sas.com/pubs for a

y r r e complete list of books and a convenient order form.

1.1 Exploring the Platform for SAS Business Analytics

The platform for SAS Business Analytics is also known as the

SAS Platform Architecture

SAS Platform Architecture

SAS Platform Architecture

The software and applications primarily used by

N  check status and operate servers

 monitor server activity and administer logging

 establish formal, regularly scheduled backup process

 add users and manage access

 establish connectivity to data sources

 set up your metadata folder structure

 administer repositories and move metadata

Securing a SAS Configuration

Directories Recommended Permissions for Windows

sasv9_meta.cfg file • SYSTEM and Administrators: Read and Write

Securing a SAS Configuration – UNIX and z/OS

Directories Default Permissions for UNIX and z/OS

t u t • sas group: Read, Write, and Execute

A tri b u • SAS Installer: Read, Write, and Execute

N • All other users: no access

Access Required for Metadata Backups

1. Identifying the Folder Owner

 Data Integration Developer

The software and applications that are used

N  SAS Enterprise Guide

 SAS Information Map Studio

N check status and operate servers

monitor server activity and administer logging

establish formal, regularly scheduled backup process

add users and manage access

establish connectivity to data sources

set up your metadata folder structure

administer repositories and move metadata

Data Integration Developer

N SAS Enterprise Guide

SAS Information Map Studio

SAS OLAP Cube Studio/SAS OLAP Server

SAS Stored Processes

SAS Web Report Studio

SAS Scalable Performance Data Server

SAS Workspace Server

users and groups

SAS SPD Server files

N o check status and operate servers

monitor server activity and administer logging

establish formal, regularly scheduled backup process

add users and manage access

establish connectivity to data sources

set up your metadata folder structure

administer repositories and move metadata

third-party monitoring tools

establishing connectivity to data sources

setting up your metadata folder structure

z/OS started task

N o sas.servers script (UNIX or z/OS)

individual server script or Windows shortcut

SAS Management Console (except startup)

started by object spawner

server console or script