Professional Documents
Culture Documents
Spaft 003 WM
Spaft 003 WM
eIn
t
® titu .
SASs Platform n
Administration: I nFast t i o
Track
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t Course Notes
N
SAS® Platform Administration: Fast Track Course Notes was developed by Eric Rossland, Ray Thomas,
Christine Vitron, and Jim Wilkerson. Additional contributions were made by Anja Fischer, Marty Flis,
Diane Hatcher, Catherine Hitti, Tina Hobbs, Nancy Pipes, and James Waite. Editing and production
support was provided by the Curriculum Development and Support Department.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of
SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product
names are trademarks of their respective companies.
e
u t
any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written
permission of the publisher, SAS Institute Inc.
t
t i .
Book code E1867, course code SPAFT, prepared date 07Sep2010.
s n
SPAFT_003
I n t i o ISBN 978-1-60764-782-9
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
For Your Information iii
Table of Contents
Prerequisites ................................................................................................................................ ix
Chapter 1 Reviewing the Platform for SAS® Business Analytics ...................... 1-1
c .
1.1 Exploring the Platform for SAS Business Analytics Overview ....................................... 1-3
e In
t u t
Exercises.................................................................................................................. 1-13
1.2
s i
Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier ............................... 1-14
t n .
Exercises.................................................................................................................. 1-21
1.3
I n t i o
Solutions to Exercises .................................................................................................... 1-25
Chapter 2
S
A tri b u
Administering the SAS® Environment ................................................ 2-1
t S s
2.1
i g d i
Overview of Administration Tasks................................................................................... 2-3
h Exercises.................................................................................................................. 2-11
2.2
y r r e
Solutions to Exercises .................................................................................................... 2-12
o p
Chapter 3
f o r Determining the State of the SAS® Environment ............................... 3-1
C 3.1
o t
Checking the State of SAS Servers .................................................................................. 3-3
c .
Demonstration: Validating and Pausing the Metadata Server ................................. 4-24
e
Demonstration: Monitoring the Object Spawner .................................................... 4-36 In
u t
Exercises.................................................................................................................. 4-42
t
4.3
t i .
Logging SAS Servers and Spawners ............................................................................. 4-45
s n
I n t i o
Exercises.................................................................................................................. 4-56
4.4
S u
Troubleshooting SAS Servers ........................................................................................ 4-60
A tri b
Demonstration: Using the SAS Deployment Manager ........................................... 4-65
4.5
t S s
Solutions to Exercises .................................................................................................... 4-79
i g h d i
r
Chapter 5
y r e
Backing Up the SAS® Environment .................................................... 5-1
o p
5.1
f o r
Backing Up Metadata with the Backup Wizard ............................................................... 5-3
Demonstration: Backing Up Metadata with the SAS Management Console
5.2
N Exercises.................................................................................................................. 5-27
c .
In
Demonstration: Connection Profile for SAS Enterprise Guide and the SAS
Add-In for Microsoft Office .......................................................... 6-16
t e
Exercises.................................................................................................................. 6-20
u
6.2
i t
Using Roles to Control Access to Application Functionality ........................................ 6-22
t .
I s i o n
Demonstration: Identifying Roles in SAS Management Console ........................... 6-35
n
Exercises.................................................................................................................. 6-39
6.3
S u t
Exploring SAS Folders .................................................................................................. 6-41
S A tri b
Demonstration: Exploring Folders .......................................................................... 6-51
t s
Exercises.................................................................................................................. 6-56
h i
6.4
r i g e d
Solutions to Exercises .................................................................................................... 6-58
r
p y
Chapter 7
C o7.1
t f
Defining Regular Users and Groups ................................................................................ 7-3
c
Exercises.................................................................................................................. 8-37 .
8.4 Troubleshooting Data Access......................................................................................... 8-38
e In
8.5
u t
Solutions to Exercises .................................................................................................... 8-48
t
Chapter 9
s t i n .
Securing Metadata ................................................................................ 9-1
9.1
I n t i o
Introduction to Metadata Security ................................................................................... 9-3
S
A tri b u
Demonstration: Identifying the ACT Applied to an Item and Effective
Permissions.................................................................................... 9-14
t S
Exercises.................................................................................................................. 9-19
s
9.2
g h d i
Exploring Metadata Permissions ................................................................................... 9-21
i
y r r e
Demonstration: Identifying Applicable Permissions............................................... 9-25
o p f o r
Exercises.................................................................................................................. 9-28
C 9.3
o t
Exploring Predefined ACTs ........................................................................................... 9-30
Exercises.................................................................................................................. 9-34
c .
Chapter 11 Updating the SAS® Environment....................................................... 11-1
e In
t u t
11.1 Applying Hot Fixes to Your SAS Environment ............................................................. 11-3
Demonstration: Exploring the SAS Technical Support Web Site ........................... 11-7
Chapter 12
s t i n .
Learning More ..................................................................................... 12-1
I n t i o
12.1 SAS Resources ............................................................................................................... 12-3
S
A tri b u
12.2 Beyond This Course ....................................................................................................... 12-6
t S s
Appendix A
i g h d i
Index ..................................................................................................... A-1
y r r e
o p f o r
C o t
N
viii For Your Information
Course Description
This intensive training course provides accelerated learning for those students who will administer the
platform for SAS Business Analytics. This course is for individuals who are comfortable with learning
large amounts of information in a short period of time. The SAS® Platform Administration 1: Essentials,
SAS® Platform Administration 2: Security, and SAS® Platform Administration 3: Advanced courses are
available to provide the same type of information in a more detailed approach over a longer period of
time.
c .
To learn more…
e In
t u t
For information on other courses in the curriculum, contact the SAS Education
t i
Division at 1-800-333-7660, or send e-mail to training@sas.com. You can also
.
find this information on the Web at support.sas.com/training/ as well as in the
s n
Training Course Catalog.
I n t i o
S
A tri b u
For a list of other SAS books that relate to the topics covered in this
Course Notes, USA customers can contact our SAS Publishing Department at
t S s
1-800-727-3228 or send e-mail to sasbook@sas.com. Customers outside the
USA, please contact your local SAS office.
o p f o r
C o t
N
For Your Information ix
Prerequisites
Before attending this course, you should complete SAS® Platform Administration: Getting Started or have
equivalent experience.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
x For Your Information
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 1 Reviewing the Platform
®
for SAS Business Analytics
1.1 Exploring the Platform for SAS Business Analytics Overview .................................. 1-3
c .
In
Exercises .............................................................................................................................. 1-13
e
1.2
t
Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier ............................ 1-14
t u
s i
Exercises .............................................................................................................................. 1-21
t n .
1.3
I n
Solutions to Exercises ................................................................................................. 1-25
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1-2 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.1 Exploring the Platform for SAS Business Analytics Overview 1-3
Objectives
Define the architecture of the platform
.
for SAS Business Analytics.
Describe the platform administrator role.
Identify the platform administrator tasks.
In c
t e
Examine how to secure a SAS platform configuration.
u
t i t .
I n s i o n
S u t
S A tri b
t
3
s
3
i g h d i
y r e
Platform for SAS Business Analytics
r
o p r
The platform for SAS Business Analytics is enterprise
o
software with components that exist on multiple machines
f
throughout the organization.
C o t
N
4
4
middle tier
server tier
data tier
u t e
t i t .
5
I n s i o n
t
5
S
A tri b
SAS Platform Architecture
u
t S
A suite of desktop
s
i g h
applications …
d i
y r r e
o p f o r
C o t
N
6
6 ...
1.1 Exploring the Platform for SAS Business Analytics Overview 1-5
c .
e In
t u t
s t i n .
7
7
I n t i o ...
S
A tri b
SAS Platform Architecture
u
t S s
i g h d i
y r r e
o p f o r
C o t
… connect to
N
server
processes
in order to execute
code …
8
8 ...
1-6 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c .
e
… and access
In
t u t enterprise data
sources.
s t i n .
9
9
I n t i o ...
S
A tri b
SAS Platform Architecture
u
t S s
i g h d i
y r r
The applicationse
o p on a common,
f
integrated
r
and servers rely
o
C t
metadata
o
environment.
N
10
1
0
1.1 Exploring the Platform for SAS Business Analytics Overview 1-7
Platform Administrator
Platform administrators install, configure,
administer, and maintain the platform for
SAS Business Analytics.
c .
SAS Management Console
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri b u
To learn how to install and configure the software, refer to:
• Installing and Configuring the SAS® Intelligence Platform course
t S
• SAS® 9.2 Intelligence Platform: Installation and Configuration Guide
s
i g h d i
y r r e
Platform Administrator Tasks
o p o r
This course covers administrative tasks that need
to be performed after the initial installation and
f
configuration of the software.
C o t
The tasks include the following:
secure the SAS configuration on each server machine
12
1
2
1-8 Chapter 1 Reviewing the Platform for SAS® Business Analytics
server scripts
server logs
c .
In
configuration files
u t e
t i t .
13
I n s i o n
t
1
3
S
A tri b u
Securing a SAS Configuration – Windows
t S s
On Windows, all of the configuration directories, files,
i g h
installation.
d i
and scripts are owned by the user who performed the
y r r e
It is recommended that you set additional operating
o p f o r
system permissions.
C o t
N
14
1
4
1.1 Exploring the Platform for SAS Business Analytics Overview 1-9
These recommendations assume that your SAS servers and spawners run as services under the
Local System account. If servers and spawners run under a different account, then grant that account
the permissions that are recommended for SYSTEM.
c .
In
• SASApp
• SASMeta
• Utilities
• Web
u t e
t i t
• SASApp subdirectories ConnectServer\Logs,
.
• SYSTEM, Administrators, and SAS Spawned
Data\wrsdist, Data\wrstemp,
PooledWorkspaceServer\Logs,
I n s
PooledWorkspaceServer\sasuser,
i o n
Servers (sassrv): Full Control
StoredProcessServer\Logs,
S
StoredProcessServer\sasuser, and
u t
A tri
WorkspaceServer\Logs
S
• SASMeta\WorkspaceServer\Logs b
h t i s
• SASApp\PooledWorkspaceServer • SYSTEM, Administrators, and SAS Spawned
Servers (sassrv): Full Control
r i g r e d
• SASApp\StoredProcessServer
• Remove all other users and groups
•
•
p y
ConnectSpawner
Logs
o r
• SYSTEM and Administrators: Full Control
• Remove all other users and groups
C o
•
•
t f
ObjectSpawner
SASApp\OLAPServer
•
•
N o
SASMeta\MetadataServer
SASTS
• ShareServer
If you selected the customer installation option to place all of your log files in a single directory, then you
will need to grant the SAS Spawned Servers (sassrv) user Full Control of the central log destination.
If you enable logging for a standard workspace server, then you will need to grant all users of the
workspace server Full Control of the log directory.
1-10 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c .
e In
t u t
s t i n .
1
5
15
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.1 Exploring the Platform for SAS Business Analytics Overview 1-11
e
• SASApp subdirectories ConnectServer/Logs, • SAS Installer: Read, Write, and Execute In
Data/wrsdist, Data/wrstemp,
PooledWorkspaceServer/Logs,
s t i
StoredProcessServer/sasuser, and
n .
WorkspaceServer/Logs
I n
• SASMeta/WorkspaceServer/Logs
t i o
S
• SASApp/PooledWorkspaceServer
•
t S
• SASApp/StoredProcessServer
ConnectSpawner
s
• sas group: Read and Execute
• SAS Installer: Read, Write, and Execute
•
•
Logs
i g h
ObjectSpawner
d i • All other users: no access
•
r r e
SASApp/OLAPServer
y
•
o
• p SASTS
f o r
SASMeta/MetadataServer
C •
t
ShareServer
o
• sasv9_meta.cfg file • SAS Installer: Read and Write
If you selected the customer installation option to place all of your log files in a single directory, then you
will need to grant the SAS Spawned Servers (sassrv) user Full Control of the central log destination.
If you enable logging for a standard workspace server, then you will need to grant all users of the
workspace server Read, Write, and Execute permission to the log directory.
1-12 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.1 Exploring the Platform for SAS Business Analytics Overview 1-13
Exercises
e In
SASApp?
t u t
d. Locate the SASApp subfolder. How is it secured by default? What subfolders are located under
t i .
e. Locate the SASMeta subfolder. How is it secured by default? What subfolders are located under
SASMeta?
s n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1-14 Chapter 1 Reviewing the Platform for SAS® Business Analytics
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and
Data Tier
Objectives
Explore the different tiers of the SAS platform.
.
Define the common job roles.
Describe the SAS platform applications used for
data integration, reporting, and analysis.
In c
u t e
t i t .
I n s i o n
S u t
S A tri b
t
19
s
1
9
i g h d i
y r e
Exploring the Client Tier
r
o p r
Users at all different skill levels have access to data and
o
information through interfaces targeted for specific job
f
roles including:
C o t
Platform Administrator
BI Applications Developer
N BI Content Developer
Business User
20
2
0
These job roles are used by SAS Education to organize training by similar functionality based
on common job tasks. These job roles are different than the SAS metadata roles.
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier 1-15
BI Applications Developer
BI applications developers are responsible
for building, implementing, and customizing
applications.
SAS/AF
SAS/IntrNet
u t e
t i t .
21
I n s i o n
t
2
1
S
A tri
BI Content Developer b u
t S s
BI content developers understand not only
i g h d i
their organization's data, but also the
applications they need to create reports and
y r r e
analyses for themselves and others
in their organization.
o p f o r
The software and applications primarily used
C o t
by BI content developers include the following:
SAS BI Dashboard
SAS Visual BI
22
2
2
Business User
Business users use existing information
as well as create their own reports and analyses
using point-and-click applications.
c .
SAS Information Delivery Portal
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri b
Data Integration Developer
u
t S s
Data integration developers collect, store, and
i g h
analysis.
d i
cleanse data in preparation for reporting and
y r r e
The software and applications primarily used by
o p f o r
data integration developer include the following:
SAS Data Integration Studio
C o t
SAS Data Quality Solution
N
24
2
4
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier 1-17
.
SAS SAS
Enterprise Guide Enterprise Guide
c
SAS Information SAS Information
Map Studio Map Studio
In
SAS BI Dashboard SAS BI
Dashboard
SAS OLAP Cube Studio
SAS Visual BI
SAS
AppDev Studio
u t e SAS Visual BI
SAS
AppDev Studio
t
SAS Data SAS Data
i
Integration Studio Integration Studio
t .
DataFlux DataFlux
dfPower Studio dfPower Studio
s
SAS
n
Management Console
2
5
25
I n t i o
SAS Add-In for
Microsoft Office S
A tri b u The SAS Add-In for Microsoft Office enables business users to
transparently leverage the power of SAS analytics, reporting, and data
t S s
access directly from Microsoft Office via integrated menus and toolbars.
SAS AppDev
i g h
Studio Eclipse
d i SAS AppDev Studio is a comprehensive, stand-alone development
environment for developing, deploying, and maintaining a wide variety of
r
Plug-Ins
o p
SAS BI Dashboard
N
SAS Data
Integration Studio
SAS Data Integration Studio enables a data warehouse developer to create
and manage metadata objects that define sources, targets, and the sequence
of steps for the extraction, transformation, and loading of data.
SAS Enterprise SAS Enterprise Guide provides a guided mechanism to exploit the power
Guide of SAS and publish dynamic results throughout the organization. SAS
Enterprise Guide can also be used for traditional SAS programming.
SAS Information The SAS Information Delivery Portal is a Web application that can surface
Delivery Portal the different types of business analytic content such as information maps,
stored processes, and reports.
SAS Information SAS Information Map Studio is used to build information maps, which
Map Studio shield business users from the complexities of the underlying data by
organizing and referencing data in business terms.
1-18 Chapter 1 Reviewing the Platform for SAS® Business Analytics
SAS Management SAS Management Console provides a single interface for administrators to
Console manage the metadata and servers in the SAS platform. Specific
administrative tasks are supported by plug-ins to the SAS Management
Console.
SAS OLAP Cube SAS OLAP Cube Studio is used to create OLAP cubes, which are
Studio multidimensional structures of summarized data. The Cube Designer
provides a point-and-click interface for cube creation.
c .
In
SAS Visual BI SAS Visual BI, powered by JMP software, provides dynamic business
(JMP) visualization, enabling business users to interactively explore ideas and
t e
information, investigate patterns, and discover previously hidden facts
through visual queries.
u
SAS Web Report
t i t .
SAS Web Report Studio provides intuitive and efficient access to query and
Studio
I n s i o n
reporting capabilities on the Web.
DataFlux
dfPower Studio
S t
dfPower Studio from DataFlux (a SAS company) combines advanced data-
profiling capabilities with proven data quality, integration, and
u
augmentation tools for incorporating data quality into a data collection and
S A tri b
management process.
h t i s
r i g r e d
p y o r
C o t f
N o
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier 1-19
WebLogic
WebSphere
c .
e In
t u t
s t i n .
2
6
26
I n t i o
S
A tri b
Exploring the Server Tier
u
t S s
The server tier consists of one or more machines where
i g h d i
the SAS servers are installed and accessed by the SAS
platform applications. Different types of SAS servers
y r r e
include those below:
o p o r
SAS Metadata Server
f
SAS Stored Process Server
C o t
SAS OLAP Server
N
27
2
7
1-20 Chapter 1 Reviewing the Platform for SAS® Business Analytics
data definitions
security settings
c .
In
business intelligence content
u t e
t i t .
28
I n s i o n
t
2
8
S
A tri b
Exploring the Data Tier
u
t S s
The data tier contains the enterprise data sources, which
i g h d i
might be in one or more of the following formats:
SAS data sets
y r r e
RDBMS tables
o p f o r
OLAP cubes
C o t
ERP data structures
N
29
2
9
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier 1-21
Exercises
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i
Plan 2 g r e d
p y o r
C o t f
N o
1-22 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Plan 3
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.2 Exploring the Client Tier, Middle Tier, Server Tier, and Data Tier 1-23
Plan 4
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1-24 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Platform Administrator
BI Applications Developer
Business Analyst
Business User
c .
Data Integration Developer
e In
t
3. SAS Management Console Plug-Ins and the Tiers
t i t u
a. Select Start Ö All Programs Ö SAS Ö SAS Management Console 9.2.
.
b. Log on using the following credentials:
User name: Ahmed
I n s i o n
Password: Student1
S u t
S A tri b
c. Click the Plug-ins tab. Which plug-ins contain information for each tier?
h t
Server Tier
i s
r i g r e d
p y r
Middle Tier
o
C o t f
Data Tier
N o Client Tier
Hint: For information about a particular plug-in, select the plug-in and select Help Ö
Help on plug-in….
1.3 Solutions to Exercises 1-25
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1-26 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c. Who is the owner of the SAS folder?
C o t
Administrators (SASBI\Administrators)
N
1.3 Solutions to Exercises 1-27
d. Locate the SASApp subfolder. How is it secured by default? What subfolders are located under
SASApp?
1) Use Windows Explorer to navigate to C:\SAS\Config\Lev1. Right-click SASApp and
select Properties.
2) Click the Security tab. Select each group and user name to see the permissions.
The following permissions were granted to LOCALHOST\Administrators, SYSTEM,
and LOCALHOST\Users: Full Control, Modify, Read & Execute, List Folder Contents,
Read, and Write.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1-28 Chapter 1 Reviewing the Platform for SAS® Business Analytics
e. Locate the SASMeta subfolder. How is it secured by default? What subfolders are located under
SASMeta?
1) Use Windows Explorer to navigate to C:\SAS\Config\Lev1. Right-click SASMeta and
select Properties.
2) Click the Security tab. Select each group and user name to see the permissions.
The following permissions were granted to LOCALHOST\Administrators, SYSTEM,
and LOCALHOST\Users: Full Control, Modify, Read & Execute, List Folder Contents,
Read, and Write.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
1.3 Solutions to Exercises 1-29
c .
e In
t u t
s t i n .
I n t i o
b. Which of the following four diagrams most closely matches your environment? If no diagram
S
matches your environment exactly, what would you need to modify about the diagram?
A tri b u
c. What user types do you have at your site?
s
Job Role at Your Site
i g h d i
Platform Administrator
y r e
BI Applications Developer
r
o p f o r
Business Analyst
Business User
C o t
Data Integration Developer
N
1-30 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c. Click the Plug-ins tab. Which plug-ins contain information for each tier?
c .
Middle Tier
e
Foundation Services Manager
Server Manager In
t u t Configuration Manager
Data Tier
Client Tier I n t i o
Server Manager
Authorization Manager
S
A tri b u User Manager
t S s
i g h d i
y r r e
o p f o r
C o t
N
®
Chapter 2 Administering the SAS
Environment
e
2.2
t
Solutions to Exercises ................................................................................................. 2-12
t u
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2-2 Chapter 2 Administering the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
2.1 Overview of Administration Tasks 2-3
Objectives
Explore the platform administrator tasks.
c .
e In
t u t
s t i n .
I n t i o
2 S
A tri b u
S
2
h t i s
r i g r e d
Platform Administrator Tasks (Review)
This course covers administrative tasks that need
p y o r
to be performed after the initial installation and
configuration of the software.
C o t f
The tasks include the following:
secure the SAS configuration on each server machine
3
3
2-4 Chapter 2 Administering the SAS® Environment
server scripts
server logs
c .
In
configuration files
u t e
t i t .
4
I n s i o n
t
4
S
A tri b u
Checking the Status and Operating Servers
t S s
SAS provides a number of tools you can use to determine
i g h d i
the status and operate your servers and spawners
including these two:
y r r e
SAS Management Console
o p f o r
scripts
C o t
N
5
5
The term server refers to a program or programs that wait for and fulfill requests from client programs for
data or services. Server does not necessarily refer to a specific computer because a single computer can
host one or more servers of various types.
2.1 Overview of Administration Tasks 2-5
u t e
t i t .
6
I n s i o n
t
6
S
A tri b
products to monitor SAS servers: u
In addition to SAS Management Console, you can use the following enterprise systems management
• HP Openview
t S
• BMC Performance Manager
s
• Hobbit
i g h d i
• IBM Tivoli
y r r e
• Microsoft Operations Manager
p o r
The servers and spawners use a standard logging facility that supports problem diagnosis and resolution,
o f
performance and capacity management, and auditing and regulatory compliance.
C o t
N
2-6 Chapter 2 Administering the SAS® Environment
metadata
c .
In
configuration files
data
u t e
other content
t i t .
7
I n s i o n
t
7
S
A tri b u
It is important to back up all of the following items at the same time so that related information is
synchronized if a restore becomes necessary:
t S
• your metadata repositories, the repository manager, the metadata journal file, and the metadata server’s
configuration files
s
i g h d i
• physical content that is stored in files, databases, and WebDAV
y r r e
o p f o r
C o t
N
2.1 Overview of Administration Tasks 2-7
Metadata Security
Setting security in the metadata occurs in conjunction
with several administrator tasks:
adding users and managing access
c .
In
It is important to plan security for your
environment before implementing it.
u t e
t i t .
8
I n s i o n
t
8
S
A tri b u
For example, before creating users and groups in the metadata, you should do the following:
• review the users and groups in your environment
t S
• identify how they will use SAS
s
i g d i
• identify security requirements of your organization
h
y r r e
Adding Users and Managing Access
o p o r
In order to make access distinctions and track user
f
activity, create SAS identities for your users.
C o t
N
9
9
To establish a unique identity for a user, you must create a SAS copy of a unique account ID.
All of a user’s metadata group memberships, role memberships, and permissions are tied
to the user’s SAS identity.
2-8 Chapter 2 Administering the SAS® Environment
RDBMS tables
c .
OLAP cubes
e In
t u t XML files
s t i n .
1
0
10
I n t i o
• Excel files S
A tri b u
Other file types that you can establish connectivity to include the following:
• flat files
t S s
• SAS Information Maps
g h d i
• Scalable Performance Data files
i
r
• ERP systems
y r e
o p f o r
C o t
N
2.1 Overview of Administration Tasks 2-9
Tables
OLAP cubes
Jobs
c .
In
Information maps
Stored processes
Reports
u t e
t i t .
11
I n s i o n
t
1
1
S
A tri b u
When you install SAS, a set of default SAS folders is created. Within this overall structure you can create
a customized folder structure that meets the information arrangement, data sharing, and security
t S
requirements of your organization.
s
The structure separates different types of content, including the following:
h d i
• personal folders for individual users
i g
y r r e
• shared folders for shared content
• product-specific content
o p f o r
• system information for administrators
C o t
N
2-10 Chapter 2 Administering the SAS® Environment
Administering Repositories
and Moving Metadata
As an administrator, you might need to do some of the
following to metadata repositories in your environment:
Create
Register
Move
c .
In
Copy
Rename
Delete
Unregister
u t e
t i t .
12
I n s i o n
t
1
2
purposes. S
A tri b u
You might want to create custom repositories to physically divide metadata storage or for security
t S
You can copy an entire metadata repository from one host machine to another, either in the same
s
operating system environment or a different environment.
g h d i
You can promote individual objects or groups of objects from one location to another, either on the same
i
y r
promotion.
r e
metadata server or a different metadata server. You can also include associated physical content in the
p o r
When you register a metadata repository, information about the repository is added to the repository
o f
manager so that the repository can be accessed by clients.
C o t
When you unregister a metadata repository, information about the repository is removed from the
repository manager, and the repository can no longer be accessed by clients.
N
When you delete a metadata repository, all of the repository’s metadata and metadata containers
are deleted. In addition, the repository’s registration is removed from the repository manager.
2.1 Overview of Administration Tasks 2-11
Exercises
c .
Task
In
Individual/group responsible
configuration.
t u t
Check status and operate
servers.
• Metadata server
s t i n .
• Workspace server
I n t i o
• OLAP server S
• Stored process server
A tri b u
t S
• Web application server
s
g h d i
Monitor server activity
and administer logging.
i
r r e
Back up environment.
y
o paccess.
f o r
Add users and manage
C t
Establish connectivity to
o
data sources.
N
Set up your metadata
folder structure.
Administer repositories
and move metadata.
2-12 Chapter 2 Administering the SAS® Environment
u t e
• Workspace server
t i t .
• OLAP server
I s
• Stored process server
n i o n
• Web application server
S u t
A tri
Monitor server activity
S
and administer logging. b As needed
t s
Back up environment.
h i
Daily
r i g d
Add users and manage
access.
r e
As needed
p y r
Establish connectivity to
o
data sources.
As needed
C o t f
Set up your metadata When installed and as needed
N ofolder structure.
Administer repositories
and move metadata.
thereafter
As needed
These are suggestions and do not apply to all installations. Each site will have different needs
and requirements.
Chapter 3 Determining the State of
®
the SAS Environment
e In
Exercises .............................................................................................................................. 3-14
t u t
3.2
s i
Exploring the Metadata Server and Repositories ...................................................... 3-17
t n .
Demonstration: Identifying Metadata Server and Repository Access State ........................ 3-24
I n i o
Exercises .............................................................................................................................. 3-39
t
3.3
S u
Troubleshooting the Metadata Server ........................................................................ 3-43
A tri b
t S
Demonstration: Exploring the Metadata Server’s Configuration Directory .......................... 3-47
s
Demonstration: Troubleshooting the Metadata .................................................................... 3-53
i g h d i
Exercises .............................................................................................................................. 3-58
y r r e
3.4
o p f o r
Solutions to Exercises ................................................................................................. 3-59
C o t
N
3-2 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.1 Checking the State of SAS Servers 3-3
Objectives
Examine the different methods of server operations.
Check the state of SAS servers.
c .
e In
t u t
s t i n .
I n t i o
3 S
A tri b u
S
3
h t i s
r i g r e d
Methods for Server Operations
There are several methods available for server
p y o
system:
r
operations, depending on server type and operating
C o t f
Windows service
4
4
3-4 Chapter 3 Determining the State of the SAS® Environment
c .
In
• SAS Management Console (except startup)
SAS Pooled Workspace Server
SAS Stored Process Server
u t e • Windows service1
t t
SAS Services Application (SAS Remote Services)
I n s i o n •
•
sas.servers script3 (UNIX or z/OS)
Remote Services script (or Windows shortcut)
S
Web Application Server
u t • Server console or script
• Windows service (JBoss only)1
S
SAS Content ServerA tri b Starts automatically when the Web application
h t i s
server is started
• Windows service1
SAS/CONNECT Spawner
r i g
SAS/SHARE Server
r e d •
•
z/OS started task2
sas.servers script3 (UNIX or z/OS)
C o
1
f
On Windows systems, this is the recommended method.
t
o
2
On z/OS systems, this is the recommended method.
3
N
On UNIX systems, this is the recommended method.
The SAS Services Application deploys a set of services called Remote Services that are used by the
SAS Information Delivery Portal, the SAS Stored Process Web application, and other Web applications.
The SAS Content Server is a content repository that stores digital content (such as documents, images,
and reports) that is created and used by SAS applications. The Web-based Distributed Authoring and
Versioning (WebDAV) protocol is used to access the SAS Content Server.
3.1 Checking the State of SAS Servers 3-5
are named
SAS [deployment-name-and-level] <server-context -> server-name
can be managed from a command line using
SAS provided batch scripts
net start|stop|pause|continue “service-name”
c .
have built-in dependencies to ensure they start up
in the correct order on each machine.
e In
u t
The dependencies do not include Windows
services on other machines.
t
s t i n .
5
5
I n t i o
S
A tri
as JBoss – SASServer1.
b u
If the SAS Deployment Manager installed JBoss Application Server as a service, the service is displayed
t S
On Windows, the available Net commands for each server are listed below:
s
Server
y r
SAS Metadata Server
o p f o r
SAS Object Spawner
Start, stop, pause, and continue
C o t
SAS Services Application (SAS Remote Services) Start and stop
N
SAS Table Server
SAS/CONNECT Spawner
Start, stop, pause, and continue
I n t i o
S
A tri b u
The generate_boot_script.sh enables you to automatically regenerate the sas.servers script on a UNIX
or z/OS machine. This is useful when you do the following:
t S
• configure a new server or spawner on the machine
s
• remove a server or spawner from the machine
i g h d i
• want to remove a server or spawner from the script so that you can operate it separately
y r r e
• change the location of the server’s log
o f o r
For information about how to regenerate the sas.servers script, refer to the SAS® Intelligence Platform:
p
System Administration Guide.
C o t
N
3.1 Checking the State of SAS Servers 3-7
SAS/CONNECT Spawner
c .
In
SAS/SHARE Server
t e
SAS Services Application (SAS Remote Services)
u
t i t .
7
I n s i o n
t
7
S u
The sas.servers script also affects the SAS Deployment Tester Server.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-8 Chapter 3 Determining the State of the SAS® Environment
u t e
You can also install the sas.servers script as a boot script.
t i t .
8
I n s i o n
t
8
Argument
S
A tri b u Description
start
t S Starts the servers and spawners in the following order: SAS Metadata Server, SAS
OLAP Server, SAS Object Spawner, SAS/SHARE Server, SAS/CONNECT Spawner,
s
stop
i g h d i
SAS Table Server, SAS Remote Services, SAS Deployment Tester Server
Stops the servers and spawners in the following order: SAS Deployment Tester Server,
y r r e
SAS Remote Services, SAS Table Server, SAS/CONNECT Spawner, SAS/SHARE
Server, SAS Object Spawner, SAS OLAP Server, SAS Metadata Server
o p
restart
f o r Stops and then starts the servers and spawners in the following order: SAS Metadata
Server, SAS OLAP Server, SAS Object Spawner, SAS/SHARE Server,
C o t SAS/CONNECT Spawner, SAS Table Server, SAS Remote Services, SAS Deployment
Tester Server
N
status Displays the current status of the servers and spawners in the following format:
server-name server-instance (PID) is running|is stopped
On UNIX systems, you can alternatively make the individual servers and spawners run as daemons.
For additional best practices for using sas.servers, refer to the SAS® Intelligence Platform: System
Administration Guide.
3.1 Checking the State of SAS Servers 3-9
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
2. Expand Services and Applications and select Services.
h
y r r e
o p f o r
C o t
N
3-10 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
4. Verify the status of the metadata server represented by the service named SAS [Config-Lev1]
SASMeta - Metadata Server.
t S s
i g h d i
y r r e
o p f o r
5. Right-click on the metadata server service and select Properties.
C o t
N
3.1 Checking the State of SAS Servers 3-11
6. Review the properties on the General tab. The properties include the path to the executable
and the startup type.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-12 Chapter 3 Determining the State of the SAS® Environment
7. Click the Log On tab and notice what account is used to run this process. The Local System account
is used to run this process.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.1 Checking the State of SAS Servers 3-13
8. Click the Dependencies tab and note the services that depend on the metadata server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
9. Close the Properties window.
C o t
N
3-14 Chapter 3 Determining the State of the SAS® Environment
Exercises
c .
In
Service name:
Path to executable:
Startup type:
u t e
Log on as:
t i t .
Dependencies:
I n s i o n
Service name:
S u t
S A tri
Path to executable: b
t
Startup type:
h i s
r i g
Log on as:
r e d
p y Dependencies:
o r
C o t f
Service name:
N oPath to executable:
Startup type:
Log on as:
Dependencies:
Service name:
Path to executable:
Startup type:
Log on as:
Dependencies:
3.1 Checking the State of SAS Servers 3-15
Service name:
Path to executable:
Startup type:
Log on as:
Dependencies:
c .
In
Service name:
Path to executable:
Startup type:
u t e
Log on as:
t i t .
Dependencies:
I n s i o n
Service name:
S u t
S A tri
Path to executable: b
t
Startup type:
h i s
r g
Log on as:
i
Dependencies:
r e d
p y o r
C o t f
Service name:
N o
Path to executable:
Startup type:
Log on as:
Dependencies:
Service name:
Path to executable:
Startup type:
Log on as:
Dependencies:
3-16 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-17
Objectives
Explore the different metadata server states.
Identify the different types and storage locations
of metadata repositories.
Manage metadata repositories.
c .
In
u t e
t i t .
I n s i o n
S u t
1
2
12
S A tri b
h t i s
r i g r e d
SAS Metadata Server (Review)
SAS Metadata Server manages the metadata that
p y o r
describes the location and structure of the SAS platform:
server definitions
C o t f
data definitions
N o security settings
13
1
3
3-18 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
1
4
14
I n t i o
to write/update. S
A tri b u
The metadata server uses multi-threaded processing to read metadata but uses a single thread
t S s
i g h d i
Metadata Server States
y r e
A metadata server can exist in any of the following states:
r
o p
Online
C o t
Offline Metadata server is paused and retains
active client connections, but does not
The metadata server must be in online mode in order to run the SAS tools to perform a backup. The SAS
tools put the metadata server in offline mode during the backup and resume the server once the backup is
complete. If you want to back up the files without using the SAS tools, you must place the metadata
server in offline or stopped mode before copying any files. While the metadata server is online, it holds a
lock on key files that need to be backed up.
3.2 Exploring the Metadata Server and Repositories 3-19
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
To check the access state of the metadata server programmatically, you can use PROC METAOPERATE
to issue a STATUS action. The syntax is as follows:
t S
PROC METAOPERATE
s
SERVER="host name"
i g h d i
PORT=port-number
USERID="user-ID"
y r r e
PASSWORD="password"
PROTOCOL=BRIDGE
o p f o
RUN;
r
ACTION=STATUS;
C t
Any user who can log on to the metadata server can issue a STATUS action.
o
A metadata server that is stopped will not respond to a PROC METAOPERATE request.
N
3-20 Chapter 3 Determining the State of the SAS® Environment
Metadata Repositories
Metadata is stored in metadata repositories that you can
view and manage using the Metadata Manager
plug-in.
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S
A tri
Metadata Repositories b u
t S s
A metadata repository is
i g h d i
a library of tables in which a collection of related
metadata objects are stored
y r r e
managed by a repository manager
o p f o r
stored in a physical location.
C o t
N
18
1
8
The different repositories do not need to be stored in the same physical location.
3.2 Exploring the Metadata Server and Repositories 3-21
Repository Manager
The repository manager is a metadata repository that
holds information about the other repositories in the
environment.
c .
e In
t
OBJNAME ID REPTYPE RPOSPATH
Foundation A0000001.A5STDM7N FOUNDATION MetadataServer\MetadataRepos
Ole’s Work
Repository
t i t u
A0000001.A5590EKV PROJECT
.
itories\Foundation
MetadataServer\MetadataRepos
itories\OleWork
Barbara’s
Work
19 Repository
I s i o n
A0000001.A5WWW6FH PROJECT
n
MetadataServer\MetadataRepos
itories\BarbaraWork
t
1
9
S u
The repository manager is stored in a folder named rposmgr.
A tri b
t S s
Metadata Repositories
i g h d i
The metadata server supports three types of metadata
y r e
repositories:
r
o p f o r
Foundation Required metadata store for a metadata
repository server. You cannot create more than one
foundation repository.
C o t
Custom
repository
An optional metadata store that is useful
for physically separating metadata for
N Project
storage or security purposes.
The SAS Deployment Wizard creates only one foundation repository, which is assigned the name
Foundation. There is exactly one foundation repository per environment.
To organize your metadata, the recommended best practice is to create folders instead of creating separate
repositories.
A project repository enables a user to check out and lock metadata from a foundation repository or custom
repository so that the metadata can be modified and tested in a separate area. When the metadata is ready,
it is checked in and unlocked so that it is available to other users.
3-22 Chapter 3 Determining the State of the SAS® Environment
Managing Repositories
Creating a Creates initial repository contents
new and all the metadata that defines
repository the repository.
Registering a Creates the metadata that defines
repository the repository and points to existing
repository content.
c .
Deleting a
repository
Deletes the repository contents
e
and all the metadata that defines In
Unregistering
t t
the repository.
u
Removes the metadata that describes
a repository
t i .
the repository without removing the
s n
contents of the repository itself.
2
1
21
I n t i o
S
A tri b u
You can use SAS Management Console’s Metadata Manager plug-in to create repositories:
• To create a foundation or custom repository, right-click on the Active Server node and select
t S
Add Repository.
s
• To create a project repository, right-click on the Project Repositories folder and select
i g h d i
New Project Repository.
y r r e
Only unrestricted users who are defined in the adminUsers.txt file with an external operating system user
ID can delete a foundation repository.
p o r
An unregistered repository is invisible to the metadata server. Re-registering a repository is the process
o f
of making the repository visible to the metadata server.
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-23
c .
In
Administration Only users who are in the Metadata
Server: Unrestricted role can read
Offline
u e
and write metadata.
t
Clients can neither read nor write
i t
metadata.
t .
22
I n s i o n
t
2
2
S u
A repository’s access state is a combination of the repository access mode and the metadata server’s state.
A tri b
t S
Metadata Server Access State
s
Metadata Repository
Registered Access Mode
Metadata Repository Access
State
Online
i g h d i Online Online
y r
Online
r e Administration Administration
o p
Online
Online
f o r Read-only
Offline
Read-only
Offline
C o t
Administration Online Administration
N
Administration
Administration
Administration
Read-only
Administration
Administration (Read-only)
2. Click to open SAS Management Console with the existing connection profile.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3. Provide a valid user ID and password to connect to the metadata server.
s
i g h i
In class, type the user ID Ahmed and password Student1.
d
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-25
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
The Repository drop-down list indicates which repository you are currently connected to and
lets you switch repositories.
s
i g h d i
5. Right-click Active Server and select Properties. Review the properties. Use the Help facility to
identify what the State field specifies. Close the Properties window.
y r r e
o p f o r
C o t
N
3-26 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
t i .
6. Select Active Server to display the Access and State values for the repositories in the pane on the
right.
s n
I n t i o
You can also see the repository Access and State values by opening the repository properties.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-27
7. Expand Active Server. Foundation and custom repositories are listed under Active Server. Expand
Project Repositories.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
8. Use Windows Explorer to navigate to the S:\ drive and create a new folder named Test. There are
s
i g d i
currently no metadata repository files in that location.
h
y r r e
o p f o r
C o t
N
3-28 Chapter 3 Determining the State of the SAS® Environment
9. In SAS Management Console, under the Metadata Manager plug-in, right-click Active Server
and select Register Repository….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-29
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-30 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-31
12. Accept the default engine and access values. Type the path S:\Test and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
13. The error message indicates that the wizard was looking for metadata repository files in the path
f
C o t
and found none. Click Ö .
N
3-32 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
15. Provide a name for the repository and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-33
16. Accept the default engine and access values. Type the path S:\Test and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-34 Chapter 3 Determining the State of the SAS® Environment
17. Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-35
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-36 Chapter 3 Determining the State of the SAS® Environment
19. Click the Registration tab. The new repository type is Custom. Close the Properties window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-37
20. In Windows Explorer, navigate to S:\Test. The folder now contains metadata repository tables.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
21. In SAS Management Console, right-click on the new repository and select Delete. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
3-38 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.2 Exploring the Metadata Server and Repositories 3-39
Exercises
c .
In
5. Locating Repository Properties
information:
u t e
Expand the Active Server, and for each repository in the environment, provide the following
i t
Each type of repository might not have all of the following properties.
t .
Repository Name:
Path:
I n s i o n
Type:
S u t
Engine:
S A tri b
ID:
h t i s
r g
Options:
i
Created:
r e d
p y
Updated:
o r
C o Access:
t f
N o
Repository is under change management:
Metadata Location for Users’ Folders:
State:
Owner:
3-40 Chapter 3 Determining the State of the SAS® Environment
Repository Name:
Path:
Type:
Engine:
ID:
Options:
c .
In
Created:
Updated:
Access:
u t e
t i t
Repository is under change management:
.
I n s
Metadata Location for Users’ Folders:
i o n
State:
Owner:
S u t
S A tri b
t
Repository Name:
h i s
r g
Path:
i
Type:
r e d
p y Engine:
o r
C o ID:
t f
N oOptions:
Created:
Updated:
Access:
Repository is under change management:
Metadata Location for Users’ Folders:
State:
Owner:
3.2 Exploring the Metadata Server and Repositories 3-41
e In
Access: Online
t u t
c. Use Windows Explorer to investigate what was created in the path for the new repository.
s t i .
7. Creating and Unregistering a Custom Repository
n
be S:\Test.
I n t i o
a. Create a new custom repository using the Metadata Manager. The repository path should
S b u
b. Verify that the new repository was successfully created and the Test folder populated.
A tri
t S
c. In SAS Management Console, unregister the new repository.
s
i g h d i
d. What is the difference between unregistering and deleting a repository?
8. Pausing the Metadata Server Using the Metadata Manager Plug-in
y r r e
a. Pause in administration mode.
o p o r
1) Right-click Active Server and select Pause Ö Administration. Provide a descriptive
f
comment less than 200 characters long. How did the SAS Management Console interface
C o t
change?
2) Right-click Active Server and select Properties. Any administrators connecting to the
N metadata server using SAS Management Console can view the Comment field.
3) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta – Metadata Server service?
Hint: You might need to right-click on the service and select Refresh to view the updated
status.
4) Resume the metadata server by right-clicking Active Server and selecting Resume.
5) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta – Metadata Server service?
3-42 Chapter 3 Determining the State of the SAS® Environment
3) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta – Metadata Server service?
c .
Hint: You might need to right-click on the service and select Refresh to view the updated
status.
e In
and selecting Resume.
t u t
4) Resume the metadata server by expanding Metadata Manager, right-clicking Active Server,
s t
or administration mode?i
c. Pause the metadata server Windows Service. Does this pause the metadata server in offline mode
n .
I n t i o
Hint: Certain types of users can connect to a metadata server paused in administration mode,
but no one can connect if it is paused in offline mode.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.3 Troubleshooting the Metadata Server 3-43
Objectives
Explore metadata server configuration files.
Use the Metadata Analysis and Repair tools.
c .
e In
t u t
s t i n .
I n t i o
26 S
A tri b u
S
2
6
h t i s
r i g r e d
Metadata Server Configuration Files
The metadata server uses several configuration files
p y r
including the following:
o
C o t f The metadata server will not start if
any of these files is not accessible
o
any of these files includes syntax
errors.
27
2
7
3-44 Chapter 3 Determining the State of the SAS® Environment
c .
In
Do not deny the metadata server process owner
access to these files.
u t e
t i t .
28
I n s i o n
t
2
8
S
A tri
omaconfig.xml b u
t S s
This file contains SAS Metadata Server settings such as
i g h
the following:
d i
values for the libref and path to the metadata server’s
y r r e
repository manager
o p o r
names and locations of the adminUsers.txt and
trustedUsers.txt files
f
journaling options
C o t
N
29
2
9
3.3 Troubleshooting the Metadata Server 3-45
e In
are completed.
t u t
from the journal file if the server fails before updates
s t i n .
3
0
30
I n t i o
S u
Pausing the metadata server causes the journal contents to be written out to disk.
A tri b
t S s
sasv9.cfg and sasv9_usermods.cfg
i g h d i
A SAS configuration file enables you to specify SAS
y r r e
system options that are used to establish a SAS session.
The following configuration files are present in every
o p f r
server’s configuration directory:
o
sasv9.cfg Primary configuration file for a server.
31
3
1
The SAS system CONFIG option points a SAS session to a configuration file. When SAS encounters a
CONFIG option, SAS immediately processes the options in that named file and then returns to process
the remainder of the current file. SAS options that are encountered later in the processing always override
those options that are specified earlier. The options specified in the SAS invocation command are always
processed last and will override the option values specified in the configuration files.
3-46 Chapter 3 Determining the State of the SAS® Environment
e In
t u t
s t i n .
3
2
32
I n t i o
S
A tri b u
The unrestricted user’s fully qualified user ID is preceded by an asterisk in the adminUsers.txt file.
Another security-related file located in the metadata server’s configuration directory is the
t S
trustedPeers.xml file. This file can be used to limit the scope of trust for connections from SAS sessions
s
to the metadata server. Initially the scope is not limited.
g h d i
The metadata server accepts peer SAS servers and sessions to connect using a proprietary protocol
i
y r r e
(trusting that those connecting identities have already been properly authenticated). These connections
can occur from any SAS session or SAS IOM server to the metadata server. The scope is configurable.
p r
This enables a SAS/CONNECT server to access the metadata server and facilitates connections to the
o
metadata server during batch processing. For more information, refer to the SAS® 9.2 Intelligence
o f
Platform: Security Administration Guide.
C o t
N
3.3 Troubleshooting the Metadata Server 3-47
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2. Right-click omaconfig.xml and select TextPad.
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-48 Chapter 3 Determining the State of the SAS® Environment
3. Review the settings. The omaconfig.xml file indicates that journal files are stored in
Journal\MetadataJournal.dat. Close the omaconfig.xml file.
c .
e In
t u t
s t i n .
I n t i o
4. In Windows Explorer, navigate to the Journal subfolder. Try to open the MetadataJournal.dat file.
S u
What is preventing you from opening the file?
A tri b
t S s
i g h d i
y r r e
o p f o r
5. In Windows Explorer, navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer\rposmgr.
C t
This folder contains the files that make up the Repository Manager.
o
N
3.3 Troubleshooting the Metadata Server 3-49
6. Return to the MetadataServer folder and right-click on sasv9.cfg and select Open with Notepad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-50 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o f o r
8. The sasv9.cfg file pulls settings from sasv9_usermods.cfg. Right-click on sasv9_usermods.cfg and
C o t
N
3.3 Troubleshooting the Metadata Server 3-51
c .
e In
t u t
s t i n .
3
4
34
I n t i o
S
A tri b u
The utility can be found in !SASHOME\SASPlatformObjectFramework\9.2. To get information about
the options available, invoke the utility as follows:
t S
AnalyzeMetadata -?
s
g h d i
You can access the wizard in SAS Management Console by right-clicking Active Server or
a specific repository listed in the Metadata Manager and selecting Analyze/Repair Metadata….
i
y r r e
o p f o r
Metadata Analysis and Repair Tools
C o t
The tools can analyze and repair metadata including:
Verify Checks and repairs the container
Verify
track of metadata files.
Checks for associations between
Associations metadata objects where one object
was removed.
Orphaned Checks remaining access control
ACEs elements associated with metadata
objects that were removed.
Orphaned Checks for remaining properties for
Properties metadata objects that were removed.
3
5
35 continued...
3-52 Chapter 3 Determining the State of the SAS® Environment
Domains
u t e
Authentication definitions in metadata repositories
other than the foundation repository.
Verify
Permissions
t i t
Checks for permission definitions in
.
metadata repositories other than the
36
I n s i o n
foundation repository.
t
3
6
S
A tri b u
Analyze Mode and Repair Mode
t S s
Whether you run the tools interactively or schedule them
i g h d i
in batch mode, a good practice is to do the following:
Run the tools weekly in analyze mode to monitor for
y r r e
problems.
o p f o r
Back up your environment and then run the tools in
repair mode if problems are identified during analysis.
C o t
N
37
3
7
3.3 Troubleshooting the Metadata Server 3-53
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-54 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. Select the Foundation repository and click .
3.3 Troubleshooting the Metadata Server 3-55
4. Accept the defaults, which are that all tools are selected and Repair immediately is not selected.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-56 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.3 Troubleshooting the Metadata Server 3-57
6. Click .
c .
e In
t u t
s t i n .
I n t i o
If problems had been found, you can use to return to the previous screen
S u
and select to repair the metadata immediately.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-58 Chapter 3 Determining the State of the SAS® Environment
Exercises
c .
In
b. The SASFoundation\9.2\sasv9.cfg file references another configuration file. Locate the file and
open it. Examine the settings. This file and the settings within are used by all instances of SAS.
t e
c. How should you modify the configuration file settings for a particular server such as the metadata
server?
u
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
3.4 Solutions to Exercises 3-59
t u t
s t i n .
I n t i o
Service name: SAS [Config-Lev1] Deployment Tester Server
Path to executable: "C:\Program Files\SAS\SASDeploymentTesterServer\1.3\Config\win\wrapper.exe"
S
A tri
Startup type: Automatic
b u
-s C:\SAS\Config\Lev1\DeploymentTesterServer\Config\wrapper.conf
t S s
Log on as: NT AUTHORITY\LocalService
g h
Dependencies: None
i d i
y r r e
o p f o r
Service name: SAS [Config-Lev1] Object Spawner
Path to executable: "C:\Program Files\SAS\SASFoundation\9.2\objspawn" -name
C t
"SAS [Config-Lev1] Object Spawner"
o
N
Startup type: Automatic
Log on as: Local System Account
Dependencies: None
c .
e
Service name: SAS [Config-Lev1] SASMeta - Metadata Server In
u t
Path to executable: "C:\Program Files\SAS\SASFoundation\9.2\sas.exe" -config
t
SASMeta - Metadata Server"
s i
"C:\SAS\Config\Lev1\SASMeta\MetadataServer\sasv9.cfg" -servicename "SAS [Config-Lev1]
t n .
I n
Startup type: Automatic
Log on as: Local System Account
t i o
S
A tri
Dependencies:
b u
SAS [Config-Lev1] Connect Spawner
t S
SAS [Config-Lev1] Object Spawner
s
i g h d i
SAS [Config-Lev1] Remote Services
y r r e
SAS [Config-Lev1] SASApp - OLAP Server
SAS [Config-Lev1] SASTS - Table Server
o p o r
SAS [Config-Lev1] Share Server
f
C o t
Service name: SAS [Config-Lev1] SASTS - Table Server
c .
Service name: JBoss - SASServer1
e In
u t
Path to executable: C:\jboss-4.2.0.GA\service\wrapper.exe -s
C:\jboss-4.2.0.GA\server\SASServer1\wrapper.conf
t
Startup type: Automatic
s t i n .
Dependencies: None
I n
Log on as: Local System Account
t i o
S b
2. Restarting the Metadata Server
A tri u
t S
Restart the metadata server and dependent services using Windows Services. What impact does
restarting the metadata server have on the other services?
s
h d i
a. In Windows Services, right-click SAS [Config-Lev1] SASMeta - Metadata Server and
i g
y r r e
select Restart.
o p f o r
C o t
N
3-62 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
The dependent services are stopped in the following order and restarted in the reverse order:
S
A tri b u
SAS [Config-Lev1] Share Server
s
i g h d i
SAS [Config-Lev1] SASApp - OLAP Server
y r r e
JBoss - SASServer1
t u t
SAS/CONNECT Spawner
s t i n .
SAS Table ServerI n
SAS Deployment Tester Server
t i o
S
A tri
SAS Remote Services
b u
t S
JBoss - SASServer1.
s
i g h d i
4. Locating the Metadata Server Connection
r e
The Active Server properties listed the metadata server port at 8561. Without searching other
r
plug-ins, where else does this port appear in SAS Management Console interface?
y
o p f o r
Lower right corner of the SAS Management Console window
C o t
N
3-64 Chapter 3 Determining the State of the SAS® Environment
e In
Options: None
t u t
Created: Sep 3, 2009 2:17:35 PM EST
s t i
Updated: Sep 3, 2009 2:17:35 PM EST
n .
Access: Online
I n t i o
S
A tri b u
Repository is under change management: Yes
Metadata Location for Users’ Folders: /Users
t S
State: Online
s
i g h d i
Owner: Not applicable to this type of repository
y r r e
o p f o r
Repository Name: Barbara's Work Repository
Path: S:\Workshop\sbip\MetadataServer\MetadataRepositories\BarbaraWork
C o t
Type: Project
N Engine: Base
ID: A0000001.A5TVKC81
Options: None
Created: Sep 4, 2009 6:48:01 AM EST
Updated: Sep 4, 2009 6:48:01 AM EST
Access: Online
Repository is under change management: Not applicable to this type of repository
Metadata Location for Users’ Folders: Not applicable to this type of repository
Owner: Barbara
3.4 Solutions to Exercises 3-65
c .
In
Created: Sep 4, 2009 6:51:59 AM EST
Updated: Sep 4, 2009 6:51:59 AM EST
Access: Online
u t e
t i t .
Repository is under change management: Not applicable to this type of repository
I n s i o n
Metadata Location for Users’ Folders: Not applicable to this type of repository
Owner: Ole
S
6. Creating a Project Repository
u t
S A tri b
a. Expand Metadata Manager Ö Active Server. Right-click Project Repositories and select
h t
New Project Repository….
i s
r i g r e d
p y o r
C o t f
N o
3-66 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2) Type the name Kari's Work Repository and then click .
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-67
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
4) Select My Computer and then double-click the S: drive.
i g h d i
y r r e
o p f o r
C o t
N
3-68 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
6) Double-click on the Workshop folder.
i g h d i
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-69
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
8) Double-click on the MetadataRepositories folder.
i g h d i
y r r e
o p f o r
C o t
N
3-70 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
10) Type KariWork as the folder name and click .
i g h d i
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-71
11) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
12) Click .
d i
y r r e
o p f o r
C o t
N
3-72 Chapter 3 Determining the State of the SAS® Environment
13) The new repository appears under the Project Repositories folder in the Metadata Manager.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-73
c. Use Windows Explorer to investigate what was created in the path for the new repository.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-74 Chapter 3 Determining the State of the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-75
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
3) Accept the default Base as the engine. Type S:\Test as the path and click .
y r r e
o p f o r
C o t
N
3-76 Chapter 3 Determining the State of the SAS® Environment
4) Click if you are prompted to create the path on the metadata server.
b. Verify that the new repository was successfully created and the Test folder populated.
1) In Windows Explorer, navigate to the path you created, S:\Test.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-78 Chapter 3 Determining the State of the SAS® Environment
2) You should also see the new repository in SAS Management Console.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c. In SAS Management Console, unregister the new repository.
1) Right-click on the Test repository under Active Server and select Unregister Repository.
C o t
N
3.4 Solutions to Exercises 3-79
2) Click when you are prompted to verify that you want to unregister the repository.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Deleting a repository removes all the metadata and physical files.
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-81
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
b) Provide a descriptive comment less than 200 characters long. Click .
2) Right-click Active Server and select Properties. Any administrators connecting to the
metadata server using SAS Management Console can view the Comment field.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r
b) Click e to close the Properties window.
o p f o r
C o t
N
3.4 Solutions to Exercises 3-83
3) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta - Metadata Server service?
Hint: You might need to right-click on the service and select Refresh to view the updated
status.
c .
e In
t u t
s t i n .
I n t i o
S
The status is paused.
A tri b u
t S s
4) Resume the metadata server by right-clicking Active Server and selecting Resume.
i g h d i
y r r e
o p f o r
C o t
N
3-84 Chapter 3 Determining the State of the SAS® Environment
5) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta - Metadata Server service?
The service is started.
200 characters long. How has the SAS Management Console interface changed?
c .
1) Right-click Active Server and select Pause Ö Offline. Provide a descriptive comment under
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N b) Provide a descriptive comment less than 200 characters long. Click .
3.4 Solutions to Exercises 3-85
Only the Metadata Manager plug-in is visible and accessible. The Active Server icon now
includes the pause symbol:
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3-86 Chapter 3 Determining the State of the SAS® Environment
2) Right-click Active Server and select Properties. Any administrators connecting to the
metadata server using SAS Management Console can view the Comment field.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
b) Click
f
to close the Properties window.
C o t
N
3.4 Solutions to Exercises 3-87
3) Check the metadata server service on Windows. What is the status of the SAS [Config-Lev1]
SASMeta - Metadata Server service?
Hint: You might need to right-click on the service and select Refresh to view the updated
status.
c .
e In
t u t
s t i n .
I n t i o
S
The status is paused.
A tri b u
t S s
4) Resume the metadata server by expanding Metadata Manager, right-clicking Active Server,
i g h d i
and selecting Resume.
y r r e
o p f o r
C o t
N
3-88 Chapter 3 Determining the State of the SAS® Environment
c. Pause the metadata server Windows Service. Does this pause the metadata server in offline mode
or administration mode?
1) In Computer Management, right-click SAS [Config-Lev1] SASMeta - Metadata Server and
select Pause.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Return to SAS Management Console and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
3.4 Solutions to Exercises 3-89
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
9. Examining the Metadata Server Configuration Files
r
a. The sasv9.cfg file in the MetadataServer folder referenced two other configuration files.
o p f o r
Navigate to and open C:\Program Files\SAS\SASFoundation\9.2\sasv9.cfg.
C o t
N
3-90 Chapter 3 Determining the State of the SAS® Environment
b. The SASFoundation\9.2\sasv9.cfg file references another configuration file. Locate the file and
open it. Examine the settings. This file and the settings within are used by all instances of SAS.
The other configuration file is called SASV9.CFG and is located in
C:\Program Files\SAS\SASFoundation\9.2\nls\en.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c. How should you modify the configuration file settings for a particular server such as the metadata
server?
N
Chapter 4 Monitoring, Logging, and
®
Troubleshooting SAS Servers
e
4.2
t
Monitoring SAS Servers and Spawners ..................................................................... 4-20
t u
s i
Demonstration: Validating and Pausing the Metadata Server ............................................. 4-24
t n .
Demonstration: Monitoring the Object Spawner .................................................................. 4-36
I n i o
Exercises .............................................................................................................................. 4-42
t
4.3
S u
Logging SAS Servers and Spawners .......................................................................... 4-45
A tri b
t S
Exercises .............................................................................................................................. 4-56
s
4.4
h i
Troubleshooting SAS Servers ..................................................................................... 4-60
i g d
y r e
Demonstration: Using the SAS Deployment Manager......................................................... 4-65
r
p
4.5
o o r
Solutions to Exercises ................................................................................................. 4-79
f
C o t
N
4-2 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.1 Overview of SAS Server Types 4-3
Objectives
Explore the properties and functionality
of a workspace server.
Explore the properties and functionality
of a stored process server.
c .
Explore the properties and functionality
of an OLAP server.
e In
of a batch server.
t u t
Explore the properties and functionality
s t i
of a SAS/CONNECT server.
n .
Explore the properties and functionality
I n t i o
3 S
A tri b u
S
3
h t i s
r
SAS Servers
i g r e d
Whether users enter their own code, execute a stored
p y o r
process, or let SAS applications generate code for them,
the code will be executed on a SAS server. Each server
C o f
type has different capabilities.
t
N o
4
4
4-4 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.1 Overview of SAS Server Types 4-5
retrieve results.
c .
e In
t u t
s t i n .
6
6
I n t i o
S u
In an initial configuration, there are typically three workspace servers:
A tri b
t S
SASMeta - Logical Workspace Server
s
Standard workspace server for use by administrators to
execute metadata utilities
g h d i
SASApp - Logical Workspace Server
i
Standard workspace server for use by non-administrators
y r r e
SASApp - Logical Pooled Workspace Server-side pooled workspace server for use by non-
o p
Server
C t
permissions.
o
N
4-6 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
7
7
I n t i o
S
A tri b u
The server process is shut down when the connection is terminated. For desktop applications,
the connection typically lasts until the user closes the application. For Web applications, the
t S
connection is typically shut down after the request is completed.
s
g h d i
Standard Workspace Server
i
y r r e
A standard workspace server can be load balanced.
o p f r
Load balancing a workspace server across physical
o
machines is recommended if your server supports
applications that submit large jobs such as SAS Data
C o t
Integration Studio or SAS Enterprise Miner.
8
8
The object spawners on each physical machine communicate with each other to accomplish load
balancing.
Workspace servers are load balanced across machines. In other words, the object spawners on multiple
machines compare the load on each machine and load balance additional requests accordingly.
4.1 Overview of SAS Server Types 4-7
c .
In
In general, pooling is used when a relational information
map is queried, processed, opened, or used indirectly
through a report.
u t e
t i t .
9
I n s i o n
t
9
S
A tri b u
Pooling is used when accessing relational information maps from applications including
SAS Web Report Studio and SAS Information Map Studio.
t S
No additional configuration is required to use the pooled workspace server.
s
i g h d i
y r r e
What Is a SAS Information Map?
o p o r
SAS Information Maps provides the bridge between your
data warehouse and the business users who build reports
f
and analyses from that data.
C o t
N SAS SAS SAS
SAS Information
Map Studio
DBMS DBMS
Data Warehouse
10
1
0
4-8 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
u t e
columns or be based on calculations
filters can be created for easy
t i t
subsetting of the data source
.
data sources can be relational tables
11
I s
or a multidimensional OLAP cube
n i o n
t
1
1
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.1 Overview of SAS Server Types 4-9
c .
e In
t u t
s t i n .
1
2
12
I n t i o
S
A tri b u
The default configuration includes a Logical Pooled Workspace Server, which provides server-side
pooling. The object spawner manages the server-side pooled workspace server processes and can request
t S
user-specific metadata layer access evaluations. Allocation of server processes is managed across clients,
using the spawner’s load balancing capabilities.
s
i g h d i
It is also possible to configure client-side pooling for use when accessing information maps in
SAS Web Report Studio and SAS Information Delivery Portal. Client-side pooling is managed by a pool
r r e
administrator within each application. The workspace server processes are instantiated by the object
y
spawner, but the spawner is unaware of the user making the request. Use client-side only if you have
o p f o r
security requirements that are not met by server-side pooling. The initial configuration does not include
client-side pooling. The usage of servers in a client-side pool is determined by membership in a specific
C t
metadata group.
o
N
4-10 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
e
consists of a .sas file along with a metadata definition In
t u t
that describes how the stored process should execute
s t i n .
1
3
13
I n t i o
S
A tri b
Executing a Stored Process
u
t S s
Stored processes are typically executed on a stored
i g h d i
process server, but can also be executed on
a workspace server.
y r r e
o p f o r
C o t
N
14
1
4
4.1 Overview of SAS Server Types 4-11
c .
In
includes load balancing settings that the object
spawner uses to distribute requests between the
server processes.
u t e
t i t .
15
I n s i o n
t
1
5
S
A tri
Stored Process Server b u
t S s
By default, the stored process server is configured with
i g h d i
one connection
y r r e
three multibridge connections.
r
Port on which object spawner listens for
o p f o
stored process server requests
C o t
N Each multibridge connection maps to a stored
process server process using the specified
port to communicate with applications.
16
1
6
4-12 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Shared Credentials
The stored process server processes execute under
multiuser credentials, which can be found in SAS
Management Console on the physical stored process
server’s Properties window, under the Options tab.
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S
A tri b u
The sassrv account is associated with the SAS General Servers group. To verify, follow these steps:
1. Select the User Manager plug-in in SAS Management Console.
t S s
2. Right-click SAS General Servers and select Properties.
g h d i
3. Click the Accounts tab.
i
y r r e
o p f o r
SAS Object Spawners
Workspace servers and stored process servers are
C o t
initialized by the SAS Object Spawner.
An object spawner does the following:
18
1
8
The object spawner manages the server-side pooled workspace server processes. The object spawner
manages load balancing for load balanced standard workspace servers, server-side pooled workspace
servers, and stored process servers.
4.1 Overview of SAS Server Types 4-13
c .
e In
t u t
s t i n .
1
9
19
I n t i o
S
A tri b u
1. The object spawner accesses a configuration file that contains information for accessing the metadata
server. The file is named metadataConfig.xml by default.
t S
2. The object spawner connects to the metadata server for configuration information.
s
i g h d i
y r r e
What Is OLAP?
o p o r
Online Analytical Processing, or OLAP, performs
multidimensional analysis of business data and provides
f
the capability for complex calculations against
C o t
multidimensional data stored in cubes.
20
2
0
4-14 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri b u
SAS OLAP queries are performed by using MDX in client applications that are connected to the
OLAP server by using OLE DB for OLAP (an extension of OLE DB that is used by COM-based clients),
t S
or through similarly designed Java interfaces.
s
i g h d i
SAS Batch Server
y r r e
SAS batch servers are part of the configuration for
o p o r
SAS scheduling. They are metadata objects that store
information about an executable that the scheduling
f
server can use to run scheduled tasks.
C o t
There are several types of batch servers including those
listed below:
22
2
2
4.1 Overview of SAS Server Types 4-15
SAS/CONNECT Servers
SAS/CONNECT software provides essential tools for
sharing data and processing power across multiple
computing environments.
SAS code can use these tools to perform tasks such as
the following:
dividing time-consuming tasks into multiple units of
work and executing these units in parallel
c .
moving data between machines so that it is on the
same machine as the code processing it
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri
SAS/CONNECT Servers b u
t S s
SAS/CONNECT is used in the SAS platform in several
i g h d i
ways, including the following:
Some clients, such as SAS Data Integration Studio
y r r e
and SAS Enterprise Miner, can generate code that
o p o r
includes SAS/CONNECT features.
SAS/CONNECT is involved in the replication of
f
metadata repositories because the replication process
N
24
2
4
4-16 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
In
Logical Contains
server definitions for one
or more similar
servers
u t e
Servers
t i t
Specific process
instances that
.
25 s
perform the
n
requested work
I i o n
t
2
5
S
A tri b u
A SAS application server enables you to specify metadata that applies to all of the logical servers and
servers that the SAS application server contains. You can also register libraries, schemas, directories, and
t S
other resources that are available to SAS servers, regardless of the server type.
s
A server definition contains the server metadata that is required to connect to a SAS server on a particular
i g h d i
machine. The definition includes details about where the process is to execute and how a client should
contact the server, as well as options that describe how the server should behave.
y r r e
o p o r
SASMeta Application Server Context
f
C o t
The SASMeta application server context includes the
metadata server, a workspace server, and the SAS
26
2
6
The workspace server in the SASMeta context is only visible and accessible by users who are in the
SAS Administrators metadata group.
4.1 Overview of SAS Server Types 4-17
Exercises
c .
Not all servers have this information stored in the metadata.
Server Name
e Command Line In
SAS DATA Step Batch Server
t u t
OLAP Server
s t i n .
Pooled Workspace Server
I n t i o
S
Stored Process Server
A tri
Workspace Server
b u
t S
Connect Server
s
i g h
SAS Java Batch Server
d i
r e
2. Locating the Root Folder
y r
o p f o r
Use the information from the previous exercise and Windows Explorer to find the root folder for each
of the following servers in the SASApp context:
C o tServer Name
N
OLAP Server
Workspace Server
Connect Server
c .
In
OLAP Server
u t e
Workspace Server
t i t .
Connect Server
I n s i o n
SAS Java Batch Server
S
4. Identifying the Command Line
u t
S A tri b
Use the Server Manager to find the command line for each of the following servers in the
h t
SASMeta context:
i s
r
i g r e d
Not all servers have this information stored in the metadata.
p y r
SAS DATA Step Batch Server
o
C o t f
Metadata Server
N oWorkspace Server
Metadata Server
Workspace Server
4.1 Overview of SAS Server Types 4-19
c .
In
Metadata Server
Workspace Server
t e
7. Identifying the Different Types of Workspace Servers
u
t i t
a. In SAS Management Console, expand Server Manager Ö SASApp. What are the two
.
workspace servers?
I n s o n
b. Right-click SASApp - Logical Pooled Workspace Server and select Properties. What are the
i
S u t
properties on the Load Balancing tab? Close the Properties window.
c. Expand SASApp - Logical Pooled Workspace Server. Right-click SASApp - Pooled
A tri b
Workspace Server and select Properties. Select the Options tab. What multi-user credentials
S
are used to run this server?
h t i s
d. Close the Properties window.
r i g r e d
e. Right-click SASApp - Logical Workspace Server and select Convert To. What are the options?
p y o r
C o t f
N o
4-20 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Objectives
Validate a SAS server.
Monitor SAS servers using the Server Manager plug-in
in SAS Management Console.
c .
e In
t u t
s t i n .
I n t i o
29 S
A tri b u
S
2
9
h t i s
r i g r e d
Monitoring and Managing Servers
The Server Manager plug-in in SAS Management
p y o r
Console includes server monitoring and management
functionality for servers and spawners:
C o t f
Connect to the server or spawner.
N o right-click menu.
Disconnect from the server or spawner.
30
3
0
4.2 Monitoring SAS Servers and Spawners 4-21
c .
e In
t u t
s t i n .
3
1
31
I n t i o
S
A tri
Validating a Server b u
t S s
You can use SAS Management Console to validate
i g h
up correctly:
d i
that instances of the following server types are set
y r r e
metadata server
o p o r
OLAP server
f
stored process server
C o t
workspace server
N
32
3
2
4-22 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Validating a Server
When you select Validate, SAS Management Console
establishes a connection to the server and performs
additional actions:
Server type Additional actions
Workspace servers SAS code is submitted and results are
Stored process
servers
obtained.
c .
OLAP servers
Metadata servers
OLAP schemas are retrieved.
Metadata repositories are retrieved.
e In
Table servers
WebDAV servers
u t
Sample databases are accessed.
The server path and DAV server definition
t
s i
are verified.
t n .
3
3
33
I n t i o
S
A tri b u
To determine whether a workspace server uses client-side pooling, right-click on the server’s logical
server node and click Properties. If the properties dialog box contains a Pooling tab that lists at least one
t S
puddle, then the server uses client-side pooling.
s
i g h d i
Additional Functions for Connected Servers
y r r e
and Spawners
o p f o r
When connected to a server or spawner, the following
functions are available:
C o t
Stop
Pause
Terminate the process.
Suspend the process.
c .
e In
t u t
s t i n .
3
5
35
I n t i o
S
A tri b u
Refreshing the Object Spawner
t S s
If a user’s permission is changed from deny to grant
i g h d i
during a session, you can reset the object spawner’s
authorization cache without restarting the spawner. This
y r r e
must be done before the user can successfully connect
within the same session. To do so,
o p o r
1. connect to the object spawner under the Server
fManager plug-in
C o t
2. right-click on the spawner and select
Refresh Spawner.
36
3
6
The Refresh Spawner option reinitializes the spawner and forces it to reread its configuration in the
metadata. The Refresh selection refreshes the metadata displayed in SAS Management Console.
4-24 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
2. Right-click on SASMeta - Metadata Server and select Validate.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Hint: If you encounter a credential error, try selecting File Ö Clear Credentials Cache and then
try to validate the server again.
4.2 Monitoring SAS Servers and Spawners 4-25
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
6. Right-click on SASMeta - Metadata Server and select Pause.
i g h d i
y r r e
o p f o r
C o t
N
4.2 Monitoring SAS Servers and Spawners 4-27
7. Click .
c .
In
8. In the Computer Management window, check that the metadata server service, SAS [Config-Lev1]
SASMeta - Metadata Server, is paused.
u t e
t i t .
I n s o n
9. In SAS Management Console, expand Metadata Manager, right-click Active Server, and
i
select Resume.
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
4-28 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
10. In the Computer Management window, check that the metadata server service, SAS [Config-Lev1]
SASMeta - Metadata Server, is started. You might need to select Action Ö Refresh to see the
changed status.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.2 Monitoring SAS Servers and Spawners 4-29
Server Monitoring
The availability of the different server monitoring tabs
in the Server Manager plug-in depends on these items:
the server type
c .
e In
t u t
s t i n .
38
I n t i o
S u
3
8
S A tri b
Server Monitoring – Servers Tab
h t i s
The Servers tab lists the servers under the selected
r i g e d
grouping (root node of Server Manager, application
server, or logical server).
r
p y Only members of the SAS Administrators group can view
r
this tab.
o
C o t f
N o
39
3
9
4-30 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
workspace server
c .
e In
t u t
s t i n .
4
0
40
I n t i o
S
A tri b u
Server Monitoring – Connections Tab
t S s
The Connections tab is available for all servers and lists
i g h d i
all the defined connections for the server.
Only members of the SAS Administrators group can view
y r this tab.
r e
o p f o r
C o t
N
41
4
1
4.2 Monitoring SAS Servers and Spawners 4-31
c .
e In
t u t
s t i n .
4
2
42
I n t i o
S
A tri b u
Server Monitoring – Clients Tab
t S s
The Clients tab lists the user, host, and entry time for
i g h d i
each client connected to the server. Only members of the
SAS Administrators group can view this tab. This tab is
y r r e
available for the following:
o p o r
metadata servers
object spawners
f
OLAP servers
C o t
pooled workspace servers
stored process servers
N table servers
workspace servers
43
4
3
4-32 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
table server
e In
t u t
s t i n .
4
4
44
I n t i o
S
A tri b u
Server Monitoring – Sessions Tab
t S s
The Server Manager options enable you to control which
i g h d i
types of sessions are displayed:
active and inactive
y r r e
active, inactive, and ended
o p f o r
C o t
N
45
4
5
4.2 Monitoring SAS Servers and Spawners 4-33
OLAP server
e In
table server
t u t
t
stored process server
workspace server
s i n .
4
6
46
I n t i o
S
A tri b u
Server Monitoring – Loggers and Log Tabs
t S s
The Loggers tab lists the logging services that are in use
i g h d i
for the server or spawner.
The Log tab displays the log for the server or spawner.
y r r e
The tabs are available for the following servers and
o p o r
spawners:
metadata server
f
object spawner
C o t
OLAP server
table server
47
4
7
4-34 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Server Monitoring –
Spawned Server Activity Tab
The Spawned Server Activity tab displays a graph of the
number of servers that were started by the selected
spawner over time. Only members of the SAS
Administrators group can view this tab.
c .
e In
t u t
s t i n .
4
8
48
I n t i o
S
A tri b u
Monitoring the SAS OLAP Server
t S s
You can monitor a SAS OLAP Server using different
i g h d i
plug-ins in SAS Management Console:
y r
r e
Server Manager
o p
f o r
SAS OLAP Server Monitor
C o t
N
49
4
9
4.2 Monitoring SAS Servers and Spawners 4-35
e In
t u t
s t i n .
5
0
50
I n t i o
S
A tri b u
Each client application connection establishes a session on the OLAP server.
The OLAPOPERATE procedure enables users to manage an OLAP server, its cubes, its sessions, and
t S
their queries. It is intended as a batch interface for many of the functions provided by the
s
OLAP Server Monitor plug-in for SAS Management Console.
g h d i
You can use PROC OLAPOPERATE to connect to an OLAP server and do the following:
i
r r e
• list sessions and queries for an active OLAP server
y
o f o r
• close individual active sessions
p
• cancel or close individual open result sets
C o t
• disable a cube or all cubes
• enable a cube or all cubes
N
• refresh a cube or all cubes
• stop the OLAP server
4-36 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2. Expand Services and Applications and select Services.
y r r e
o p f o r
C o t
N
3. Scroll down and locate the service named SAS [Config-Lev1] Object Spawner.
4. Check the status of the service.
4.2 Monitoring SAS Servers and Spawners 4-37
c .
e In
t u t
s t i n .
I n t i o
7. Click the Servers tab. The servers listed in the Selected servers pane are instantiated by this object
spawner.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8. Close the Properties window.
4-38 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
10. Right-click localhost and select Connect.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t If you receive the following error, “The application could not log on to the server
N “localhost:8581”. No server is available at that port on that machine.”, verify that the
object spawner service is running.
11. Review the contents of the Clients tab. This tab identifies the clients connected to the server/spawner.
4.2 Monitoring SAS Servers and Spawners 4-39
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-40 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
13. To use the object spawner to instantiate a server, expand Server Manager Ö SASApp.
14. Right-click SASApp - Logical Stored Process Server and select Validate.
c .
e In
t u t
s t i n .
I n t i o
15. Click
S
A tri u
in the Information window.
b
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.2 Monitoring SAS Servers and Spawners 4-41
16. Return to the Spawned Server Activity tab under Server Manager Ö
Object Spawner - LOCALHOST Ö localhost. The activity should be increased by one server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-42 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Exercises
c .
In
b. When the object spawner starts, it reads the metadataConfig.xml file in order to determine
how to connect to the metadata server.
t e
1) What user ID does the object spawner use to connect to the metadata server?
u
i t
2) Is the password for the user ID also stored in the file?
t .
I s i o n
3) Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English). Select Close. In the
n
Editor window, type the following code:
run;
S u t
proc pwencode in="Student1";
A tri b
Select Run Ö Submit. Locate the line in the Log window that begins with {sas002}.
S
Compare that value with the password in the metadataConfig.xml file.
h t i s
9. Monitoring the Workspace Server
r i g r e d
a. How are the advanced options of the SASMeta - Workspace Server and the SASApp - Workspace
Server different?
p y r
Hint: You can access the advanced options from the Options tab of the Properties window.
o
C o t f
b. Validate the SASApp - Logical Workspace Server. Does the validation change the object
spawner’s server count?
N oc. Expand SASApp - Logical Workspace Server Ö SASApp - Workspace Server and select
localhost. Right-click localhost and select Connect. How many workspace servers are currently
running?
d. Use SAS Enterprise Guide to open the Orion Star Customers table in the Orion Star Ö
Marketing Department Ö Data folder. Is there now a process under SASApp Ö
SASApp - Logical Workspace Server Ö SASApp - Workspace Server Ö localhost
in the Server Manager plug-in? If so, what is the process ID?
e. Stop the workspace server process from the Server Manager plug-in. In SAS Enterprise Guide,
select Tasks Ö Describe Ö List Data.... What effect did ending the workspace server process
have on the SAS Enterprise Guide session? Use the Server Manager plug-in to determine whether
a new process was started.
4.2 Monitoring SAS Servers and Spawners 4-43
e
t u t
to the workspace server’s configuration?
b. Use Windows Explorer to navigate to the other autoexec files referenced in the workspace
t i .
server’s autoexec.sas file. What other autoexec files contribute to the workspace server’s
configuration?
s n
I n
12. Monitoring the Stored Process Server
t i o
S
A tri b u
a. In SAS Management Console, locate the Options tab of the SASApp - Stored Process Server
properties. What multi-user credential is listed?
t S
b. Validate the stored process server.
s
i g h d i
Hint: Expand SASApp - Stored Process Server and right-click localhost.
c. How many processes are currently running for the stored process server?
y r r e
Hint: Right-click localhost and select Connect.
p o r
13. Exploring Stored Process Server Configuration Files
o f
C t
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcess Server.
o
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute to the stored
c .
e. Under the SAS OLAP Server Monitor plug-in, connect to the SASApp - Logical OLAP Server.
Expand SASApp - Logical OLAP Server. How many sessions are listed?
e In
t u t
f. Under the OLAP Server Monitor plug-in, expand SASApp - OLAP Schema. Which cubes are
associated with that schema? How many active queries are there on each cube?
t i .
g. In the SAS OLAP Server Monitor, connect to SASApp - Logical OLAP Server. Select
s n
SASApp - OLAP Server. Right-click on a session. What options are available to manage
the session?
I n t i o
S u
Do not select any of the options available for the session.
A tri b
t S If you do not currently have a session, return to SAS Enterprise Guide and follow
the demonstration steps to open a cube.
s
i g h d i
h. In the Server Manager plug-in, connect to and select SASApp - OLAP Server. On the Sessions
tab, right-click on a session. What options are available to manage the session?
y r r e
i. In the SAS OLAP Server Monitor, right-click SASApp - Logical OLAP Server. What options
o p f o r
are available to manage the server?
j. In the Server Manager plug-in, right-click SASApp - OLAP Server. What options are available
N
16. Exploring OLAP Server Configuration Files
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\OLAPServer.
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute
to the OLAP server’s configuration?
b. Compare sasv9.cfg and sasv9_trace.cfg.
1) How are these files different?
2) What is the purpose of the sasv9_trace.cfg file?
3) How would you get the OLAP server to use the sasv9_trace.cfg file?
c. Open both logconfig.xml and logconfig.trace.xml in the same TextPad window. Select Tools Ö
Compare Files… to compare the two files. What are the differences between the files?
4.3 Logging SAS Servers and Spawners 4-45
Objectives
Explore the SAS 9.2 logging facility.
Enable server logging.
Modify server logging configuration.
c .
e In
t u t
s t i n .
I n t i o
54 S
A tri b u
S
5
4
h t i s
r i g r e d
SAS 9.2 Logging Facility
The SAS 9.2 logging facility is a flexible, configurable
p y o r
framework that
categorizes and filters log messages in SAS server
C o t f
and SAS programming environments
writes log messages to various output devices.
N o
55
5
5
4-46 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
I n t i o
S u
The SAS Deployment Wizard automatically enables logging for most SAS servers.
A tri b
t S s
Loggers and Appenders
i g h d i
Loggers and appenders define what messages are
y r e
captured and where they are sent.
r
o p
Loggers
C o t
Appenders represent a specific output destination for
57
5
7
4.3 Logging SAS Servers and Spawners 4-47
Loggers
SAS server logger names begin with one of the following
categories, which process the following types of events:
e
For servers that use Integrated Object Model In
t u t
(IOM) workspace server interface
Perf
s t i
Related to performance
n .
5
8
58
I n t i o
S
A tri b u
The App loggers process log events related to specific applications such as metadata servers,
OLAP servers, stored process servers, and workspace servers.
t S
The IOM interface provides access to Foundation SAS features such as the SAS language, SAS libraries,
s
the server file system, results content, and formatting services. IOM servers include metadata server,
i g h d i
OLAP servers, stored process servers, and workspace servers.
y r r e
o p Loggers
f o r
These are some sample loggers useful for monitoring the
C o t
metadata server and metadata:
App.Meta – the default category for general metadata
59
5
9
Audit.Meta.Security captures changes including those made to permissions, permission settings, ACTs,
changes to role memberships, changes to users, groups, roles, logins, and authentication domains.
4-48 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
The following table shows the logging configuration that is created initially for each SAS server:
Server Rolling Log File and Operating System ARM Logging Facility
SAS Management Facility
Console Log Tab
t i
FATAL)
• All other events
s n
(ERROR or FATAL) .
SAS OLAP Server
I n t i
• Admin events
o
(ERROR and FATAL)
Admin.Operation events Performance-related
S
A tri b u
• All other events
(ERROR or FATAL)
(ERROR and FATAL) events to support cube
testing and tuning
captured in a log file if
t S s
the logging level is
modified
i g h
SAS Pooled Workspace
d i • Admin events None None
Server
o p f o r events (INFO,
WARN, ERROR, and
FATAL)
Server Rolling Log File and Operating System ARM Logging Facility
SAS Management Facility
Console Log Tab
e In
SAS Workspace Server None
t u t Admin.Operation events
(ERROR and FATAL)
Performance-related
events available for
s t i n .
display in SAS Data
Integration Studio
t
WARN, ERROR, and
i o Admin.Session events
(ERROR and FATAL)
Performance-related
events captured in a log
S
A tri
FATAL)
t S
SAS/CONNECT Server
s
None Admin.Session events
modified
Performance-related
i g h d i (INFO, WARN,
ERROR, and FATAL)
events available for
display in SAS Data
y r r e Integration Studio
o p f o r
C o t
N
4-50 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Diagnostic Levels
Log events have an associated diagnostic level:
TRACE Fine-grained informational events intended for
SAS Technical Support
DEBUG Fine-grained informational events useful in
debugging an application and intended for
SAS Technical Support
c .
In
INFO Informational events that highlight the process
of an application
WARN
t e
Warning events or minor problems external
to the application
u
ERROR
t i t
Error events that might still enable the
.
application to continue running
60
FATAL
I s i o n
Very severe events that will most likely cause
n
the application to end
t
6
0
S
A tri
WARN, ERROR, FATAL.
b u
The logging levels are listed from the lowest (most detailed) to the highest: TRACE, DEBUG, INFO,
t S s
i g h
Appenders
d i
y r messages:
r e
SAS has several appender classes for processing
o p f o r
Appenders to log messages to an operating system
(ConsoleAppender, ZOSWtoAppender)
C o t
An IOM server appender to log messages from
any IOM server (IOMServerAppender)
61
6
1
For more information about the SAS Logging Facility, refer to the SAS® 9.2 Logging Configuration and
Programming Guide.
4.3 Logging SAS Servers and Spawners 4-51
IOMServerAppender and
SAS Management Console
The IOM Server Appender writes log messages from
IOM servers to a volatile run-time cache. The contents of
the cache are available for display in SAS Management
Console.
Use the Server Manager options to specify a message
level or threshold filter level.
c .
e In
t u t
s t i n .
6
2
62
I n t i o
S
A tri b u
Server Manager Plug-in Option
t S s
The option settings filter the events that are already being
i g h d i
generated based on the server’s logging settings.
y r Message
r e specifies a specific level of messages
o p
Level
C o t
Threshold
Level
specifies the lowest level of messages
to be displayed in SAS Management
Console.
N
63
6
3
4-52 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Appenders
Appender specifications can include additional
parameters to specify the following:
filename (fileNamePattern)
64
I s
with the logging event
n i o n
t
6
4
S
A tri b u
The date conversion specifier, %d, can be followed by a set of braces containing a date and
time pattern string such as %d{HH:mm:ss,SSS} or %d{DATE}.
t S
Additional Conversion Characters
s
i g h d i
Conversion Character Description
o
S p f o r Used to output the level of the logging event.
C o t followed by the key for the system information desired, placed between
braces, for example, %S{os_name}.
e
modify the server’s logconfig.xml file In
t u t
s t i n .
6
5
65
I n t i o
S
A tri b u
Adjusting Logging Levels Dynamically
t S s
The dynamic changes affect all logging produced by the
i g h d i
server in question, but does not modify the logconfig.xml
file. The changes persist until changed dynamically or the
y r r e
server is restarted.
o p f o r
C o t
N
66
6
6
The Audit.Meta logger by default inherits the Information logging level from its parent, Audit.
You can assign a different level for this logger.
When the server is restarted, it rereads the logconfig.xml file.
4-54 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
t u t
Do not modify the logconfig.trace.xml logging
t i .
configuration files unless you are requested
s n
to do so by SAS Technical Support.
6
7
67
I n t i o
S
A tri b u
Using Alternative Logging Configuration Files
t S s
To use an alternative logging configuration file, follow
i g h
these steps:
d i
1. Stop the server if it is running.
y r r e
2. Rename the server’s logconfig.xml file to
o p o r
logconfig_orig.xml.
3. Rename the server’s logconfig.trace.xml file
f
to logconfig.xml.
C o t
4. Restart the server if necessary.
5. When troubleshooting is complete, stop the server
68
6
8
4.3 Logging SAS Servers and Spawners 4-55
c .
In
If you elect to modify the server’s logconfig.xml file,
make a backup copy first.
u t e
t i t .
69
I n s i o n
t
6
9
S
A tri b
Logging SAS OLAP Servers
u
t S s
By default, a SAS OLAP Server collects log information in:
i g h
system log
d i stored in a file that is refreshed daily
o p ARM log
f o r
stored in a file created at server start
receives no messages by default
C o t because Perf.ARM.OLAP_Server
logger is set to warn
during the testing and tuning of cubes,
N
change logging level from WARN to
INFO to begin receiving messages
70
7
0
4-56 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Exercises
e In
t t
3) What format are the messages written in?
u
The server’s sasv9.cfg file’s LOGCONFIGLOC option identifies where the
t i .
server’s logging configuration file is stored.
s n
I n
b. Make a backup copy of the logconfig.xml file.
t i o
c. To capture metadata server management events in the system facility appender, insert the
S
A tri b u
following lines above the last line of the file (<\logging:configuration>):
<appender name=”eventLog” class=”WindowsEventAppender”>
t S
<param name=”Threshold” value=”Warn”/>
<layout>
s
<param name=”ConversionPattern”
i g h d
</layout>
i
value=”%d{yyyyMMdd:HH.mm.ss.SS}: %m”/>
e
</appender>
y r r
<logger name=”App.Meta.Mgmt”>
<level value=”Info”/>
r
p
<appender-ref ref=”eventLog”/>
o tf o
</logger>
C o
This XML can be found in the appender.xml file in the S:\Workshop\spaft folder.
e In
u t
c. Use Windows Explorer to navigate to the location of the object spawner log files. Verify that
the filenames and file contents follow the formats described in the logconfig.xml file.
t
t i
19. Exploring Workspace Server Logging
s n .
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\Workspace Server.
I n
Open logconfig.xml with TextPad.
t i o
S
A tri b u
1) Are log messages written to a file?
2) Are log messages written to the Windows Event Viewer?
t S
b. Create a log file for workspace server troubleshooting.
s
i g h d i
1) Using Windows Explorer, verify that users of the workspace server are granted Read, Write,
and Execute access to the workspace server’s Logs directory.
y r r e
Hint: In Windows Explorer, right-click on the Logs directory and select Properties.
o p o r
Select the Security tab. Select Users (LOCALHOST\Users) from the list of groups and
users. Verify that Read & Execute are allowed. Allow Write and select Apply.
f
C o t
2) Rename the logconfig.xml file in C:\SAS\Config\Lev1\SASApp\Workspace Server
as logconfig_orig.xml.
e In
t
d. Examine the pooled workspace server’s logconfig.xml file. Where are the server’s logs written?
Locate the most recent log and examine its contents.
t u
s i
e. (Optional) Examine the pooled workspace server’s sasv9.cfg file. What other configuration files
t n .
contribute to the pooled workspace server’s configuration?
I n o
f. (Optional) Examine the pooled workspace server’s autoexec.sas file. What other autoexec files
t i
contribute to the pooled workspace server’s configuration?
S u
21. Exploring Stored Process Server Logging
A tri b
t S
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
Open logconfig.xml with TextPad.
s
i g h d i
1) Are log messages written to a file?
y r e
2) Are log message written to the Windows Event Viewer?
r
o p f o r
b. Use Windows Explorer to navigate to the location of the stored process server log files. Verify
that the filename and file contents follow the formats described in the logconfig.xml file.
C o t
c. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
Open logconfig.trace.xml with TextPad.
e In
t
Hint: The ARM log messages are written to a filename of performance_%d_%s{pid}.arm
in C:\SAS\Config\Lev1\SASApp\OLAPServer\Logs.
t u
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-60 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
Objectives
Explore how to troubleshoot SAS servers.
Use the SAS Deployment Manager to update
passwords for system accounts.
c .
e In
t u t
s t i n .
I n t i o
73 S
A tri b u
S
7
3
h t i s
r i g r e d
Troubleshooting SAS Servers
If you are unable to connect to or use a server, perform
p y o r
the following tasks:
Verify that the server is running at the operating
C o t fsystem level.
For the workspace and stored process servers, verify
74
7
4
4.4 Troubleshooting SAS Servers 4-61
c .
e In
t u t
s t i n .
7
5
75
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-62 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
7
6
76
I n t i o
S
A tri
• SAS Administrator
b u
Service accounts include the accounts associated with the following metadata identities:
t S
• SAS Trusted User
• SAS Anonymous Web User
s
h
• SAS General Servers
i g d i
r r e
The passwords for these accounts are stored in the metadata and, except for the SAS General Servers
y
account(s), they are also stored in certain configuration files. To update accounts that occur only
o p f o r
in the metadata you can use either SAS Management Console or the
SAS Deployment Manager.
C o t
N
4.4 Troubleshooting SAS Servers 4-63
t e
SAS Information Delivery Portal
when you remove its
u
Rebuild Web
t t
configuration.
i .
rebuilds WAR and EAR files with
77
Applications
I n s i o n
custom user content.
t
7
7
S
A tri
SAS Deployment Managerb u
t S s
The utility updates both configuration files and metadata:
i g h d i
You can update multiple passwords in a single pass.
y r r e
You must run the utility on each machine that hosts
affected components starting with the metadata
o p o r
server.
If you enter a plaintext password, the utility encodes
f
the password using SAS proprietary encoding.
C o t
Service accounts that you introduce in SAS
Management Console are not managed by this tool.
N
78
7
8
For more information about the SAS Deployment Manager, refer to the SAS® Intelligence Platform:
Security Administration Guide.
You can use PROC PWENCODE to encode passwords for use in SAS programs or text files.
The sas001 method uses base64 to encode passwords. The sas002 method (SASProprietary encoding)
uses a 32-bit key to encode passwords and is the default. The sas003 method (AES encryption) uses
a 256-bit key to encode passwords.
4-64 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
7
9
79
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-65
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2. Expand Services and Applications and select Services.
s
i g h d i
y r r e
o p f o r
C o t
N
4-66 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
3. Right-click on the SAS [Config-Lev1] SASMeta - Metadata Server service and select Stop.
c .
e In
t u t
s t i n .
4. Click
I n o
to stop dependent services.
t i
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-67
5. With the SAS [Config-Lev1] SASMeta - Metadata Server service highlighted, right-click and select
Start.
c .
e In
t u t
s t i n .
I n t i o
S
6. Use Windows Explorer to navigate to C:\Program Files\SAS\SASDeploymentManager\9.2.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-68 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
7. Double-click config.exe.
c .
e In
t u t
9. Accept the default, Update Passwords, and click .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-69
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-70 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-71
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-72 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
13. Provide the user ID and password of an unrestricted user in order to connect to the metadata server
and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-73
14. Select the user IDs for which the passwords should be updated. For this demonstration, select
webanon@saspw. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-74 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-75
16. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-76 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.4 Troubleshooting SAS Servers 4-77
18. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-78 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
19. Review the document created. This HTML file is stored in the configuration directory. In class,
the file is in C:\SAS\Config\Lev1\Documents\.
c .
e In
t u t
s t i n .
I n t i o
S
20. Restart the other services:
A tri b u
t S
• SAS [Config-Lev1] Connect Spawner
• SAS [Config-Lev1] Object Spawner
s
i g h d i
• SAS [Config-Lev1] SASApp - OLAP Server
• SAS [Config-Lev1] Share Server
r r e
• SAS [Config-Lev1] SASTS - Table Server
y
o p f o r
• SAS [Config-Lev1] Remote Services
• JBoss - SASServer1
C o t
N
4.5 Solutions to Exercises 4-79
e In
OLAP Server
C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\
s t i .
PooledWorkspaceServer.bat
n
Stored Process Server
I n C:\SAS\Config\Lev1\SASApp\StoredProcessServer\
i o
StoredProcessServer.bat
t
Workspace Server
S
A tri b uC:\SAS\Config\Lev1\SASApp\WorkspaceServer\
WorkspaceServer.bat
t S
Connect Server
s
C:\SAS\Config\Lev1\SASApp\ConnectServer\ConnectServer.bat
i g h
SAS Java Batch Server
d i C:\SAS\Config\Lev1\ReportBatch\rptbatch.bat
y r e
If a Windows service is used to start the OLAP server, the command line is
r
"C:\Program Files\SAS\SASFoundation\9.2\sas.exe" –config
o p f o r
"C:\SAS\Config\Lev1\SASApp\OLAPServer\sasv9.cfg"
C o t
Use the information from the previous exercise and Windows Explorer to find the root folder for each
of the following servers in the SASApp context:
N Server Name
C:\SAS\Config\Lev1\SASApp\BatchServer
c .
In
OLAP Server SAS [Config-Lev1] SASApp - OLAP Server
u t e
Workspace Server
t i t .
Connect Server
I n s i o n
SAS [Config-Lev1] Connect Spawner
S
4. Identifying the Command Line
u t
S A tri b
Use the Server Manager to find the command line for each of the following servers in the
h t
SASMeta context:
i s
r
i g r e d
Not all servers have this information stored in the metadata.
p y r
SAS DATA Step Batch
o
C:\SAS\Config\Lev1\SASMeta\BatchServer\sasbatch.bat
C o t f
Server
* If a Windows service is used to start the metadata server, the command line is
"C:\Program Files\SAS\SASFoundation\9.2\sas.exe" –config
"C:\SAS\Config\Lev1\SASMeta\MetadataServer\sasv9.cfg".
4.5 Solutions to Exercises 4-81
Metadata Server
Workspace Server
C:\SAS\Config\Lev1\SASMeta\MetadataServer
C:\SAS\Config\Lev1\SASMeta\WorkspaceServer
c .
6. Identifying the Windows Services
e In
t u t
Right-click on the My Computer icon on the desktop and select Manage. Identify the service for
each of the following servers in the SASMeta context:
Server Name
s t i n . Service Name
I n
SAS DATA Step Batch Server
t i o
Metadata Server
S
A tri
Workspace Server
b uSAS [Config –Lev1] SASMeta – Metadata Server
t S
Not all servers are associated with a service.
s
h d i
7. Identifying the Different Types of Workspace Servers
i g
r r e
a. In SAS Management Console, expand Server Manager Ö SASApp. Notice that there are two
y workspace servers: SASApp - Logical Pooled Workspace Server and SASApp - Logical
o p f o r
Workspace Server.
C o t
N
4-82 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
1) Select the Load Balancing tab. A server-side pooled workspace server is load-balanced by the
S
object spawner.
A tri b u
2) Close the Properties window.
t S s
i g h d i
y r r e
o p f o r
C o t
N c. Expand SASApp - Logical Pooled Workspace Server Ö SASApp - Pooled Workspace Server.
4.5 Solutions to Exercises 4-83
c .
e In
t u t
s t i n .
run are listed.
I n t i o
2) Select the Options tab. The multi-user credentials under which the instances of the server
S
d. Close the Properties window.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-84 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
8. Examining the Object Spawner’s metadataConfig.xml File
i
y r r e
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\ObjectSpawner\.
o p f o r
Open metadataConfig.xml with TextPad.
b. When the object spawner starts, it reads the metadataConfig.xml file in order to determine how
C o t
to connect to the metadata server.
1) What user ID does the object spawner use to connect to the metadata server?
N User ID = "sastrust@saspw"
2) Is the password for the user ID also stored in the file?
Yes, but it is encoded.
3) Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English). Select Close. In the Editor
window, enter the following code:
proc pwencode in="Student1";
run;
Select Run Ö Submit. Locate the line in the Log window that begins with {sas002}.
Compare that value with the password in the metadataConfig.xml file.
They are the same.
4.5 Solutions to Exercises 4-85
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
2) Right-click SASMeta - Workspace Server and select Properties.
i g h d i
y r r e
o p f o r
C o t
N
4-86 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-87
4) Select the Launch Properties tab. The Allow XCMD option is checked by default.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
5) Close the Advanced Properties and Properties windows.
i
r r e
6) Expand SASApp Ö SASApp - Logical Workspace Server.
y
o p f o r
C o t
N
4-88 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
8) Select the Options tab and select Advanced Options.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-89
9) Select the Launch Properties tab. The Allow XCMD option is not checked by default.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
10) Close the Advanced Properties and Properties windows.
i
y r r e
o p f o r
C o t
N
4-90 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
b. Validate the SASApp - Logical Workspace Server. Does the validation change the object
spawner’s server count?
1) Select Server Manager Ö Object Spawner - LOCALHOST Ö localhost Ö Spawned
Server Activity. You must be connected to the object spawner to see the spawned activity.
If you are not connected to the object spawner, right-click localhost and select Connect.
2) Right-click SASApp - Logical Workspace Server and select Validate.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) If you receive the following error, “The user ‘SAS Administrator’ could not log on to the
o p f o r
server ‘SASApp - Logical Workspace Server’.”, select OK.
C o t
N
4.5 Solutions to Exercises 4-91
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
5) Right-click SASApp - Logical Workspace Server and select Validate.
i g
y r r e
o p f o r
C o t
N
4-92 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
7) Select Details <<.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
8) Select OK to close the Information window.
9) Select Server Manager Ö Object Spawner - LOCALHOST Ö localhost Ö
C o tSpawned Server Activity. The server’s count will likely not be changed because the server
validation only opens a workspace server temporarily. The server process is shut down when
c. Expand SASApp - Logical Workspace Server Ö SASApp - Workspace Server and select
localhost.
c .
e In
t u t
s t i n .
I n t i o
Right-click localhost and select Connect. There are currently no workspace server processes
running.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-94 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
d. Use SAS Enterprise Guide to open the Orion Star Customers table in the Orion Star Ö
Marketing Department Ö Data folder. Is there now a process under SASApp Ö
SASApp - Logical Workspace Server Ö SASApp - Workspace Server Ö localhost
in the Server Manager plug-in? If so, what is the process ID?
1) Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2.
2) Select New Project.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) Select File Ö Open Ö Data….
o p f o r
C o t
N
4.5 Solutions to Exercises 4-95
c .
e In
t u t
s t i n .
I n
6) Under SASApp – Workspace Server, expand localhost.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Select the process and view the client information.
4-96 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
e. Stop the workspace server process from the Server Manager plug-in. In SAS Enterprise Guide,
select Tasks Ö Describe Ö List Data…. What effect did ending the workspace server process
have on the SAS Enterprise Guide session? Use the Server Manager plug-in to determine whether
a new process was started.
1) Right-click on the process ID and select Stop.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Select OK.
C o t
N
4.5 Solutions to Exercises 4-97
3) Return to SAS Enterprise Guide and select Tasks Ö Describe Ö List Data….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g
4) Clickh d i
in the Disconnect? window.
y r r e
o p f o r
C o t
N
4-98 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
5) Return to SAS Management Console and select SASApp Ö SASApp - Logical Workspace
Server Ö SASApp - Workspace Server Ö localhost. There is a new process representing
the workspace server spawned for SAS Enterprise Guide. SAS Enterprise Guide seamlessly
reconnected to a workspace server.
c .
e In
t u t
s t i n .
I n t i o
10. Exploring Workspace Server Configuration Files
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\Workspace Server.
S
A tri b u
Open sasv9.cfg. According to the sasv9.cfg file what configuration files contribute to the
workspace server’s configuration?
t S
/* Include config files */
s
i g h d i
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg" (1)
y r e
-config "C:\SAS\Config\Lev1\SASApp\WorkspaceServer\sasv9_usermods.cfg" (2)
r
o p o r
b. Use Windows Explorer to navigate to the other configuration files referenced in the workspace
server’s sasv9.cfg. What other configuration files contribute to the workspace server’s
f
configuration?
b. Use Windows Explorer to navigate to the other autoexec files referenced in the workspace
server’s autoexec.sas file. What other autoexec files contribute to the workspace server’s
configuration?
* Include autoexec files */ (11a #1)
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas";
(11a #2) is empty.
(11a #3) is empty.
c .
12. Monitoring the Stored Process Server
e
a. In SAS Management Console, expand Server Manager Ö SASApp Ö SASApp - Logical In
t u t
Stored Process Server Ö SASApp - Stored Process Server.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
1) Right-click SASApp - Stored Process Server and select Properties.
o p o r
2) Select the Options tab. The multi-user credentials are listed. Close the Properties window.
f
C o t
N
4-100 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
1) Click
S
A tri b u
and review the messages in the Information window.
t S s
i g h d i
y r r e
o p f o r
C o t
N
2) Click to close the Information window.
4.5 Solutions to Exercises 4-101
c. Right-click localhost and select Connect. A process appears in the Processes tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. Exploring Stored Process Server Configuration Files
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcess Server.
Open sasv9.cfg. According to the sasv9.cfg file, what configuration files contribute to the stored
process server’s configuration?
/* Include config files */
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg" (1)
-config "C:\SAS\Config\Lev1\SASApp\StoredProcessServer\sasv9_usermods.cfg" (2)
4-102 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
b. Use Windows Explorer to navigate to the other configuration files referenced in the stored process
server’s sasv9.cfg. What other configuration files contribute to the stored process server’s
configuration?
/* Include config files */ (13a #1)
-config "C:\Program Files\SAS\SASFoundation\9.2\sasv9.cfg"
-config "C:\SAS\Config\Lev1\SASApp\sasv9_usermods.cfg"
(13a #2) is empty.
c .
14. Exploring Stored Process Server Autoexec Files
e
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer. In
t u t
Open autoexec.sas using TextPad. According to the file, what other autoexec files contribute
to the stored process server’s configuration?
t i
/* Include autoexec files */
s n .
I n t i o
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec.sas"; (1)
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas"; (2)
S
A tri b u
%include "C:\SAS\Config\Lev1\SASApp\StoredProcessServer\autoexec_usermods.sas"; (3)
t S
b. Use Windows Explorer to navigate to the other autoexec files referenced in the stored process
s
server’s autoexec.sas file. What other autoexec files contribute to the stored process server’s
i g h
configuration?
d i
y r e
* Include autoexec files */ (14a #1)
r
o p f o r
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas";
(14a #2) is empty.
C o t
(14a #3) is empty.
N
15. Monitoring the OLAP Server
a. Use the Server Manager plug-in to validate the OLAP server. In SAS Management Console,
expand Server Manager Ö SASApp - Logical OLAP Server.
4.5 Solutions to Exercises 4-103
c .
e In
t u t
2) Click
s t i n .
in the Information window. Review the messages in the window.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Click to close the Information window.
4-104 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
2) Select the Sessions tab. There are currently no sessions.
o p f o r
C o t
N
4.5 Solutions to Exercises 4-105
c. Use SAS Enterprise Guide to open a cube by selecting Start Ö All Programs Ö SAS Ö
Enterprise Guide 4.2.
1) Select New Project.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2) Select File Ö Open Ö OLAP Cube....
s
i g h d i
y r r e
o p f o r
C o t
N
4-106 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
3) Navigate to SAS Folders Ö Orion Star Ö Marketing Department Ö Data and select
Orion Star Customer Order Cube Ö Open.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
d. Return to the Server Manager plug-in and view the contents of the Sessions tab. How many
r
sessions are listed?
o p f o r
There is now one session listed.
C o t
N
4.5 Solutions to Exercises 4-107
e. Under the SAS OLAP Server Monitor plug-in, expand SAS OLAP Server Monitor Ö
SASApp - Logical OLAP Server.
c .
e In
t u t
s t i n .
I n t i o
1) Right-click SASApp - Logical OLAP Server and select Connect.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-108 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
2) Click .
c
3) Select and expand SASApp - OLAP Server to see the active and inactive sessions on the.
In
server.
There are two sessions listed.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
4.5 Solutions to Exercises 4-109
f. Under the OLAP Server Monitor plug-in, expand SASApp - OLAP Schema. Which cubes are
associated with that schema? How many active queries are there on each cube?
Select and expand SASApp - OLAP Schema to see the cubes associated with that schema
and the number of active queries on each cube.
There are three cubes associated with SASApp - OLAP Schema: Chocolate Enterprises
Sales Cube, Orion Star Customer Order Cube, and Sales Order Cube.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
Disable a cube to coalesce aggregations, rebuild the cube, or update cube data. Enable
t S
a cube to process new queries. If you restart your SAS OLAP Server, all of the cubes that
are accessed by that server are enabled by default.
s
i g h d i
g. In the SAS OLAP Server Monitor, connect to SASApp - Logical OLAP Server. Select
SASApp - OLAP Server. Right-click on a session. What options are available to manage
y r
the session?
r e
o p f o r
C o t
N
h. In the Server Manager plug-in, connect to and select SASApp – OLAP Server. On the Sessions
tab, right-click on a session. What options are available to manage the session?
End
4-110 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
i. In the SAS OLAP Server Monitor, right-click SASApp - Logical OLAP Server. What options are
available to manage the server?
c .
e In
t u t
s t i n .
I n t i o
S
manage the server?
A tri b u
j. In the Server Manager plug-in, right-click SASApp - OLAP Server. What options are available to
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-111
c .
-config "C:\SAS\Config\Lev1\SASApp\OLAPServer\sasv9_usermods.cfg"
e
b. Compare sasv9.cfg and sasv9_trace.cfg. In
u t
1) How are these files different?
t
t i
The trace.cfg file does not use the sasv9_meta.cfg; it uses
.
the sasv9.cfg file from C:\SAS\Config\Lev1\. The trace file uses the trace logging
s n
configuration file. The trace file includes additional journaling options and the
I n
NETENCRALG option.
t i o
S
2) What is the purpose of the sasv9_trace.cfg file?
A tri b u
It is used for when you want to obtain logs with the TRACE option for more detailed
information. This file works in conjunction with logconfig_trace.xml.
t S
3) How would you get the OLAP server to use the sasv9_trace.cfg file?
s
i g h d i
Rename the existing sasv9.cfg file found in the directory, and replace it with the trace
version. This requires that you restart your SAS OLAP Server process before the new
y r e
configuration file is used.
r
o p o r
c. Open both logconfig.xml and logconfig.trace.xml in the same TextPad window. Select Tools Ö
Compare Files… to compare the two files. What are the differences between the files?
f
The conversion pattern for the rolling log files is slightly different. The levels for two loggers
C t
(App and Perf.ARM.OLAP_SERVER) are set to a more detailed level in the trace file. In
o
the logconfig file, App is set to Info, and Perf.ARM.OLAP_SERVER is set to Warn. In the
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-113
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-114 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c. To capture metadata server management events in the system facility appender, insert code in the
logconfig.xml file.
1) Right-click on the logconfig.xml file and select TextPad to open the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Insert the following lines above the last line of the file (</logging:configuration>):
C o t
<appender name="eventLog" class="WindowsEventAppender">
<param name="Threshold" value="Warn"/>
N <layout>
<param name="ConversionPattern" value="%d{yyyyMMdd:HH.mm.ss.SS}: %m"/>
</layout>
</appender>
<logger name="App.Meta.Mgmt">
<level value="Info"/>
<appender-ref ref="eventLog"/>
</logger>
This XML code can be found in the appender.xml file in the S:\Workshop\spaft folder
on your image.
4.5 Solutions to Exercises 4-115
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
d. Restart the metadata server.
y r r e
Use Windows Services or SAS Management Console to restart the metadata server.
o p f o r
C o t
N
4-116 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Type Capture metadata server events in system facility appender
in the Pause Comment dialog box. Click .
C o t
N
4.5 Solutions to Exercises 4-117
f. Right-click on the My Computer icon on the desktop and select Manage. Expand System Tools Ö
Event Viewer and select System.
1) Refresh the view and double-click on the most recent information type entry from the Service
Control Manager.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-118 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-119
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-120 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
18. Exploring Object Spawner Logging
o p o r
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\ObjectSpawner\.
f
Open logconfig.xml with TextPad.
C o t
b. The object spawner uses this file to determine what to log and where to send it to.
c .
c. Use Windows Explorer to navigate to the location of the object spawner log files. Verify that the
In
filenames and file contents follow the formats described in the logconfig.xml file.
u t e
They do follow the formats described in the logconfig.xml file.
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
4-122 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i
19. Exploring Workspace Server Logging
n .
I n
Open logconfig.xml with TextPad.
t i o
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\Workspace Server.
S
A tri b u
1) Are log messages written to a file? No
t S
2) Are log message written to the Windows Event Viewer? Yes
s
i g h d i
b. Create a log file for workspace server troubleshooting.
1) Using Windows Explorer, verify that users of the workspace server were granted Read,
y r r e
Write, and Execute access to the workspace server’s Logs directory.
o p f o r
a) Right-click on the Go to the logs folder and select Properties.
C o t
N
4.5 Solutions to Exercises 4-123
b) Click the Security tab to verify that users have the correct access with the Allow check
boxes selected.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-124 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-125
b) Press the END key and add _orig to the filename. Press ENTER to rename the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-126 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-127
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-128 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
4) Use SAS Enterprise Guide to open a table. Close SAS Enterprise Guide.
a) Select Start ÖAll Programs ÖSAS ÖEnterprise Guide 4.2.
b) Select New Project.
c) Select File Ö Open Ö Data.
d) Select
Click
from the left pane and SASApp from the pane on the right.
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-129
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
f) Select
d i
and then click .
y r r e
o p f o r
C o t
N
4-130 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-131
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4-132 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o f o r
20. Validating, Monitoring, and Logging the Pooled Workspace Server
pa. Use SAS Management Console to validate the pooled workspace server.
C o t
1) Open SAS Management Console by selecting Start Ö All Programs Ö SAS Ö
SAS Management Console 9.2.
c .
e In
u t
4) Expand Server Manager Ö SASApp. Right-click SASApp - Logical Pooled Workspace
t
s i
Server and select Validate.
t n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click to close the Information dialog box.
4-134 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
b. In SAS Management Console, use the object spawner’s Spawned Server Activity tab to verify that
a new process was spawned. How is this process different than the standard workspace server
instantiated during the Validate step?
The pooled workspace server session does not shut down when the validation is complete
unlike the standard workspace server.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
c. In SAS Management Console, expand SASApp - Logical Pooled Workspace Server Ö
y
o p f o r
SASApp - Pooled Workspace Server. Right-click localhost and select Connect. What user ID
owns the process listed in the Processes tab?
sassrv@LOCALHOST
C o t
N
d. Examine the pooled workspace server’s logconfig.xml file. Where are the server’s logs written?
Locate the most recent log and examine its contents.
C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\Logs
e. (Optional) Examine the pooled workspace server’s sasv9.cfg file. What other configuration files
contribute to the pooled workspace server’s configuration?
/* Include config files */
-config "C:\SAS\Config\Lev1\SASApp\sasv9.cfg"
-config "C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\sasv9_usermods.cfg"
4.5 Solutions to Exercises 4-135
f. (Optional) Examine the pooled workspace server’s autoexec.sas file. What other autoexec files
contribute to the pooled workspace server’s configuration?
/* Include autoexec files */
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec.sas";
%include "C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas";
%include
"C:\SAS\Config\Lev1\SASApp\PooledWorkspaceServer\autoexec_usermods.sas";
c .
21. Exploring Stored Process Server Logging
e
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer. In
Open logconfig.xml with TextPad.
t u t
s i
1) Are log messages written to a file? Yes
t n .
2) Are log message written to the Windows Event Viewer? No
I n t i o
b. Use Windows Explorer to navigate to the location of the stored process server log files. Verify
that the filename and file contents follow the formats described in the logconfig.xml file.
S
A tri b u
Format of filename: SASApp_STPServer_%d_%S{pid}.log
t S
Format of file contents: %d %-5p [%t] %X{Client.ID}:%u - %m
s
g h d i
c. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\StoredProcessServer.
Open logconfig.trace.xml with TextPad.
i
y r r e
1) Would these settings write log messages to a file? Yes
o p f o r
2) Would these settings write log messages to the Windows Event Viewer? Yes
22. Exploring OLAP Server Logging
C o t
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\OLAPServer.
N Open logconfig.xml with TextPad. What file are the log messages written to?
C:\SAS\Config\Lev1\SASApp\OLAPServer\Logs\SASApp_OLAPServer_%d_%S{pid}.log
b. Use Windows Explorer to navigate to the location of the OLAP server log files. Verify that the
filename and file contents follow the formats described in the logconfig.xml file.
Format of filename: SASApp_OLAPServer_%d_%S{pid}.log
Format of file contents: %d %-5p [%t] %X{Client.ID}:%u - %m
4-136 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c. Use the Server Manager plug-in to dynamically set the Perf.ARM.OLAP_SERVER logger level
to Information. Open a cube in SAS Enterprise Guide. View the log in the Server Manager
plug-in. Reset the Perf.ARM.OLAP_SERVER logger level to Warning.
1) Expand Server Manager Ö SASApp Ö SASApp - Logical OLAP Server. Right-click
SASApp - OLAP Server and select Connect.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-137
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3) Scroll to the bottom, right-click on the Perf.ARM.OLAP_SERVER logger, and
C o t
select Properties.
N
4-138 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
5) Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2. Select New Project.
6) Select File Ö Open Ö OLAP Cube….
t S s
7) Select Orion Star Customer Order Cube and click .
i g h d i
y r r e
o p f o r
C o t
N
4.5 Solutions to Exercises 4-139
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
8) Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\OLAPServer\Logs
i g
y r r e
and locate the most recent performance log file. Open the file and review the ARM messages
and close the file.
o p f o r
C o t
N
4-140 Chapter 4 Monitoring, Logging, and Troubleshooting SAS® Servers
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
®
Chapter 5 Backing Up the SAS
Environment
In
Wizard ........................................................................................................ 5-12
e
t u t
Exercises .............................................................................................................................. 5-27
5.2
t i .
Exploring OMABAKUP ................................................................................................. 5-29
s n
I n
Demonstration: Exploring OMABAKUP ............................................................................... 5-37
t i o
Exercises .............................................................................................................................. 5-41
5.3 S
A tri b u
Scheduling Backups .................................................................................................... 5-42
t S
Demonstration: Modifying the SASMeta DATA Step Batch Server ...................................... 5-45
s
i g h d i
Exercises .............................................................................................................................. 5-47
5.4
y r r e
Backing Up Physical Files ........................................................................................... 5-49
o p f o r
Demonstration: Locating Additional Content to Backup....................................................... 5-54
C 5.5
t
Solutions to Exercises ................................................................................................. 5-56
o
N
5-2 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-3
Objectives
Identify why you need to perform backups and what
needs to be backed up.
Explore best practices for backing up your system.
Identify the features of the OMABAKUP macro.
c .
In
u t e
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r i g r e d
Best Practices for Backing Up Your System
You should regularly perform full backups, including
p y o r
the following items:
metadata and related content
C o f
physical files
t
N o If you ever need to restore your environment, perform
a full restore that includes all the files listed above.
4
4
5-4 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-5
Backing Up Metadata
SAS provides a macro named OMABAKUP that creates
a backup of the following files with minimal disruption
in service:
metadata repositories
repository manager
c .
In
metadata server configuration files
u t e
OMABAKUP can also be used to restore the backup files
t i t .
6
I n s i o n
t
6
• omaconfig.xml S
A tri b u
The following metadata server configuration files are backed up:
• adminUsers.txt
t S s
• trustedUsers.txt
g h
• logconfig.xml
i d i
r r e
If you choose to use operating system commands to backup the metadata repositories and repository
y
o f o r
manager, you must make sure the metadata server is paused to an offline state before taking the backup.
p If the metadata server is online or paused to an administration state, the backup files will not
C o t
be usable.
N
5-6 Chapter 5 Backing Up the SAS® Environment
OMABAKUP
The macro is available in the following ways:
as part of the backup and restore programs provided
with your installation
in the code generated by the Backup Wizard in
SAS Management Console
by writing custom code to invoke the macro
c .
e In
t u t
s t i n .
7
7
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-7
OMABAKUP
Selected features of the OMABAKUP macro include the
following:
The macro pauses the metadata server while retaining
client connections, flushes memory and writes
metadata to disk, closes repository data sets, copies
metadata server files to specified backup location,
and resumes the metadata server.
c .
If the backup destination contains backup files, the
macro will overwrite them with new backup files.
e In
u t
A REORG option enables you to reclaim unused
disk space left over from previously deleted metadata
t
objects.
s t i n .
8
8
I n t i o
S
A tri b u
If the REORG option is used, the macro does the following:
• Re-creates the repository data sets as it copies them to the backup destination, eliminating unused
t S
disk space in the process
s
• Copies the re-created data sets back to their original locations
g h d i
Because of the overhead that is associated with re-creating the data sets, you might not want to use the
i
y r r e
REORG option for every backup. Consider using this option once a month and after large amounts of
metadata have been deleted.
o p f o r
Before you use the REORG option, it is important to run at least one successful backup without
C o t
the REORG option.
N
5-8 Chapter 5 Backing Up the SAS® Environment
Backup Wizard
The Backup Wizard enables you to create backup and
restore jobs that
use OMABAKUP
e
You can execute the job, save it for later execution, save In
t u t
the code to a file, or deploy it for scheduling.
s t i n .
9
9
I n t i o
S
A tri b u
You cannot use the Backup Wizard to back up repositories that have a registered access state of
OFFLINE. Also you cannot use the wizard to create or run a backup job if the foundation repository has a
t S
registered access state of READONLY. For these types of backups, you must use a custom
%OMABAKUP program.
s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-9
e In
SAS Administrators group
t u t
s t i n .
1
0
10
I n t i o
S
A tri b u
The metadata identity needs to be assigned to the Metadata Server: Operation role. The SAS
Administrators group is assigned to that role by default. This enables the user to pause and resume the
t S
metadata server for the backup. The metadata identity must also be assigned to the SAS Administrators
group in order to have access to the SASMeta workspace server.
s
i g h d i
On Windows, the operating system account can be granted access to appropriate directories as a member
of the Administrators group on the metadata server host machine. The operating system account also
r r e
needs the Log on as a batch job permission.
y
o p f o r
Backup Wizard – User Credentials
C o t
On UNIX and z/OS, the backup should be done using
11
1
1
5-10 Chapter 5 Backing Up the SAS® Environment
u t e
t i t .
12
I n s i o n
t
1
2
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-11
The Backup Wizard options set values in the underlying generated code, as described below:
Reorganize Repositories reclaims unused disk space that is left from previously deleted
metadata objects.
Default: unchecked
Run Analysis Procedure checks the repository backup files for unnecessary indexes, long
character variables that are stored are variable-length strings,
duplicate strings, and other issues that can affect memory.
c .
In
The next time you run a backup, the backup program uses the results
of the analysis to perform memory optimization tasks. These tasks
t e
optimize the amount of space that is used when repository records
are read into the metadata server’s memory.
u
t i t
This option should be used if you notice degradation in the
.
performance of the metadata server.
I n s n
Default: unchecked
i o
Back Up Metadata Journal File
S u t
backs up the metadata journal file.
S A tri b You can select this option only if the JOURNALPATH option is
specified in the omaconfig.xml file.
h t i s Default: checked
r g r e d
Back Up READONLY Custom
i
and Project Repositories
includes project and custom repositories in the backup if they have a
registered access mode of READONLY. If you do not select this
option, the backup only includes repositories that have a registered
C o t f Default: checked
N o
Back Up Configuration Files includes the metadata server’s configuration files, including
omaconfig.xml, adminUsers.txt, trustedUsers.txt, and logconfig.xml
in the backup.
Default: checked
Generate Debug Output creates detailed log messages that you can use to troubleshoot the
backup program. These messages are placed in the SAS log, which is
written to the backup destination directory.
Default: unchecked
5-12 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2. Expand Local Users and Groups and select Users.
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-13
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-14 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-15
5. Select the object type of Groups from LOCALHOST. Type the object name Administrators and
click . The value should resolve to LOCALHOST\Administrators.
c .
e In
t u t
s t i n .
I n t i o
Adding Ahmed to the Administrators group gives him enough access to the operating system
S
A tri b
required for the backup.u
files. As an alternative, you can give Ahmed access only to the specific files and folders
6. Click
t S .
s
i g h d i
y r r e
o p f o r
C o t
N
5-16 Chapter 5 Backing Up the SAS® Environment
7. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-17
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
9. Right-click Ahmed and select Properties.
i g h d i
y r r e
o p f o r
C o t
N
5-18 Chapter 5 Backing Up the SAS® Environment
10. Click the Groups and Roles tab. Verify that Ahmed is a member of the SAS Administrators group.
c .
e In
t u t
s t i n .
I n o
11. Click the Accounts tab. Verify that an external account is listed.
t i
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12. Close the Properties window.
13. Expand Metadata Manager Ö Metadata Utilities.
5.1 Backing Up Metadata with the Backup Wizard 5-19
c .
e In
15. Accept the defaults and click
t u t .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-20 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r
If SASMeta does not appear, verify that the machine name specified in the connection profile
is exactly the same as the machine name for the metadata server in the metadata. The value
N
5.1 Backing Up Metadata with the Backup Wizard 5-21
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
o r
If more than one backup will be stored in the backup path, consider creating a specific
f
subfolder for each.
C o t
N
5-22 Chapter 5 Backing Up the SAS® Environment
18. Use Windows Explorer to locate the default paths and review the contents. In SAS Management
Console, accept the default paths and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r
If the backup directory location already contains backup files, running the wizard again will
N
5.1 Backing Up Metadata with the Backup Wizard 5-23
19. Provide a name for the job definition. The job definition name will be used to create two jobs: a
backup job named by appending _B to the name provided and a restore job named by appending _R
to the name provided.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r
C o tDo not use an apostrophe or single quotation mark in the name. The code generated by the
wizard uses single quotation marks to surround option values. A single quotation mark in the
name will unbalance the code and prevent it from executing.
N
5-24 Chapter 5 Backing Up the SAS® Environment
20. Select Run the backup now and save job definition. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.1 Backing Up Metadata with the Backup Wizard 5-25
21. Review the settings and click . If you want to change any of the settings, use .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
p o r
22. When you are prompted to run the job, click
o f
.
C o t
N
23. If the job ran without errors, click in the Information window.
5-26 Chapter 5 Backing Up the SAS® Environment
24. Use Windows Explorer to navigate to the backup location and verify that it now includes a folder for
each repository, a folder for REPOSMGR, MetadataJournal.dat, omaconfig.xml, logconfig.xml,
adminUsers.txt, trustedUsers.txt, and a log file generated as a result of the backup job execution.
Verify that the subfolders contain tables.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
25. Examine the log for errors.
5.1 Backing Up Metadata with the Backup Wizard 5-27
Exercises
c .
In
b. Explore the properties of the backup and restore job definitions.
Job ID:
u t e
1) Use the properties of the backup job to complete the following table:
Job Type:
t i t .
Job Status:
I n s i o n
Created Date:
S u t
A tri
Last Run Date:
S
Server Name: b
h t
Server Port:
i s
r i g r e
Protocol:
d
p y r
Repository Name:
o
C o t f
Repository Type:
adminUsers.txt File:
trustedUsers.txt File:
omaconfig.xml File:
logconfig.xml File:
Backup OFFLINE
Repositories Option:
5-28 Chapter 5 Backing Up the SAS® Environment
Backup READONLY
Repositories Option:
Reorganize Repositories
Option:
c .
Run Analysis Option:
e In
Debug Option:
t u t
s i
2) How do the properties of the restore job differ from the properties of the backup job?
t n .
3) How can you modify the settings for the backup job?
I n t i o
4) Right-click on the backup job and select Save to File…. Save the file in the SASBackup
S
A tri b u
directory and name the file the same as the job name. Use TextPad to open the new file.
t S C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro\omabakup.sas
s
i g h d i
y r r e
o p f o r
C o t
N
5.2 Exploring OMABAKUP 5-29
Objectives
Use the backup program included in metadata server
directory.
Explore the OMABAKUP syntax.
Explore best practices for restoring your system.
c .
In
u t e
t i t .
I n s i o n
S u t
1
6
16
S A tri b
h t i s
r i g r e d
OMABAKUP (Review)
The macro is available in the following ways:
p y o r
as part of the backup and restore programs provided
with your installation
C o t f
in the code generated by the Backup Wizard
in SAS Management Console
17
1
7
5-30 Chapter 5 Backing Up the SAS® Environment
backupServer.sas
Included in your metadata server directory is a backup
program customized to your environment. The program
does the following:
connects to the metadata server by using the
SAS Administrator credentials
writes backup files to a directory named SASBackup
in the metadata server directory
c .
writes a log to the metadata server directory
e In
t u t
s t i n .
1
8
18
I n t i o
S
A tri b u
Your environment also includes a restore program named restoreServer.sas, which does the following:
• connects to the metadata server with the SAS Administrator credentials
t S
• restores the backup files from the SASBackup directory to the appropriate subdirectories in the
s
metadata server directory
i g h d i
• writes a log to the metadata server directory
y r r e
o p f o r
C o t
N
5.2 Exploring OMABAKUP 5-31
backupServer.sas
You can execute the backupServer.sas file in a couple
of ways:
in a SAS session with XCMD option enabled
c .
In
– UNIX or z/OS: MetadataServer.sh -backup
u t e
t i t .
19
I n s i o n
t
1
9
S
A tri b u
You can execute restoreServer.sas in the same ways:
• in a SAS session with the XCMD option enabled
t S
• go to the metadata server directory and issue the following command:
s
g d i
Windows: MetadataServer - restore
h
UNIX or z/OS: MetadataServer.sh - restore
i
y r r e
o p f o r
OMABAKUP
It is possible to modify the provided backup and restore
C o t
programs or create custom OMABAKUP code.
At a minimum, the code must include
20
2
0
5-32 Chapter 5 Backing Up the SAS® Environment
OPTIONS METASERVER="host-name"
METAPORT=port-number
METAUSER="user-ID"
c .
METAPASS="password";
e In
t u t
s t i n .
2
1
21
I n t i o
S u
The server connection options should be set as follows:
A tri b
Option
METASERVER
t S s
Description
METAPORT
i g h d i
specifies the unique port that identifies the metadata server. The default port is 8561.
r
METAUSER
p
METAPASS
C o t
N
5.2 Exploring OMABAKUP 5-33
OMABAKUP Syntax
The following syntax invokes the OMABAKUP macro
and its parameters:
%omabakup(DestinationPath="pathname",
ServerStartPath="pathname",
RposmgrPath="pathname",
<Reorg="Yes|No">,
c .
In
<Restore="Yes|No">,
<RunAnalysis ="Yes|No">,
t e
<DisableConfigurationFileBackup ="Yes|No">,
<DisableReadOnlyBackup ="Yes|No">,
u
t
<DisableOfflineBackup ="Yes|No">,
i
<BackupMetadataJournalFile ="Yes|No">);
t .
22
I n s i o n
t
2
2
S u
The syntax in brackets is optional, and if used, should not include the brackets.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-34 Chapter 5 Backing Up the SAS® Environment
Option
DestinationPath Pathname of the directory where backup copies are stored. If the
directory does not exist, %OMABAKUP will create the directory
for you.
ServerStartPath Full path to the directory in which the metadata server process was
started.
e In
t u t
previously deleted metadata objects.
Specify NO or N if you want to copy the repositories as they are.
s t i .
Default: NO
n
Restore
I n t o
Specify YES or Y to run the macro in restore mode.
i
S
A tri b u
Specify NO or N to run the macro in backup mode.
Default: NO
RunAnalysis
t S s
Specify YES or Y to analyze the backup repositories; option is not
y r r e repositories.
o p f o r
DisableConfigurationFileBackup
Default: NO
Option
u
Default: NO
t t
BackupMetadataJournalFile
t i .
Specify YES or Y if you want to backup the metadata journal file.
s n
I nSpecify NO or N if you do not want to backup the metadata
i
journal file.
t o
S
A tri u
Default: YES
b
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-36 Chapter 5 Backing Up the SAS® Environment
I n t i o
S
A tri
Restoring Your System b u
t S s
Full restores are the best practice to follow to ensure that
i g h d i
the metadata server returns to a consistent state and that
the metadata associations are correctly maintained.
y r r e
A full restore includes
o p f o r
the metadata content and associated files backed
up by the Backup Wizard or OMABAKUP
additional physical files.
C o t
N
24
2
4
5.2 Exploring OMABAKUP 5-37
Exploring OMABAKUP
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
2. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
y
o p f o r
C o t
N
5-38 Chapter 5 Backing Up the SAS® Environment
3. Open backupServer.sas with TextPad. Review the contents of the file and close TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.2 Exploring OMABAKUP 5-39
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
You can also open and execute backupServer.sas in a SAS Windowing Environment. To open
y r r e
a SAS Windowing Environment, select Start Ö All Programs Ö SAS Ö SAS 9.2 (English).
o p
f o r
Either method of invoking SAS runs the code in a SAS session that runs under the credentials
of the user ID used to log on to the machine. This SAS session uses only the configuration
N
5-40 Chapter 5 Backing Up the SAS® Environment
5. When the execution is complete, open backupServer.log and search for errors.
c .
e In
t u t
s t i n .
I n t i o
6. Use Windows Explorer to verify that the SASBackup folder includes a folder for each repository,
S
a folder for REPOSMGR, MetadataJournal.dat, omaconfig.xml, logconfig.xml, adminUsers.txt,
u
trustedUsers.txt, and a log file generated as a result of the backup job execution. Verify that the
A tri
subfolders contain tables.
b
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.2 Exploring OMABAKUP 5-41
Exercises
2. Restoring a Backup
.
Do not complete this exercise if the backup performed in the demonstration ended with errors.
c
In
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
Open adminUsers.txt with TextPad. Add the following entry to the end of the file:
u t e
localhost\test. Close the file and save the changes.
t i t .
c. Expand Metadata Manager Ö Metadata Utilities. Select Backup & Restore. Right-click on the
I s i o n
restore job and select Run Job. Select OK to run the job. Select OK when the job is complete.
n
d. Use Windows Explorer to verify that the adminUsers.txt file is restored to its original state.
S u t
e. In SAS Management Console, right-click on the restore job and select Save to File…. Save the
A tri b
file in the SASBackup directory and name the file the same as the job name. Use TextPad to open
S
the file. How does this file differ from the backup file?
h t i s
r i g r e d
p y o r
C o t f
N o
5-42 Chapter 5 Backing Up the SAS® Environment
Objectives
Identify the methods for scheduling a backup.
Modify the SASMeta batch server to enable
the XCMD option.
Schedule a backup using the Backup Wizard.
c .
In
u t e
t i t .
I n s i o n
S u t
2
8
28
S A tri b
h t i s
r i g r e d
Scheduling a Backup
There are several ways to schedule a backup:
p y o r
Use the Metadata Manager plug-in to deploy the
backup job created by the Backup Wizard and
29
2
9
5.3 Scheduling Backups 5-43
Schedule Manager
c .
e In
t u t
s t i n .
3
0
30
I n t i o
S
A tri b u
Deploying a job creates a code file and registers the job in metadata.
The available schedulers include Platform Computing’s Process Manager/LSF and operating system
t S
schedulers. The In-Process Scheduler cannot be used to schedule backups. It is only available for use with
certain Web applications.
s
g h d i
When you schedule the backup using the Metadata Manager plug-in, the command line defined for the
i
r e
SASMeta - DATA Step Batch Server is passed to the scheduler.
y r
o p f o r
C o t
N
5-44 Chapter 5 Backing Up the SAS® Environment
XCMD Option
OMABAKUP issues operating system commands.
You need the XCMD option to be enabled in your
SAS session in order for OMABAKUP to work.
The XCMD option is, by default,
enabled for the SASMeta workspace server
I n t i o
S
A tri b u
The XCMD option enables you execute operating system commands from within SAS code. Operating
system commands, for example, can be used to navigate through a folder structure on the operating
t S
system, copy, delete, rename, and create files.
s
i g h d i
Enabling XCMD Option for the
y r r e
SASMeta DATA Step Batch Server
o p f o r
1. Locate the command line on the Options tab of the
SASMeta - SAS DATA Step Batch Server properties.
C o t Example:
C:\SAS\Config\Lev1\SASMeta\BatchServer\sasbatch.bat
32
3
2
5.3 Scheduling Backups 5-45
c .
e In
t u t
s t i n .
I n t i o
S b
2. Open sasbatch.bat with TextPad.
A tri u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-46 Chapter 5 Backing Up the SAS® Environment
3. On the line that begins with Set CMD_OPTIONS, change –noxcmd to –xcmd.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
4. Close the file and save the changes.
i g h d i
y r r e
o p f o r
C o t
N
5.3 Scheduling Backups 5-47
Exercises
3. Scheduling a Backup
Use SAS Management Console to schedule a backup.
a. Use Windows Explorer to navigate to
c .
In
C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup and delete the contents.
u t e
b. In SAS Management Console, verify that you are logged in as Ahmed.
c. Expand Metadata Manager Ö Metadata Utilities and select Backup & Restore. Right-click
i t
on the backup job and select Deploy for Scheduling….
t .
Location:
I s i o n
d. Write the location of the deployed code and click OK in the Redeploy Job window.
n
S u t
e. Use Windows Explorer to navigate to the location of the deployed code. Examine the code with
TextPad.
S A tri b
f. Return to SAS Management Console, right-click Schedule Manager, and select New Flow….
h t i s
g. Create a new flow with the following attributes:
r i g d
Name: backup_flow
r e
p y Location: Shared Data
o r
Scheduling Server: Platform Process Manager
C o t f
1) Move the available job to the Selected Items pane.
Platform Computing software requires a fully qualified user ID. A local account can be
referred to by preceding the user ID with the machine name or a .\. A domain account can
be referenced with the domain included.
i. Select Start Ö All Programs Ö Platform Process Manager Ö Flow Manager. Type the user ID
.\Ahmed and the password Student1. Expand .\Ahmed Ö adhoc. Verify that the status of the
job is Done.
j. Use Windows Explorer to navigate to the SASBackup folder. Does the folder include a folder
for each repository with tables within, a folder for REPOSMGR, MetadataJournal.dat,
omaconfig.xml, logconfig.xml, adminUsers.txt, trustedUsers.txt, and a log file generated
as a result of the backup job execution?
k. In SAS Management Console, expand Server Manager Ö SASMeta Ö SASMeta - Logical
SAS DATA Step Batch Server. Right-click SASMeta - SAS DATA Step Batch Server and
select Properties. Select the Options tab. The location of the logs is listed in the Logs
Directory field, C:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.4 Backing Up Physical Files 5-49
Objectives
Identify additional files that should be backed up.
Explore best practices for backing up physical files.
c .
e In
t u t
s t i n .
I n t i o
35 S
A tri b u
S
3
5
h t i s
r i g r e d
Backing Up Physical Files
In addition to the content backed up by %OMABAKUP,
p y o r
you should also back up the following:
SAS Content Server
C o t f
SAS Table Server
36
3
6
Metadata cannot be used without the associated content that is stored on this server. If you need to recover
from a failure, the metadata that you restore must be synchronized correctly with the content server.
The content server can also include content for SAS solutions.
5-50 Chapter 5 Backing Up the SAS® Environment
c .
In
other support files for reports including PDF files
and image files
u t e
t i t .
37
I n s i o n
t
3
7
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.4 Backing Up Physical Files 5-51
I n t i o
S
A tri b u
If you are using an IBM WebSphere Application Server Network Deployment or an Oracle WebLogic
Server, then you can stop the SAS Content Server application.
t S
If you are using a JBoss Application Server, then you must stop the server.
s
g h d i
The WebDAVDump utility dumps the content of a WebDAV server by saving directories, content,
and properties. It creates one XML file, which describes the content and one file for each content resource
i
y r r e
found in the server. You run the utility pointing it to an empty directory. The XML file can be edited
to change file locations, machine names, and domain names.
p o r
The WebDAVRestore utility restores the contents of the dump file (created by WevDAVDump) to the
o f
SAS Content Server. To modify the file locations or other properties, edit the XML file before restoring
C it.
o t
For instructions on using the WebDAVDump and the WebDAVRestore utilities, see SAS Usage Note
N
34163.
5-52 Chapter 5 Backing Up the SAS® Environment
e In
t u t
s t i n .
3
9
39
I n t i o
S
A tri b u
The Shared Services include alert registration and notification and comment management. For more
information about the Shared Services, refer to the SAS 9.2 Intelligence Platform: Web Application
t S
Administration Guide.
s
The SASTBACK executable can be located in SAS-installation-directory\SASFoundation\9.2\bin.
i g h d i
To back up the Shared Services database that exists on the table server, issue the following command:
y r e
sastback –b SharedServices.fdb –mo read_only [-verbose] SharedServices.fbk
r
o p f o r
C o t
N
5.4 Backing Up Physical Files 5-53
custom code
e In
t u t
s t i n .
4
0
40
I n t i o
S
A tri b u
Because the Backup Wizard and %OMABAKUP do not back up the physical data that is associated with
metadata, you must use operating system commands or third-party tools to back up physical data.
t S
Dashboard content and configuration files should also be backed up.
s
g h d i
To maintain system integrity in the event that a restore is needed, your backups of the SAS Content
Server, SAS Table Server, and physical data must be synchronized correctly with your metadata backups.
i
y r r e
To ensure that the backups are synchronized, you can use one of the following approaches:
• Back up the metadata server, the SAS Content Server, the SAS Table Server, and the physical files
o p f o r
concurrently (that is, in the same backup window).
• Back up the SAS Content Server, the SAS Table Server, and the physical files immediately after the
C t
metadata server is backed up, and do not allow clients to update metadata while you are performing
o
these backups (keep the metadata server paused during this operation).
N
5-54 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.4 Backing Up Physical Files 5-55
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3. Use Windows Explorer to navigate to S:\workshop\OrionStar and explore the subfolders.
s
i g h d i
y r r e
o p f o r
C o t
N
5-56 Chapter 5 Backing Up the SAS® Environment
e
1) Use the Properties of the backup job to complete the table: In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.5 Solutions to Exercises 5-57
2) How do the properties of the restore job differ from the properties of the backup job?
The Metadata Journal File Option is a NO on Restore and YES on Backup. The status
might be different too, based on the fact that the Restore might not have run yet.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-58 Chapter 5 Backing Up the SAS® Environment
3) How can you modify the settings for the backup job?
You cannot modify the job in SAS Management Console. Your only options are listed
in the display below.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
4) Right-click on the backup job and select Save to File…. Save the file in the SASBackup
i
y r e
directory and name the file the same as the job name. Use TextPad to open the new file.
r
o p f o r
a) In SAS Management Console, expand the Metadata Manager. Expand
Metadata Utilities. From the panel on the right side, right-click on the backup job name
and select Save to File… from the drop-down menu.
C o t
N
5.5 Solutions to Exercises 5-59
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
c) Use Windows Explorer to navigate to
i g h d i
C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup. Right-click on the file
and select TextPad.
y r r e
o p f o r
C o t
N
5-60 Chapter 5 Backing Up the SAS® Environment
2. Restoring a Backup
a. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\MetadataServer.
Open adminUsers.txt with TextPad. Add the following entry to the end of the file:
localhost\test. Close the file and save the changes.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
2) Add localhost\test to the file. Select File Ö Save.
N
5.5 Solutions to Exercises 5-61
c .
e In
t u t
c. Expand Metadata Manager Ö Metadata Utilities. Select Backup & Restore.
s t i .
1) Right-click on the restore job and select Run Job.
n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
2) Click to run the job.
N
5-62 Chapter 5 Backing Up the SAS® Environment
c .
In
d. Use Windows Explorer to verify that the adminUsers.txt file is restored to its original state.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y e. In SAS Management Console, right-click on the restore job and select Save to File…. Save the
r
file in the SASBackup directory and name the file the same as the job name. Use TextPad to open
o
C o t f
the file. How does this file differ from the backup file?
1) Right-click on the restored job name and select Save to File… from the drop-down menu.
N o
5.5 Solutions to Exercises 5-63
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
3) Go to the backup directory and select the new file that was created. Right-click on the file
h
and select TextPad to view the file.
y r r e
o p f o r
C o t
N
5-64 Chapter 5 Backing Up the SAS® Environment
3. Scheduling a Backup
Use SAS Management Console to schedule a backup.
a. Use Windows Explorer to navigate to
C:\SAS\Config\Lev1\SASMeta\MetadataServer\SASBackup and delete the contents.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.5 Solutions to Exercises 5-65
c .
e In
t u t
c. Expand Metadata Manager Ö Metadata Utilities and select Backup & Restore. Right-click on
t i .
the backup job and select Deploy for Scheduling….
s n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
d. Write the location of the deployed code and click in the Redeploy Job window.
C o t
The location of the code is C:\SAS\Config\Lev1\SASMeta\SASEnvironment\SASCode\Jobs.
N
5-66 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
f. Return to SAS Management Console. Right-click Schedule Manager and select New Flow….
o p f o r
C o t
N
5.5 Solutions to Exercises 5-67
g. Create a new flow with the following attributes shown below and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
h. In the pane on the right of the Schedule Manager plug-in, select [All] in the Filter drop-down list.
c .
e In
t u t
s t i n .
3) Type the user ID .\Ahmed and the password Student1 and click .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
4) Accept Run Now as the trigger and click .
C o t
N
5) Click .
5.5 Solutions to Exercises 5-69
c .
2) Expand .\ahmed Ö adhoc. Verify that the status of the job is Done.
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
j. Use Windows Explorer to navigate to the SASBackup folder. Does the folder include a folder
i g
y r e
for each repository with tables within, a folder for REPOSMGR, MetadataJournal.dat,
r
omaconfig.xml, logconfig.xml, adminUsers.txt, trustedUsers.txt, and a log file generated
o p f o r
as a result of the backup job execution?
The folder contains everything except the log from the backup job.
C o t
k. In SAS Management Console, expand Server Manager Ö SASMeta Ö SASMeta - Logical
SAS DATA Step Batch Server.
N1) Right-click SASMeta - SAS DATA Step Batch Server and select Properties.
5-70 Chapter 5 Backing Up the SAS® Environment
2) Click the Options tab. The location of the logs is listed in the Logs Directory field,
D:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.
c .
e In
t u t
t i .
l. Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASMeta\BatchServer\Logs.
s n
I n t i o
1) Open the most recent log file.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5.5 Solutions to Exercises 5-71
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5-72 Chapter 5 Backing Up the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 6 Administering Client
Applications
e In
Exercises .............................................................................................................................. 6-13
u t
Demonstration: Connection Profile for SAS Enterprise Guide and the SAS Add-In for
t
s i
Microsoft Office ........................................................................................... 6-16
t .
Exercises .............................................................................................................................. 6-20
n
6.2
I n t i o
Using Roles to Control Access to Application Functionality ................................... 6-22
S u
Demonstration: Identifying Roles in SAS Management Console ........................................ 6-35
A tri b
t S
Exercises .............................................................................................................................. 6-39
s
6.3
h i
Exploring SAS Folders ................................................................................................. 6-41
i g d
y r e
Demonstration: Exploring Folders........................................................................................ 6-51
r
o p f o r
Exercises .............................................................................................................................. 6-56
C
6.4
t
Solutions to Exercises ................................................................................................. 6-58
o
N
6-2 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.1 Exploring Connection Profiles 6-3
Objectives
Identify how desktop application connect to the
metadata server.
Use an existing connection profile.
Create a new connection profile.
c .
In
u t e
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r i g r e d
SAS Client Applications
The client applications are either of the following:
p y r
Web-based
o
SAS Information Delivery Portal
C o t f SAS BI Dashboard
SAS Web Report Studio
Desktop applications are installed on the user’s desktop and, except for SAS Management Console, only
run on Windows. SAS Management Console is supported on all platforms except z/OS and OpenVMS.
6-4 Chapter 6 Administering Client Applications
Connection Profiles
The desktop applications use connection profiles to
connect to the metadata server. A connection profile is
a file stored on the desktop that contains the information
necessary to connect to your metadata server.
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri b u
Connection Profiles – Java Applications
t S s
The Java applications use different files for connection
i g h d i
information than the Windows applications.
When you open a Java application on a particular
y r r e
machine, you are typically presented with a Connection
o p f o r
Profile window.
C o t
N
6
6
6.1 Exploring Connection Profiles 6-5
u t e
t i t .
7
I n s i o n
t
7
S
A tri b
Connection Profile Window
u
t S
A connection
s
i g h
profile includes
the metadata
d i
y r r e
server host name
and port.
o p o r
Users can
f
choose to save
C o t
a user ID and
password
N in the profile.
8
8
6-6 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
9
9
I n t i o
S u
If you cannot access the Application Data folder, it might be hidden. Use operating system
A tri b
commands to unhide the folders.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.1 Exploring Connection Profiles 6-7
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3. The name of the connection profile is My Server. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
6-8 Chapter 6 Administering Client Applications
4. The name of the machine hosting the metadata server is localhost. The metadata server listens
for requests on port number 8561. Click .
c .
e In
t u t
s t i n .
I n
5. In the Error window, click
t i
. o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
6. Type Ahmed as the user ID and Student1 as the password. Click .
C o t
N
6.1 Exploring Connection Profiles 6-9
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
p
8. Click
C o t
N
9. Because you did not save the user ID and password as part of the profile, type the user ID Ahmed and
the password Student1.
10. Click .
6-10 Chapter 6 Administering Client Applications
c .
e In
12. Click
t u t
when you are prompted about disconnecting from the server.
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
13. Select the drop-down arrow to display the list of existing connection profiles.
h
y r r e
o p f o r
C o t
N
14. Click . Close SAS Management Console.
6.1 Exploring Connection Profiles 6-11
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
16. Right-click My Server.swa and select TextPad.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-12 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.1 Exploring Connection Profiles 6-13
Exercises
s n
Provide the connection information for Barbara to connect to her project repository. Connect
I n i o
to Barbara’s Work Repository. Save Barbara’s credentials in the profile.
t
S
A tri b u
b. Log on with the new connection profile. Is there a Checkouts tab?
c. Select File Ö Connection Profile. Click . In the Connection Profile window, set the
t S
Exercise connection profile as the default. Log on. Close SAS Data Integration Studio and reopen
s
the application. Are you prompted to select a profile? Remove the assignment of the Exercise
i g h d i
profile as the default connection profile.
y r
password?
r e
d. Use Windows Explorer to review the contents of the new .swa file. What is the value of the stored
o p o r
e. Select Start Ö All Programs Ö SAS Ö SAS 9.2 (English).
f
C t
f. In the Editor window, type the following code:
N run;
g. Select Run Ö Submit.
h. Locate the line in the Log window that begins with {sas002}. Does this value match the value
stored in the .swa file?
A password string beginning with {sas002} was encoded using the SASProprietary
algorithm.
3. Duplicating a Connection Profile
a. Make a copy of My Server.swa. Rename the file My DEV Server.
b. Open My DEV Server.swa. Change the metadata server host name to devhost. Delete the user ID
and password if they are stored in the file. Change the value of the name parameter to My Dev
Server.
c. Open a Java application. Locate the My DEV Server profile in the list of connection profiles.
6-14 Chapter 6 Administering Client Applications
u t e
t i t .
12
I n s i o n
t
1
2
S u
The Connection link at the bottom of the SAS Enterprise Guide window is a shortcut to the
A tri
Connections window.
b
t S s
i g h d i
Connection Profile Best Practice
y r r e
Always create, edit, and delete profiles using either
SAS Enterprise Guide or the SAS Add-In for Microsoft Office.
o p f o r
Profiles for Windows applications are stored in a file named
ConfigurationV42.xml on the machine where the Windows
C o t
application is installed in the user’s home directory under
Application Data\SAS\MetadataServerProfiles
N
13
1
3
6.1 Exploring Connection Profiles 6-15
c .
0 Users cannot save the user ID and
password in the connection profile.
e In
u t
Make a backup copy of omaconfig.xml before
t
modifying it.
s t i n .
1
4
14
I n t i o
S
A tri b u
If a user selects the Save user ID and password in this profile check box, then a local copy of the user’s
ID and password are stored in a format that is difficult, but not impossible, for an intruder to read. The
t S
local copy is used to prepopulate the logon dialog box, so that the user does not need to enter a password
every time that the application is launched.
s
i g h d i
When you make a change to the omaconfig.xml file, you must stop and restart the metadata
y r e
server for the change to take effect.
r
o p f o r
C o t
N
6-16 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3. Notice the connection information in the lower right corner of SAS Enterprise Guide.
o p f o r
C t
4. Close SAS Enterprise Guide.
o
N
5. Select Start Ö All Programs Ö Microsoft Office Ö Microsoft Office Excel 2007.
6. Click the SAS tab.
6.1 Exploring Connection Profiles 6-17
c .
e In
t u t
s t i n .
8. Click .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-18 Chapter 6 Administering Client Applications
9. The user ID and password used to make the connection are listed. Click to close the
Modify Profile window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
10. Click
f o r to close the Connections window.
C o t
11. Close Microsoft Office Excel 2007. Do not save changes.
N
6.1 Exploring Connection Profiles 6-19
c .
e In
t u t
s t i n .
I n t i o
S
A tri
Close the TextPad window.
b u
13. Use TextPad to open ConfigurationV42.xml. Notice the user ID and encoded password for Jacques.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-20 Chapter 6 Administering Client Applications
Exercises
e
t u t
a) Set the value of SASSEC_LOCAL_PW_SAVE to 0.
s t i .
2) Restart the metadata server and all dependent services.
n
I n i o
3) Log on to SAS Management Console.
t
S
credentials.)
A tri b u
a) Try to modify the My Server profile. (The profile should not currently include stored
t S
b) Try to save the user ID and password.
s
i g h d i
c) Were you successful?
4) Log on to SAS Data Integration Studio using the Exercise profile.
y r r e
a) Were you prompted for credentials?
o p f o r
b) Close SAS Data Integration Studio.
C o t5) Log on to SAS Enterprise Guide. Were you prompted for credentials?
6) In SAS Enterprise Guide, select Tools Ö Options Ö Administration.
N a) Click twice.
If you first try to modify the value of the password, you are able to save the
updated password in the connection profile. After you delete the password, you
can no longer add a password to the connection profile.
7) Reopen SAS Enterprise Guide. Were you prompted for credentials?
6.1 Exploring Connection Profiles 6-21
8) Select Start Ö All Programs Ö Microsoft Office Ö Microsoft Office Excel 2007.
a) Select SAS.
b) Select Tools Ö Connections. Are the user ID and password listed?
c) Click Ö .
c .
e In
11) Reopen Microsoft Excel. Select SAS Ö Analyze Data. Were you prompted for credentials?
12) Use Windows Explorer to open C:\SAS\Config\Lev1\SASMeta\MetadataServer\omaconfig.xml.
u t
a) Set the value of SASSEC_LOCAL_PW_SAVE back to 1.
t
t i
b) Save the changes made to the file.
s n .
I n
13) Restart the metadata server and all dependent services.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-22 Chapter 6 Administering Client Applications
Objectives
Explore key features of roles.
.
Examine initial roles.
Create a new role.
In c
u t e
t i t .
I n s i o n
S u t
S A tri b
t
18
s
1
8
i g h d i
y r e
What Are Metadata Roles?
r
o p r
Roles determine which user interface elements a user
o
sees when interacting with an application. The various
f
features in applications that provide role-based
C o t
management are called capabilities.
N
Applications that support roles include the
following:
SAS Add-In for Microsoft Office
Role Features
Below are some of the important features of roles:
Not all applications support roles.
c .
In
Having a certain capability is not an alternative
to meeting permission requirements.
u t e
Roles and groups serve distinct purposes.
t i t .
20
I n s i o n
t
2
0
S
A tri b u
Applications that support roles include SAS Management Console, SAS Add-In for Microsoft Office,
SAS Enterprise Guide, SAS Web Report Studio, and SAS BI Dashboard.
capability.
t S
To prevent someone from having a capability, make sure he or she is not in any role that provides that
s
i g h d i
y r r e
o p f o r
C o t
N
6-24 Chapter 6 Administering Client Applications
I n t i o
S
A tri
authorization layer.
b u
The Metadata Server: Unrestricted role provides irrevocable grants of all permissions in the metadata
t S
Permissions requirements and capability requirements are cumulative. For example, even if you are in the
s
Enterprise Guide: OLAP role, you cannot access data in a cube for which you do not have the Read and
i g h d i
ReadMetadata permissions. You can use permissions to constrain the scope of a role.
y r r e
o p f o r
Managing Roles
Roles can be accessed and managed from the
C o t
User Manager plug-in in SAS Management Console.
22
2
2
6.2 Using Roles to Control Access to Application Functionality 6-25
no capabilities selected
c .
In
some capabilities
selected
t i t .
23
I n s i o n ...
t
2
3
S
A tri
Creating New Roles b u
t S s
When you create a new role, you can do the following:
i g h d i
Assign capabilities directly to the role.
y r r e
Designate contributing roles.
o p f o r
C o t
N
24
2
4
6-26 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
2
5
25
I n t i o
Roles
S
A tri b u
t S s
The initial configuration of the software includes some
i g h d i
predefined roles.
If these roles meet your needs, assign the correct
y r r e
membership.
o p o r
If these roles do not meet your needs, create new
roles, assign appropriate membership, and explicitly
f
select application capabilities and/or designate
C o t contributing roles.
26
2
6
Do not change the name of any predefined roles. The best practice is to make groups members
of roles whenever possible. In order to assign the role to a new user, make the user a member
of the group.
It is a best practice to leave the capabilities of predefined roles unchanged. If you need to modify the
capabilities, create a new role.
6.2 Using Roles to Control Access to Application Functionality 6-27
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-28 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h d i
Predefined Roles: Add-In for Microsoft Office: Analysis Role Capabilities
i g
y r r e
o p f o r
C o t
N
6.2 Using Roles to Control Access to Application Functionality 6-29
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-30 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
Predefined Roles: Enterprise Guide: OLAP Role Capabilities
s
i g h d i
y r r e
o p f o r
C o t
N
6.2 Using Roles to Control Access to Application Functionality 6-31
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
Predefined Roles: Web Report Studio: Report Viewing Role Capabilities
h
y r r e
o p f o r
C o t
N
6-32 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.2 Using Roles to Control Access to Application Functionality 6-33
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-34 Chapter 6 Administering Client Applications
c .
e In
t u t
t i .
Predefined Roles: Management Console: Content Management Capabilities
s n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.2 Using Roles to Control Access to Application Functionality 6-35
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
3. In SAS Management Console, click the Plug-ins tab and then select User Manager.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-36 Chapter 6 Administering Client Applications
4. In the pane on the right, clear the Show Users and Show Groups check boxes.
c .
e In
t u t
5. Right-click Enterprise Guide: Analysis and select Properties.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
6. Click the Members tab.
C o t
N
6.2 Using Roles to Control Access to Application Functionality 6-37
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
8. Expand Enterprise Guide 4.2 and then expand Open or Import.
s
i g h d i
y r r e
o p f o r
C o t
N
6-38 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.2 Using Roles to Control Access to Application Functionality 6-39
Exercises
Role Members
c .
Add-In for Microsoft Office: Advanced
e In
t u t
Add-In for Microsoft Office: Analysis
t n .
I n
Enterprise Guide: Analysis
t i o
S
Enterprise Guide: OLAP
A tri b u
t S
Enterprise Guide: Programming
s
Web Report Studio: Advanced
g h d i
Web Report Studio: Report Creation
i
r r e
Web Report Studio: Report Viewing
y
p o r
6. Exploring SAS Web Report Studio Roles
o f
C o t
a. In SAS Management Console, open the properties of the Web Report Studio: Report Creation
role. Add Gloria to the Current Members pane.
N
b. Open Internet Explorer and select Favorites Ö SAS Web Report Studio. Log on as Gloria.
What selections are available from the File menu? Log off as Gloria.
Select Favorites Ö SAS Web Report Studio and log on as Eric. What selections are available
from the File menu? Log off as Eric. Why does Eric have the more capabilities than Gloria?
c. Return to SAS Management Console and open the properties of the Web Report Studio:
Report Creation role. On the Members tab, remove Gloria as a member.
6-40 Chapter 6 Administering Client Applications
c
If you are not prompted for credentials, verify that you are connected as Gloria in the
.
In
status bar. If you are connected as someone else, select Connection and connect as Gloria.
d. On the status bar, select Functions. Compare the list of authorized functions to the list of
t e
capabilities in the Enterprise Guide: Analysis role. Do the lists match? Close SAS Enterprise Guide.
u
t t
e. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
i
Add PUBLIC to the current member.
.
I s i o n
f. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role.
n
Remove Gloria from the Current Members pane.
S u
8. Exploring the SAS BI Dashboard Role
t
A tri b
a. In SAS Management Console, open the properties of the BI Dashboard: Administration role.
S
h t
b. Who are the members of the role? What are the capabilities assigned to this role?
i s
c. How would you add a member to this role?
r i g e
9. Creating a New Role
r d
p y o r
a. In SAS Management Console, select the Plug-ins tab and then select User Manager.
Right-click User Manager and select New Ö Role.
C o t f
b. Provide the following properties for the new role:
Objectives
Explore the SAS folder structure.
Identify content mapping.
Examine best practices for managing folders.
c .
In
Explore how different applications surface
the SAS folders.
u t e
t i t .
I n s i o n
S u t
3
0
30
S A tri b
h t i s
r i g r e d
SAS Folder Structure
SAS applications use a hierarchy of SAS folders to store
p y r
metadata. The folders are shown below:
o
C o t f Channels Cubes
N o Dashboards
Folders
Jobs
Data explorations
Information maps
Libraries
31
3
1
6-42 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
3
2
32
I n t i o
S
A tri
Content Mapping b u
t S s
Some SAS folders have associated physical content that
i g h d i
resides in either the SAS Content Server or a file system.
Content mapping maps the metadata folder structure to
y r r e
the corresponding physical folders.
o p f o r
C o t
N
33
3
3
If you installed Web applications such as SAS Web Report Studio, then some SAS folders (for example,
folders that contain metadata for reports) have associated physical content that resides in either the SAS
Content Server or in a file system. In these instances, a procedure named content mapping maps the
metadata folder structure to corresponding physical folders that have the same organization. Content
mapping is automatically configured when you install your system.
6.3 Exploring SAS Folders 6-43
c .
e In
t u t
s t i n .
3
4
34
I n t i o ...
S
A tri b u
This folder cannot be renamed, moved, or deleted. It can contain other folders, but it cannot
contain individual objects.
t S s
If you defined one or more custom repositories, then the folder structure also includes a top-level folder
i g h d i
that corresponds to each custom repository.
y r r e
o p f o r
C o t
N
6-44 Chapter 6 Administering Client Applications
e In
SAS Intelligence Platform Ö
u
Samples contains sample-stored
t t
s i
processes and shared prompts.
t n .
3
5
35
I n t i o ...
S
A tri b u
For example, some products have a set of initial jobs, transformations, stored processes, or reports
which users can modify for their own purposes. Other products include sample content (for example,
t S
sample stored processes) to demonstrate product capabilities.
s
Where applicable, the content is stored under the product’s folder in subfolders that indicate the release
i g h
number of the product.
d i
y r r e
During the installation, the SAS Deployment Wizard enables the installer to assign a different
name to this folder.
o p f o r
C o t
N
6.3 Exploring SAS Folders 6-45
c .
e In
t u t
s t i n .
3
6
36
I n t i o ...
S
A tri b u
Under the Shared Data folder, you can create additional subfolders to further organize this content.
t S
Under SAS Folders, you can also create additional folders in which to store shared content.
s
i g h d i
y r r e
o p f o r
C o t
N
6-46 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
3
7
37
I n t i o ...
S u
The System folder contains the following folders:
A tri b
Administration
t S contains objects for backup jobs and restore jobs that are created by using the
Backup Wizard.
s
g
Applications
i h d i
contains folders for individual SAS applications that have system objects.
y r r e Under these folders, the objects are stored in subfolders that correspond to
individual release numbers.
o p
Publishing
f o r contains channel and subscriber objects that are used by the Publishing
C Types
o t Framework.
contains type definitions for public objects that exist on this metadata server.
N
6.3 Exploring SAS Folders 6-47
e
on the value of the
t
user’s Name field in
u
the User Manager.
t i t .
38
I n s i o n ...
t
3
8
S
A tri b u
The first time that a user logs on to an application that requires a home folder, the user’s home folder
is automatically created. That same folder is then used by other applications that the user logs on to.
t S
As a default, users do not have Write access to their home folders. However, each home folder contains
s
a folder named My Folder (referred to as the user’s personal folder) to which the user has full access.
i g h d i
In a custom installation, the SAS Deployment Wizard enables the installer to choose whether
y r r e
or not to create a Users folder.
o f o r
A pointer to the user’s personal folder, My Folder, appears at the top level of the folder hierarchy.
p
The folder is only visible to the owning user and unrestricted users.
C t
The owning user has WriteMemberMetadata permission on this folder. This means that only the owning
o
user and unrestricted users have permission to add content to or remove content from the folder.
N
The owning user cannot rename, move, delete, or change permissions on this folder. However, the
owning user can create additional subfolders to organize content.
6-48 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
3
9
39
I n t i o ...
S
A tri b u
Initial Folder Structure – My Folder
t S s
The initial folder structure is similar to the following:
i g h d i
y r
My Folder
r e is a shortcut to the
personal folder of the
C o t
N
40
4
0
...
6.3 Exploring SAS Folders 6-49
e In
t u t
s t i n .
4
1
41
I n t i o
S
A tri b u
The folder is created under the user’s home folder the first time that an application needs to use it.
The folder is to be accessed only by applications and not accessed directly by the user.
t S s
i g h d i
Best Practices for Managing SAS Folders
y r r e
Follow these best practices when you interact with
SAS folders:
o p f o r
Use personal folders for personal content, and shared
folders for content that multiple users need to view.
C o t
Use folders instead of custom repositories
to organize content.
42
administrator should set permissions.
4
2
It is a best practice to back up your environment before making significant changes to the
SAS folders structure.
Metadata objects are sometimes referenced by their metadata identifier and sometimes by the
path to their location. If the path is modified, associations might be broken.
6-50 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
4
3
43
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.3 Exploring SAS Folders 6-51
Exploring Folders
1. In SAS Management Console, verify that you are logged on as Ahmed. Select the Folders tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2. Expand all of the folders and subfolders.
t S s
i g h d i
y r r e
o p f o r
C o t
N
3. Select Start Ö All Programs Ö SAS Ö SAS Data Integration Studio 4.2.
4. Log on to SAS Data Integration Studio with the My Server profile as Gloria.
6-52 Chapter 6 Administering Client Applications
5. On the Folders tab, expand all of the folders and subfolders. How do these compare to what
is displayed in SAS Management Console?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
p o r
6. In SAS Data Integration Studio, select File Ö New Ö Folder.
o f
C o t
N
6.3 Exploring SAS Folders 6-53
c .
e In
t u t
s t i .
8. In SAS Data Integration Studio, in what two places in the folder tree does the new folder appear?
n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
In SAS Management Console, where does the new folder appear?
6-54 Chapter 6 Administering Client Applications
9. In SAS Data Integration Studio, select File Ö New to see a list of the objects that can be created and
registered in the metadata: folder, job, table, transformation, external file, library, document, note,
cube, OLAP schema.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r e
10. In SAS Data Integration Studio, right-click Test Folder and select Properties.
y r
o p f o r
C o t
N
6.3 Exploring SAS Folders 6-55
11. Click the Authorization tab. You can set permissions on the metadata objects surfaced in
SAS Data Integration Studio.
c .
e In
t u t
s t i n .
I n t i o
S u
12. Close SAS Data Integration Studio.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-56 Chapter 6 Administering Client Applications
Exercises
t e
c. How do the servers (for both tables and cubes) in SAS Information Map Studio compare
to what is listed under the Server Manager plug-in in SAS Management Console?
u
t i t
d. What type of objects can you create from the File menu in SAS Information Map Studio?
.
Can you create new folders in SAS Information Map Studio?
n s o n
e. Open an existing information map by selecting SAS Folders Ö Orion Star Ö Marketing
I i
Department Ö Information Maps. In the Information Map Contents pane, right-click on the
S u t
map and select Authorization. You can set metadata permissions on information maps from
SAS Information Map Studio. Close SAS Information Map Studio.
S A tri b
12. Exploring SAS Enterprise Guide’s Interaction with Metadata
t s
a. Log on to SAS Enterprise Guide as Eric.
h i
r g e d
b. How does the SAS folder list in SAS Enterprise Guide compare to the Folders tab in
r
p y o r
c. How does the Server List in SAS Enterprise Guide compare to the servers and libraries listed
under the Server Manager and Data Library Manager plug-ins in SAS Management Console?
C o t f
d. In SAS Enterprise Guide, select File Ö New. What types of objects can be created from the
b. Select File Ö New Ö New Using Wizard…. Select . How does the
folder structure compare to the Folders tab in SAS Management Console? Close the Select Data
Source window and cancel out of the New Report wizard.
c. Select File Ö Manage Files…. Select Create new folder. Provide a name and select OK.
Were you able to create a new folder here?
c .
e In
d. Double-click My Folder. Select Create new folder. Provide a name and select OK. Were you
able to create a new folder here? Where in the Folders tab in SAS Management Console does the
new folder appear?
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-58 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S u
What is the value of SelectedReps?
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-59
b. Use the Metadata Manager in SAS Management Console to identify which repository the value of
SelectedReps points to. This profile points to the Foundation repository.
c .
e In
t u t
t i
2. Creating a New Connection Profile
s n .
n t i o
a. Use SAS Data Integration Studio to create a new connection profile named Exercise. Provide the
I
connection information for Barbara to connect to her project repository. Connect to Barbara’s
Work Repository. Save Barbara’s credentials in the profile.
S
A tri b u
1) Start SAS Data Integration Studio. Select Create a New Connection Profile.
Click
t S s
.
i g h d i
y r r e
o p f o r
C o t
N
6-60 Chapter 6 Administering Client Applications
2) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-61
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-62 Chapter 6 Administering Client Applications
4) Type the connection information. Select the Save user ID and password in this profile check
box. Click .
• Machine: localhost
• Port: 8561
• User ID: Barbara
• Password: Student1
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-63
5) Click the Connect to a project check box, highlight Barbara’s Work Repository, and click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-64 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
b. Log on using the Exercise connection profile. Select . Is there a Checkouts tab?
o p f o r
1) If needed, reopen SAS Data Integration Studio and log on with the Exercise profile.
C o t
N
6.4 Solutions to Exercises 6-65
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
c. Select File Ö Connection Profile. Click
s
. In the Connection Profile window, set the
g h d i
Exercise connection profile as the default. Log on. Close SAS Data Integration Studio and reopen
the application. Are you prompted to select a profile? Remove the assignment of the Exercise
i
y r e
profile as the default connection profile.
r
o p f o r
C o t
N
6-66 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
2) Click
d i .
y r r e
o p f o r
C o t
N 3) In the Connection Profile window, set the Exercise connection profile as the default.
Click .
6.4 Solutions to Exercises 6-67
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
5) Open SAS Data Integration Studio.
You are not prompted to select a profile or provide credentials.
o p o r
6) Select File Ö Connection Profile….
f
C t
7) Click
o
.
N
6-68 Chapter 6 Administering Client Applications
8) Clear the Set this connection profile as the default check box and click .
c .
e In
t u t
d. Use Windows Explorer to review the contents of the new .swa file. What is the value of the stored
password?
s t i n .
1) Use Windows Explorer to navigate to C:\Documents and Settings\student\Application
I n i o
Data\SAS\MetadataServerProfiles\Exercise.swa. Open the file using TextPad.
t
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-69
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
A password string beginning with {sas002} was encoded using the SASProprietary
t S
algorithm.
s
i g h d i
y r r e
o p f o r
C o t
N
6-70 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N f. In the Editor window, type the following code:
proc pwencode in="Student1";
run;
6.4 Solutions to Exercises 6-71
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
h. Locate the line in the Log window that begins with {sas002}. Does this value match the value
stored in the .swa file? Yes
y r r e
o p f o r
C o t
N
6-72 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Right-click in the background and select Paste.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-73
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
4) Change the name to My Dev Server.swa and press ENTER.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-74 Chapter 6 Administering Client Applications
b. Open My DEV Server.swa. Change the metadata server host name to devhost. Delete the user ID
and password if they are stored in the file. Change the value of the name parameter to My Dev
Server. Save the changes and close the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
c. Open a Java application. Select the My DEV Server profile in the list of connection profiles and
s
i g h
click
d i
. Close the application.
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-75
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
b. Prevent users from storing credentials.
s
i g h d i
1) Use Windows Explorer to open C:\SAS\Config\Lev1\SASMeta\MetadataServer\omaconfig.xml.
a) Set the value of SASSEC_LOCAL_PW_SAVE to 0.
y r r e
b) Save the changes and close the file.
o p
f o rBe sure to include the value of SASSEC_LOCAL_PW_SAVE in double quotation
marks.
C o t
N
6-76 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Restart the metadata server and all dependent services.
a) On the Windows desktop, right-click My Computer and select Manage.
t S s
i g h d i
y r r e
o p f o r
C o t
N
b) In the Computer Management window, expand Services and Applications and click
Services.
6.4 Solutions to Exercises 6-77
c) Scroll down to the SAS Metadata Server, right-click, and select Restart.
c .
e In
t u t
s t i n .
d) Select
I n .
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
3) Log on to SAS Management Console.
a) Try to modify the My Server profile. (The profile should not currently include stored
credentials.)
6-78 Chapter 6 Administering Client Applications
c .
e In
t u t
(2) Click
s t i .
n .
I n i o
(3) Type the user ID Ahmed and the password Student1. Click the Save user ID and
t
S
password in this profile check box and click
A tri b u
.
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-79
(4) A warning dialog box appears and indicates that login information will not be saved.
Click .
c .
(5) Click .
e In
u t
4) Log on to SAS Data Integration Studio using the Exercise profile.
t
t i .
a) Were you prompted for credentials? No
s n
I n t i o
b) Close SAS Data Integration Studio.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
5) Log on to SAS Enterprise Guide. Were you prompted for credentials? No
o
N
6-80 Chapter 6 Administering Client Applications
a) Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-81
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
b) Delete the user ID and password values and click .
t S
Clear the User and Password fields and click
s
.
i g h d i
y r r e
o p f o r
C o t
N
6-82 Chapter 6 Administering Client Applications
C o t
N
6.4 Solutions to Exercises 6-83
8) Select Start Ö All Programs Ö Microsoft Office Ö Microsoft Office Excel 2007.
a) Select SAS.
b) Select Tools Ö Connections…. Are the user ID and password listed? No
c .
e In
t u t
s t i n .
I n t i o
c) Click
S
A tri Ö
b u .
t S s
(1) Select the My Server profile and click .
i g h d i
y r r e
o p f o r
C o t
N
6-84 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
9) Select Analyze Data. Were you prompted for credentials? Yes
N
6.4 Solutions to Exercises 6-85
c .
e In
t u t
s t i n .
I n t i o
S
10) Modify the profile and include credentials. Close Microsoft Excel.
A tri b u
a) Select SAS Ö Tools Ö Connections. Select the My Server profile and click
t S s
.
i g h d i
y r r e
o p f o r
C o t
N
6-86 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
c) Click to modify the profile.
C o t
N
6.4 Solutions to Exercises 6-87
If My Server is not set as the active profile, select My Server and click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g
Yes
i h d i
11) Reopen Microsoft Excel. Select SAS Ö Analyze Data. Were you prompted for credentials?
y r r e
o p f o r
C o t
N
6-88 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
13) Restart the metadata server and all dependent services.
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-89
Role Members
c .
Enterprise Guide: Advanced
None In
Enterprise Guide: OLAP
t u t None
t
Enterprise Guide: Programming
s i n . None
n
Web Report Studio: Advanced
I t i o None
S
Web Report Studio: Report Creation
A tri b u
Web Report Studio: Report Viewing
None *
Report Consumers *
t S
* PUBLIC is the default member of this role.
s
i g h d i
y r r e
o p f o r
C o t
N
6-90 Chapter 6 Administering Client Applications
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
b. Open Internet Explorer and select Favorites Ö SAS Web Report Studio. Log in as Gloria.
o p f o r
What selections are available from the File menu? Log off as Gloria.
1) Check that the SAS [Config-Lev1] Remote Services and JBoss - SASServer1 services are
C o t started.
N
6.4 Solutions to Exercises 6-91
2) Open Internet Explorer and select Favorites Ö SAS Web Report Studio.
c .
e In
t u t
s t i n .
I n t i o
S
A tri
3) Log on as Gloria.
b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-92 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n
5) Click Log Off Gloria.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-93
6) Select Favorites Ö SAS Web Report Studio and log on as Eric. What selections are
available from the File menu? New, Open…, Open Recent, and Manage Files… are
available. Log off as Eric.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7) Why does Eric have the more capabilities than Gloria?
The Report Content Creators group is a member of the Orion Star: Web Report Studio
Full Control role, which has all of the SAS Web Report Studio 4.2 capabilities. As a
member of the Report Content Creators, Eric is indirectly a member of the Orion Star:
Web Report Studio Full Control role.
6-94 Chapter 6 Administering Client Applications
c. Return to SAS Management Console and open the properties of the Web Report Studio: Report
Creation role. On the Members tab, remove Gloria as a member. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
7. Exploring SAS Enterprise Guide Roles
y r r e
a. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
o p f o r
Remove PUBLIC as the current member. Click .
C o t
N
6.4 Solutions to Exercises 6-95
b. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role. Add
Gloria to the Current Members pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
c. Open SAS Enterprise Guide and connect as Gloria.
t S s
i g h d i
y r r e
o p f o r
C o t
N
If you are not prompted for credentials, verify that you are connected as Gloria in the
status bar. If you are connected as someone else, select Connection and connect as
Gloria.
6-96 Chapter 6 Administering Client Applications
d. On the status bar, select Functions. Compare the list of authorized functions to the list of
capabilities in the Enterprise Guide: Analysis role. Do the lists match? Close SAS Enterprise
Guide.
1) Select Functions on the status bar.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
2) Compare the list of functions to the Capabilities tab of the role in SAS Management Console.
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-97
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
e. In SAS Management Console, open the properties of the Enterprise Guide: Advanced role.
y r r e
Add PUBLIC to the current member. Click .
o p f o r
C o t
N
6-98 Chapter 6 Administering Client Applications
f. In SAS Management Console, open the properties of the Enterprise Guide: Analysis role.
Remove Gloria from the Current Members pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
8. Exploring the SAS BI Dashboard Role
ra. In SAS Management Console, open the properties of the BI Dashboard: Administration role.
o p f o r
C o t
N
6.4 Solutions to Exercises 6-99
c .
e In
t u t
s t i n .
I n t i o
What are the capabilities assigned to this role? The capabilities are implicit. The Description
S u
field of the General tab states: Provides BI Dashboard administration capabilities.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-100 Chapter 6 Administering Client Applications
c. How would you add a member to this role? Add a member to the BI Dashboard
Administrators group.
c .
e In
t u t
s t i n .
I n t i o
S
A tri
9. Creating a New Role
b u
t S
a. In SAS Management Console, select the Plug-ins tab and then select User Manager.
s
i g h d i
Right-click User Manager and select New Ö Role.
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-101
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
Members: Gloria
s
i g h d i
y r r e
o p f o r
C o t
N
6-102 Chapter 6 Administering Client Applications
Contributing Roles: Add-In for Microsoft Office: Advanced, Enterprise Guide: Advanced,
Web Report Studio: Advanced
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
c. Click the Capabilities tab to verify that the capabilities from the three contributing roles were
t S
applied. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-103
a. Create a role named Role 1 with some capabilities of your choice. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
b. Create a role named Role 2 with Role 1 as a contributing role and some additional capabilities
i g h
assigned.
d i
y r r e
1) Create Role 2 and add Role 1 as a contributing role.
o p f o r
C o t
N
6-104 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
c. Delete Role 1. What effect does this have on Role 2?
t S
1) Right-click Role 1 and select Delete.
s
i g h d i
y r r e
o p f o r
C o t
N 2) Click in the Confirm Object Deletion dialog box.
6.4 Solutions to Exercises 6-105
3) Open the properties of Role 2 and select the Contributing Roles tab. Role 1 is no longer
a contributing role in Role 2.
c .
e In
t u t
s t i n .
I n i o
4) Select the Capabilities tab. The capabilities of Role 2 do not include the capabilities
t
previously associated with Role 1. Click .
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Delete Role 2.
6-106 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
SAS Management Console
o p f o r
C o t
N
6.4 Solutions to Exercises 6-107
c. How do the servers (for both tables and cubes) in SAS Information Map Studio compare
to what is listed under the Server Manager plug-in in SAS Management Console?
1) Select the Servers icon in the Resources area and verify that Tables is the selected value
in the Show field. Only the SASApp server is displayed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2) Select the Server Manager plug-in in SAS Management Console. There are two server
s
contexts: SASMeta and SASApp.
i g h d i
y r r e
o p f o r
C o t
N
6-108 Chapter 6 Administering Client Applications
d. What type of objects can you create from the File menu in SAS Information Map Studio?
Only information maps
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-109
Can you create new folders in SAS Information Map Studio? Yes
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-110 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-111
2) Right-click on the information map in the Information Map Contents pane and select
Authorization….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
3) The Authorization window opens. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
b. How does the SAS folder list in SAS Enterprise Guide compare to the Folders tab in
s
SAS Management Console? Select the Folders icon. Only the folders that contain metadata
i g h d i
that is relevant to SAS Enterprise Guide and that Eric has permissions to access appear in
SAS Enterprise Guide.
y r r e
SAS Enterprise Guide
o p f o r
C o t
N
6.4 Solutions to Exercises 6-113
c .
e In
t u t
t i .
c. How does the Server List in SAS Enterprise Guide compare to the servers and libraries listed
s n
under the Server Manager and Data Library Manager plug-ins in SAS Management Console?
I n i o
1) In SAS Enterprise Guide, select the Server icon and expand Servers. Local and SASApp are
t
S
listed in the SAS Enterprise Guide server list.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-114 Chapter 6 Administering Client Applications
2) Expand the Server Manager plug-in in SAS Management Console. SASMeta and SASApp
servers are listed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
3) Expand SASApp Ö Libraries in SAS Enterprise Guide.
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-115
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
d. In SAS Enterprise Guide, select File Ö New. What types of objects can be created from the
SAS Enterprise Guide main menu? Project, data, program, report, stored process, note,
t S
process flow, ordered list
s
i g h d i
y r r e
o p f o r
C o t
N
6-116 Chapter 6 Administering Client Applications
e. In SAS Enterprise Guide, select Tools Ö SAS Enterprise Guide Explorer. Select File Ö New.
What types of objects can be created from the SAS Enterprise Guide Explorer window?
Libraries
1) Select Tools Ö SAS Enterprise Guide Explorer.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
2) Select File Ö New Ö Library….
s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-117
f. Which SAS Enterprise Guide roles enable access to SAS Enterprise Guide Explorer?
Enterprise Guide: Advanced role
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-118 Chapter 6 Administering Client Applications
g. Can you set metadata permissions on registered metadata objects from SAS Enterprise Guide?
Yes, you can grant RMN and/or WM but not deny any permissions through SAS Enterprise
Guide Explorer. In SAS Enterprise Guide Explorer, RM is labeled Read and WM is labeled
Write.
1) Verify that you are logged on to SAS Management Console as unrestricted. Select the Folders
tab and expand Orion Star. Right-click on the Marketing Department folder and select
Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-119
2) Select the Authorization tab. Highlight the Marketing group in the Users and Groups display
and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The Marketing group was granted both ReadMetadata and WriteMetadata permissions
to the Marketing Department folder.
6-120 Chapter 6 Administering Client Applications
3) Click the Members tab. Eric is a member of the Marketing group. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-121
4) Select the Sales group in the Users and Groups display. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The Sales group was granted ReadMetadata permission and denied the WriteMetadata
permission for the Marketing Department folder.
6-122 Chapter 6 Administering Client Applications
5) Click the Members tab. Susan is a member of the Sales group. Click and then
in the Marketing Department folder's Properties window.
c .
e In
t u t
s t i n .
I n t i o
6) Start SAS Enterprise Guide and verify that you are connected as Eric.
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-123
c .
e In
t u t
s t i n .
I n t i o
S
A tri
and select Properties.
b u
8) Expand SAS Folders Ö Orion Star, right-click on the Marketing Department folder,
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-124 Chapter 6 Administering Client Applications
9) Select Security in the left pane. Locate Susan in the Available Users and Groups list and add
her identity to the Selected Users and Groups list. Click on the Write check box. Click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-125
10) Using SAS Management Console, open the properties of the Marketing Department folder,
select the Authorization tab, and highlight Susan. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Susan is now granted both ReadMetadata and WriteMetadata permissions for the
Marketing Department folder.
6-126 Chapter 6 Administering Client Applications
13. Exploring SAS Add-In for Microsoft Office’s Interaction with Metadata
a. Open Microsoft Excel and connect as Eric. Select SAS Ö Reports. How does the SAS Folders
structure compare to the Folders tab in SAS Management Console? Close the Reports window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-127
b. Select SAS Ö Open Data Ö Into Worksheet…. How does the list of servers and libraries
compare to the servers and libraries listed under the Server Manager and Data Library Manager
plug-ins in SAS Management Console?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-128 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-129
b. Select File Ö New Ö New Using Wizard…. Click . How does the
folder structure compare to the Folders tab in SAS Management Console? Close the Select Data
Source window and cancel out of the New Report wizard.
1) Select File Ö New Using Wizard….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
2) Click
t S s .
i g h d i
y r r e
o p f o r
C o t
N
6-130 Chapter 6 Administering Client Applications
3) The Select Data Source window opens. Click Cancel to close the Select Data Source window.
Click Cancel. Click to confirm closing the Report Wizard.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6.4 Solutions to Exercises 6-131
c. Select File Ö Manage Files…. Select Create new folder. Provide a name and click .
Were you able to create a new folder here?
You can create a folder but not under root SAS Folders, for example, if you try to create
the folder under Orion Star Ö Marketing Department Ö Reports.
1) Select File Ö Manage Files….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
6-132 Chapter 6 Administering Client Applications
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3) Provide a name and click .
C o t
N
6.4 Solutions to Exercises 6-133
4) Click in the Warning dialog box and click Cancel in the Create New Folder
window.
c .
d. Double-click My Folder. Select Create new folder. Provide a name and click
e In
. Were you
t u t
able to create a new folder here? Where in the Folders tab in SAS Management Console does the
1) Double-click My Folder.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
2) Select the Create New Folder tool. Log off Eric from SAS Web Report Studio.
f
C o t
N
6-134 Chapter 6 Administering Client Applications
c .
e In
t u t
The new folder is created in My Folder.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 7 Administering Users
.
Exercises .............................................................................................................................. 7-19
c
7.2 Defining Administrative Users .................................................................................... 7-21
e
Demonstration: Exploring Administrative Functionality ....................................................... 7-30 In
u t
Exercises .............................................................................................................................. 7-31
t
7.3
s t i n .
Giving Users Access to Servers ................................................................................. 7-33
I n i o
Exercises .............................................................................................................................. 7-44
t
7.4
S
A tri b u
Solutions to Exercises ................................................................................................. 7-46
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-2 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.1 Defining Regular Users and Groups 7-3
Objectives
Examine the process of authentication.
Identify the different ways that user credentials
can be verified.
Explore how users are identified in the metadata.
c .
In
u t e
t i t .
I n s i o n
S u t
4
4
S A tri b
h t i s
r i g r e d
Introduction to User Administration
The SAS environment needs to be able to distinguish
p y o r
individual users making requests in order to accomplish
the following tasks:
C o t f
make access distinctions
5
5
7-4 Chapter 7 Administering Users
User Identities
To give someone an individual SAS identity, you create a
metadata user definition that includes a copy of a unique
external account ID.
c .
e In
t u t
s t i n .
6
6
I n t i o
S
A tri b u
On the Accounts tab of an identity object, any Windows user ID must be fully qualified
(for example, WindowsDomain\userID, MachineName\userID, or userID@company.com).
t S
Logins can also be associated with group metadata identities.
s
i g h d i
y r r e
Unique Names and IDs
o p o r
The metadata server enforces certain identity-related
constraints:
f
You cannot create a user definition that has the same
7
7 continued...
7.1 Defining Regular Users and Groups 7-5
c .
e In
t u t
s t i n .
8
8
I n t i o
Passwords
S
A tri b u
t S s
SAS does not use external passwords to identify users.
i g h d i
If the stored copy of the external account is only used for
identification purposes (inbound login), you do not need to
y r r e
store the password in the metadata. For security reasons,
the password field is masked with asterisks.
o p f o r
C o t
N
9
9
Even if no password is stored in the login, the field is populated with asterisks for security purposes.
7-6 Chapter 7 Administering Users
What Is Authentication?
Authentication is the verification of credentials
(user account and password). In the SAS platform,
authentication occurs during these situations:
initial connection to the metadata server
c .
e In
t u t
s t i n .
1
0
10
I n t i o
S
A tri b u
Data servers are servers such as Oracle, DB2, and Teradata. Processing servers are servers such
as workspace servers, stored process servers, and OLAP servers.
t S s
i g h d i
Authentication – Initial Connection
y r r e
When a user launches a SAS client application, one of the
first actions that must take place is initial connection to the
o p f o r
metadata server.
Initial connection includes two important phases:
C o t
Verification phase – User credentials (account and
password) are verified by an authentication
mechanism.
11
1
1
7.1 Defining Regular Users and Groups 7-7
c .
In
Web authentication
u t e
t i t .
12
I n s i o n
t
1
2
S u
Host authentication includes alternate authentication providers such as LDAP and Active Directory.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-8 Chapter 7 Administering Users
Host-Based Authentication
Verification
c .
e In
t u t
s t i
Identification
n .
1
3
13
I n t i o
S
A tri b u
This diagram depicts typical host (credential-based) authentication to connect to the metadata server.
In this process, credentials can be local, host, Active Directory, and LDAP.
t S
Verification Phase:
s
1.
i g h d i
The client acquires user credentials to connect to the metadata server. A user ID and password
are passed to the metadata server.
r r e
2. - 3. The credentials must be authenticated, so the metadata server passes the credentials to the
y
o p o r
authentication provider. Depending on how the system is configured, the provider can directly
validate the credentials or pass the user ID and password to another authentication mechanism
f
(for example, LDAP).
C o t
4. - 5. The authentication provider (host or other) validates the credentials and returns a fully qualified
user ID. The password is not returned.
6.
N
Identification Phase:
The metadata server searches its identities’ accounts for a matching fully qualified user ID.
7. If a match is found, the SAS identity associated with the matching account is determined.
If no match is found, then the PUBLIC group is determined as the SAS identity. The metadata
server can now resolve metadata access controls, role memberships, and so on, for that identity.
The owning identity can be a user or a group.
8. A connection is established between the client application and the metadata server.
The host operating system can be configured to pass credentials to another authentication mechanism
(termed “back-end use”) such as LDAP or Active Directory. This is the recommended configuration for
using an alternate authentication provider.
For UNIX, PAMs extend UNIX host authentication to recognize an LDAP provider such as the Microsoft
Active Directory. When a SAS server asks its UNIX host to validate credentials, the host passes the user
ID and password to the configured provider for verification.
7.1 Defining Regular Users and Groups 7-9
c .
e In
t u t
s t i n .
1
4
14
I n t i o
S
A tri b u
Direct LDAP enables the metadata server to recognize accounts that are not known to its host; direct
LDAP does not modify the host’s behavior.
t S
Many hosts use an LDAP provider as a back-end authentication mechanism. From the perspective of the
s
SAS server, this is host authentication, so no direct LDAP configuration is needed.
i g h d i
Direct use of an alternate provider (for example, LDAP) is another option for the metadata server
y r r e
and OLAP server only. In this configuration, the SAS server is reconfigured to pass credentials
directly to an LDAP provider such as Microsoft Active Directory. This is termed direct use and
o p r
does not modify the host's behavior. However, this is not the recommended configuration because
o
not all server processes support this configuration. For example, a standard workspace server
f
instantiated by the object spawner requires host authentication.
C o t
N
7-10 Chapter 7 Administering Users
e In
network.
u t
IWA can be used to support single sign-on to standard
t
workspace server.
s t i n .
1
5
15
I n t i o
S
A tri b u
The SAS servers are configured to use IWA, so a user only has to select the Use Integrated Windows
Authentication check box in the connection profile.
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.1 Defining Regular Users and Groups 7-11
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
Integrated Windows Authentication (IWA):
1. The client asks Windows for a token that represents the user who is currently logged on to the client
t S
computer. This step is initiated when a user launches a desktop client or makes a request for a
workspace server.
s
g h d i
2. Windows provides the token to the client.
i
r r e
3. The client sends the Windows token to the target server. Notice that only the token is sent; the user’s
y
o p f o r
password is not available to the target server.
4. The target server sends the token back to Windows for verification.
C t
5. Windows tells the target server that the token is valid.
o
N
6. The target server accepts the connection from the client.
7-12 Chapter 7 Administering Users
Web Authentication
Web authentication means that the Web application
server performs the initial authentication of the user
credentials before requesting initial connection to the
metadata server. The metadata server accepts (trusts)
the requested connection. This process uses a trusted
user connection to the metadata server.
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S
A tri b u
In a mixed-provider deployment, Web authentication can help to reduce the number of external user
accounts that you must create in the metadata server’s authentication provider, because users who use
t S
only Web applications no longer need accounts with the metadata server’s authentication provider.
s
For a detailed discussion of Web authentication, refer to the SAS® 9.2 Intelligence Platform Security
i g h
Administration Guide.
d i
y r r e
o p f o r
C o t
N
7.1 Defining Regular Users and Groups 7-13
Web Authentication
c .
e In
t u t
s t i n .
1
8
18
I n t i o
S
A tri b u
This slide depicts an initial connection for a user who is not already authenticated at the Web perimeter.
For example, the user makes a request to access SAS Web Report Studio:
t S
1. In a Web browser, the user makes the request.
s
g h d i
2. A SAS component within the Web application server (the Logon Manager application) prompts
the user for credentials.
i
r r e
3. The user supplies credentials to the Web container.
y
o pprovider.
f o r
4. The Web Application Server attempts to verify the credentials against its designated authentication
C t
5. SAS Remote Services uses a trusted user connection to authenticate to the metadata server.
o
N
6. The metadata server looks up the user's account in the metadata repository. (This step does not
involve password validation and is not affected by authentication domain assignments. Only the user's
account is being matched.)
7. The user's SAS identity is determined.
8. The user context information is returned.
7-14 Chapter 7 Administering Users
e In
t u t
s t i n .
1
9
19
I n t i o
S
A tri b u
The metadata server’s integrity constraints ensure that there is never more than one owning identity.
If the account is a Windows ID, the matching process expects the SAS copy of the user account
t S
to be the fully qualified form.
s
i g h d i
Group Identities
y r r e
For administration and ease of maintenance and
o p f o r
accountability, you should create group identities.
Groups can be used to do the following:
C o t
assign permissions
share credentials
N populate roles
20
2
0
7.1 Defining Regular Users and Groups 7-15
Predefined Groups
The following groups are predefined:
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri
Identity Hierarchy b u
t S s
All of a user’s group memberships are part of the user’s
i g h
identity.
d i
y r r e
o p f o r
C o t
N
22
2
2
7-16 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri b u
Importing User and Group Identities
t S s
The user import macros enable the batch import and
i g h d i
synchronization of user and group identity information
from a provider such as LDAP into the SAS metadata.
y r r e
This process follows these general steps:
o p o r
Extract information from your authentication provider.
f
Compare the sets of tables and identify additions
24
2
4
Examples are provided for import and synchronization with an Active Directory server and UNIX
/etc/passwd files. Additional information is provided to help extrapolate to other authentication providers.
This describes the full synchronization process. An initial import that does not require the comparison
step can be implemented the first time that user information is imported. Thereafter, the full
synchronization process is used to ensure that information is consistent.
For more information about importing user and group identity information see Appendix 2,
"User Import Macros," in the SAS® 9.2 Intelligence Platform Security Administration Guide.
7.1 Defining Regular Users and Groups 7-17
Initial Import
c .
e In
t u t
s t i n .
2
5
25
I n t i o
S
A tri b u
Back up your environment before doing the initial import.
The initial import extracts identity information from your authentication provider and loads that
t S
information into the metadata.
s
i g h d i
Any identity that you import using these macros must not already exist in the SAS environment.
y r r
metadata.
e
You cannot import an identity that has the same name as an identity that already exists in the
o p f o r
Do not delete existing SAS identities to include them in an initial import. When you delete
a SAS identity, you lose that identity’s associations (such as access controls). Creating a new
C o t
identity with the same name does not restore these associations. You can incorporate a manually
created identity into the synchronization process. To do this, add an external identity on the
General tab of that identity’s metadata definition.
N
7-18 Chapter 7 Administering Users
Periodic Synchronization
c .
e In
t u t
s t i n .
2
6
26
I n t i o
S
A tri b u
Back up your environment before synchronizing user/group information.
The synchronization performs two extractions (one from your authentication provider and another from
t S
the SAS metadata) and then loads validated updates into the metadata:
s
i g h d i
1. Extract information from your authentication provider.
y r r e
2. Extract information from the SAS metadata.
o r
3. Compare the two sets of tables and identify updates that need to be made to the metadata
f o
C o t
4. Validate the changes to make sure that they do not violate the metadata server’s integrity constraints.
5. Load the updates in the metadata.
N
7.1 Defining Regular Users and Groups 7-19
Exercises
c .
In
b. Which SAS Management Console role(s) makes the User Manager plug-in available to users?
Who are the members of those roles?
2. Identifying Requirements
u t e
i t
Orion Star identified the following requirements:
t .
I s i o n
In addition to the existing Sales and Marketing organizations, the Finance and Payroll Departments
n
will also participate in the SAS platform. Business users will only access data and content relevant
to their organizations except Payroll members will require access to Finance data and content.
S u t
Application developers, data integrators, and report content creators will have access to all data and
be responsible for creating content across departments.
S A tri b
The following additional identities and groups are required:
h t
• Finance – Ben, Jennifer, Megan, Katie
i s
• Payroll – Peter, Alex, Megan
r i g r e d
• Application Developers – James, Cecily
• Data Integrators – Jim, Ray
p y o r
Based on these requirements, answer the following questions:
C o t f
a. Do all Orion Star users require individual metadata identities? Why or why not?
N o
b. Do all Orion Star users require inbound logins? Why or why not?
c. What additional group identities need to be defined?
d. What individual metadata identities need to be defined?
e. Diagram the identity hierarchies of the Finance and Payroll users.
7-20 Chapter 7 Administering Users
e In
t u t
4) Save the changes and close the file.
b. Right-click LoadUsers.sas and select Batch Submit with SAS 9.2. Search the log,
s i
LoadUsers.log, for errors.
t n .
c. Use SAS Management Console to verify that the new users and groups are created and that group
I n
membership is correct.
t i o
S
d. Assign James and Cecily to the Application Developers group.
A tri b u
e. Assign Jim and Ray to the Data Integrators group.
t S
f. Open the properties of the James identity. On the General tab, select External Identities.
s
i g d i
What value is listed? What is the purpose of this value?
h
y r r e
o p f o r
C o t
N
7.2 Defining Administrative Users 7-21
Objectives
Identify different types of administrative users.
Follow best practices for establishing
unrestricted users.
Explore metadata server roles.
c .
In
u t e
t i t .
I n s i o n
S u t
2
9
29
S A tri b
h t i s
r i g r e d
Basic User Types
Most users of the SAS platform are end users who log on
p y o r
to one or more of the SAS applications. There are also
identities and accounts with special abilities or purposes,
C o t f
such as the following:
SAS metadata administrators that have special access
30
3
0
Administrative and privileged users should only be used for their intended purpose, and end users
should not have access to these accounts and identities.
7-22 Chapter 7 Administering Users
Predefined Groups
The following groups are predefined:
SAS This group is for metadata
Administrators administrators whose members are
given broad access to administrative
capabilities but who are not unrestricted.
SAS System Permissions assigned to this group
enable members to read server
c .
In
Services
definitions and other system metadata.
SAS General
Servers
u t e
Members of this group are used to
launch stored process servers and
t i t
pooled workspace servers. The SAS
.
Server Invoker is the account (sassrv)
31
I n s i o n
used as the login for the group.
t
3
1
S
A tri b u
Based on the software deployed at your site, you might find additional predefined groups, including Table
Server Administrators, BI Dashboard Administrators, BI Dashboard Users, and BI Web Services Users.
t S s
i g h d i
Two Levels of Administrative Users
y r r e
Administrative users have special abilities and privileged
access to metadata based on their assignments to roles.
o p f o r
There are two basic levels of administrative users:
Administrators have metadata access capabilities
N
access controls
Unrestricted have unrestricted access to
Users metadata
can perform tasks when the
metadata server is paused for
administration
32
3
2
7.2 Defining Administrative Users 7-23
Unrestricted Users
To designate a user as unrestricted, do the following:
Create a metadata identity with an external account.
c .
e In
t u t
s t i n .
3
3
33
I n t i o
S
A tri b
SAS Administrator Identity
u
t S s
In a default new SAS 9.2 configuration,
i g h d i
the SAS Administrator identity is associated with
an internal SAS account, sasadm@saspw.
y r r e
Service identities such as the SAS Trusted User can
o p f o r
also be associated with an internal SAS account.
C o t
N
34
3
4
7-24 Chapter 7 Administering Users
Internal Accounts
Internal accounts are primarily used to connect
to the metadata server and
exist only in the metadata
c .
e In
t u t
s t i n .
3
5
35
I n t i o
S
A tri b u
SAS internal accounts can also support direct connections to the OLAP server and the table server. For
example, a direct connection from SAS code to a server could use an internal account for authentication.
Server.
t S
The most common use of a direct connection occurs when the middle tier connects to the SAS Table
s
i g h d i
By initial policy, these server-level settings for internal account policies are in effect:
y r e
• Accounts do not expire and are not suspended due to inactivity.
r
• Passwords must be at least six characters, do not have to include mixed case or numbers, and do not
o p
expire.
f o r
• The five most recent passwords for an account cannot be reused for that account.
C t
• There is no mandatory time delay between password changes.
o
• After three failed attempts to log on, an account is locked. If an account is locked because of log on
N
failures, further log on attempts cannot be made for one hour.
• For an account that has a password expiration period, there is a forced password change on first use and
after the password is reset by someone other than the account owner. By initial policy, passwords do
not expire so there are no forced password changes.
Internal accounts should only be used for service accounts and administrators.
• An internal account has the format userID@saspw.
7.2 Defining Administrative Users 7-25
c .
e In
t u t
s t i n .
3
6
36
I n t i o
S
Internal Authentication:
A tri b u
1. At a log-on prompt, Joe enters his internal credentials. The client sends those credentials
t S
to the metadata server for verification.
s
g h d i
2. The metadata server recognizes that the ID is for an internal account (because the ID has the @saspw
suffix), so the metadata server checks the credentials against its list of internal accounts.
i
r r e
3. After validating the ID and password, the metadata server accepts the client connection.
y
o p f o r
The connection is accepted using the SAS identity associated with the internal account.
Internal authentication alone is not sufficient to enable a user to have access to a standard workspace
C t
server because a host account is required.
o
N
7-26 Chapter 7 Administering Users
c .
In
delete, unregister, add, or initialize a foundation
repository
u t e
run a server such as a stored process server
t i t .
37
I n s i o n
t
3
7
S
A tri b u
A user that only owns an internal account would be prompted for credentials when attempting to access
a standard workspace server. More generally, prompting for credentials is not supported by all client
t S
applications or server processes.
s
Integrated Windows authentication (IWA) and Web authentication require an external account.
g h d i
Your environment might use the following internal accounts to connect to the metadata server:
i
r r e
• SAS Administrator (sasadm@saspw)
y
o f o r
• SAS Trusted User (sastrust@saspw)
p
• SAS Anonymous Web Service User (webanon@saspw)
C o t
N
7.2 Defining Administrative Users 7-27
s t i n .
3
8
38
I n t i o
S
A tri b u
SAS internal accounts have the following benefits:
• Minimize the need to create external accounts for service identities. For example, by default, the
t S
SAS Administrator (the Default Administrative User) uses a SAS internal account (sasadm@saspw)
to connect to the metadata server. This internal account is also listed in the adminusers.txt (with a
s
g h d i
preceding asterisk (*)) file and confers unrestricted user status on the user that connects to the metadata
server using this account. No external host account is needed for this identity.
i
y r r e
• Facilitate the creation of dual users for intermittent use of an administrative role by enabling a user
to have a second metadata identity without having a second external account.
o p f o r
• Facilitate troubleshooting by enabling an administrator to assume another user's identity by temporarily
adding an internal account to the user's definition and then logging on with the user's internal
C t
credentials.
o
• Provide independence from the rest of your computing environment. For example, internal accounts
N
do not have to follow your general password change requirements, cannot be used to access resources
beyond the SAS metadata, and are not affected by changes in machine names or in your authentication
configurations.
7-28 Chapter 7 Administering Users
Administrative Roles
In addition to the client application roles, the following
implicit metadata server roles are defined at installation:
Metadata all capabilities provided by the
Server: metadata server regardless of
Unrestricted metadata permission settings
e In
Metadata
Server:
t u t
administration of the metadata server
(monitor, stop, pause, resume,
Operation
s i
quiesce) and its repositories (add,
t .
initialize, register, unregister, delete)
n
4
0
40
I n t i o
S
A tri b u
The metadata server roles have implicit capabilities. This means that the default capabilities for these
roles cannot be viewed or modified. However, additional capabilities can be added to these roles.
t S
Unrestricted users can use only those logins that are assigned to them (or to groups to which they belong).
s
They do not automatically have implicit capabilities that are provided by components other than the
i g h
metadata server.
d i
y r r e
o p f o r
Administrative Tasks
Many administrative tasks have permission requirements
C o t
in addition to capability requirements. For example, to
operate servers other than the metadata server, you need
39
3
9
7.2 Defining Administrative Users 7-29
adminUsers.txt File
Users listed in the adminUsers.txt file are granted similar
access to members of the Metadata Server: Unrestricted
role. The adminUsers.txt file
is located in the metadata server’s configuration
directory
should not be used to define unrestricted users unless
all other administrators are locked out
c .
requires the metadata server to be restarted in order
to pick up changes to the file.
e In
t u t
s t i n .
4
1
41
I n t i o
S
A tri b u
The adminUsers.txt file ensures that your site will always have at least one user with the privileges of an
unrestricted user, regardless of what is specified in the metadata. You cannot override this user’s
t S
privileges by modifying the user definition in SAS Management Console.
s
The adminUsers.txt file is typically located in the MetadataServer configuration folder in a path similar to
i g h
one of the following:
d i
y r e
• SAS-configuration-directory\Lev1\SASMeta\MetadataServer
r
• SAS-configuration-directory\Lev1\SASApp\MetadataServer
p o r
Restricted user administrators (members of the Metadata Server: User Administration role but not an
o f
unrestricted user) cannot update identities for which they have an explicit or ACT denial of
C t
WriteMetadata.
o
Only someone who has an external user ID that is listed in the adminUsers.txt file with a preceding
N
asterisk can delete, unregister, add, or initialize a Foundation repository. Only an unrestricted user can
analyze and repair metadata or perform tasks when the metadata server is paused for administration.
If you need to unlock an internal account, no other administrator is available, and you have the necessary
host access:
1. Edit the adminUsers.txt file to create a new unrestricted user and restart the metadata server for the
change to take effect.
2. Log on to SAS Management Console with the new unrestricted user and unlock the account.
3. Verify that the account is unlocked by logging on to SAS Management Console with the account.
4. Remove the unrestricted user that you added from the adminUsers.txt file and restart the metadata
server.
7-30 Chapter 7 Administering Users
e In
6. Type the password Student1.
t u t
5. On the Accounts tab, select Create Internal Account.
7. Click twice.
s t i n .
I n i o
8. Select Start Ö All Programs Ö SAS Ö SAS Management Console 9.2.
t
S
A tri b u
9. Log on as AdminMarty@saspw. How is the user identified?
10. Select Start Ö All Programs Ö SAS Ö Enterprise Guide 4.2.
t S
11. Select the Connection link.
s
i g h d i
12. Select My Server and click .
r r e
13. Change the user to AdminMarty@saspw.
y
p
14. Click
o f o r .
C 15. Click
o t .
N
16. Click .
Exercises
4. Unrestricted Users
a. The SAS Administrator user is directly a member of the Metadata Server: Unrestricted role.
Is the SAS Administrator user an indirect member of any role?
c .
In
b. Examine the adminUsers.txt file. What account is listed in the file?
5. Impersonating a User
u t e
a. In SAS Management Console, in the User Manager plug-in, open Henri’s properties.
Click
t
twice.i t
On the Accounts tab, select Create Internal Account. Type the password Student1.
.
I n s i o n
b. Log on to SAS Enterprise Guide with the Henri@saspw account. What can you access?
What can you not access?
S u t
c. Log on to SAS Web Report Studio with the Henri@saspw account. What can you access?
A tri
What can you not access?
S b
h t
d. Delete Henri’s password from the DefaultAuth login associated with his metadata identity. Log on
i s
to SAS Web Report Studio with the Henri@saspw account. What can you access? What can you
r g
not access?
i r e d
6. Creating a Dual User
p y r
a. Christine needs to connect to the metadata server as an unrestricted user sometimes and
o
C o t f
as a regular user other times. In the User Manager plug-in, create two metadata identities:
• Name: Christine
N o
• Display Name: Christine
• Groups and roles: Data Integrators, Report Content Creators, Marketing, Sales,
Orion Star Users
• Accounts
− User ID: localhost\Christine
− Password: Student1
− Authentication Domain: DefaultAuth
• Name: AdminChristine
• Display Name: Administrator | Christine
• Groups and roles: SAS Administrators, Metadata Server: Unrestricted
• Accounts
− Internal User ID: AdminChristine@saspw
− Password: Student1
7-32 Chapter 7 Administering Users
b. Log on to SAS Management Console using the localhost\Christine account. Open a second
instance of SAS Management Console and log on using the AdminChristine@saspw account.
How are the two instances of SAS Management Console similar? How are they different?
7. Troubleshooting User Identities
a. In the User Manager plug-in, open the properties of the Harvey metadata identity. On the
Accounts tab, select the login and Edit. Remove localhost from the user ID to change the user
name to Harvey.
b. Log on to SAS Enterprise Guide using the localhost\Harvey user ID. What is the effect?
c .
In
c. Log on to SAS Data Integration Studio using the localhost\Harvey user ID. What is the effect?
e
8. Planning for Your Environment
t u t
d. Log on to SAS Web Report Studio using the localhost\Harvey user ID. What is the effect?
t i
a. Which users need to be unrestricted?
s n .
I n
b. Which users need dual accounts?
t i o
c. Which users need to be more powerful than regular users but not unrestricted? What roles should
S
they belong to?
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.3 Giving Users Access to Servers 7-33
Objectives
Determine how to give users access to processing
servers and data servers.
Explore SAS token authentication.
Define authentication domains.
c .
In
u t e
t i t .
I n s i o n
S u t
4
5
45
S A tri b
h t i s
r i g e d
Connecting to Processing Servers
and Data Servers
r
p y o r
After they are connected to the metadata server,
users typically need to connect to these servers:
C o t f
a processing server, such as
– workspace server
– Oracle
– DB2
– SQL Server
46
4
6
Before instantiating a server process, the object spawner always has the credentials under which the
process will run, authenticated by the host. This means that the following accounts must be able to be
authenticated by the host:
• shared account under which the pooled workspace server and stored process server run, typically sassrv
• any account used to launch a standard workspace server
7-34 Chapter 7 Administering Users
Authentication Mechanisms
To connect to processing servers and data servers,
you can use one or more of the following authentication
mechanisms:
re-use of credentials supplied during initial connection
(cached credentials)
retrieval of credentials from the metadata repository
e In
t u t
s t i n .
4
7
47
I n t i o
S
A tri
User Context b u
t S s
Each client application maintains an in-memory list of
i g h d i
credentials (user context) for each connected user.
The initial list includes credentials that are provided when
y r r e
the applications are launched (cached credentials).
o p f o r
C o t
N
4
8
48 continued...
Credentials provided for initial connection are reused by default for servers in the DefaultAuth
authentication domain.
If Web authentication is configured, the password from the user’s interactive logon to a Web client
is not available to be added to the list.
If the user logs on with Integrated Windows authentication, the user’s password is not available
to be added to the list.
7.3 Giving Users Access to Servers 7-35
User Context
During the session, other credentials are added to the list:
credentials provided interactively during the session
(prompting)
logins from the user’s Accounts tab as they are
needed (retrieval from metadata)
logins from the Accounts tab of groups in the user’s
identity hierarchy as they are needed (retrieval from
c .
metadata)
e In
t u t
s t i n .
4
9
49
I n t i o
S
A tri b
SAS Token Authentication
u
t S s
SAS token authentication is when the metadata server
i g h d i
generates and validates a single-use identity token for
each authentication event. This enables the following
y r r e
SAS processing servers to accept users who are already
connected to the metadata server:
o p o r
OLAP server
f
stored process server
C o t
pooled workspace server
N
50
5
0
In most new deployments, SAS token authentication is used for seamless connection to the participating
SAS servers. No additional configuration is required for these servers.
This pooling configuration is server-side pooling in which the object spawner manages requests.
SAS token authentication cannot be used for the initial connection to the SAS Metadata or to
connect to third-party database servers, and it is not used, by default, to connect to the standard
workspace server.
7-36 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
5
1
51
I n t i o
S
A tri b u
1. The user initiates a request that requires access to a target server (for example, a request in
SAS Enterprise Guide to open a cube associated with the OLAP server). Using the existing
t S
connection to the metadata server, the client requests an identity token for the target server.
s
2. The metadata server generates the token and returns it to the client.
g h d i
3. The client sends the token to the target server.
i
r r e
4. The target server sends the token back to the metadata server for validation.
y
o p f o r
5. The metadata server validates the token and returns an acceptance message and a representation
of the user to the target server.
C t
6. The target server accepts the connection.
o
N
7.3 Giving Users Access to Servers 7-37
I n t i o
S
A tri b u
Limitations of SAS Token Authentication
t S s
The limitations of using SAS token authentication
i g h
are as follows:
d i
Host access is based on a shared login,
y r r e
if implemented for use on a standard
o p o r
workspace server.
It is only available for metadata-aware connections
f
to the target server.
C o t
This authentication is not available for access
to third-party database servers.
N
53
5
3
Because SAS token authentication essentially uses a shared login (typically, sassrv), host access
to resources is based on access rights associated with that account.
Metadata-aware connections are connections in which the client learns about the target server by reading
the server’s metadata definition. Direct connections to a SAS server (for example, from the SAS Add-In
for Microsoft Office to the OLAP server) cannot use SAS token authentication. Direct connections use
client-supplied credentials or, in some cases, Integrated Windows authentication (IWA).
7-38 Chapter 7 Administering Users
e In
u t
If both servers are on UNIX or both on z/OS, use
credential-based authentication for both servers
t
(credential caching).
s t i n .
5
4
54
I n t i o continued...
server. S
A tri b u
If both servers share the Windows platform, IWA ensures seamless access to the standard workspace
t S
If IWA is not offered or the servers are not on Windows, using the same credential-based authentication
s
mechanism also provides seamless access. The reason for this is that SAS client applications cache the
i g h d i
credentials used for initial connection and attempt to reuse those credentials (in metadata-aware
situations) upon request for another SAS server. This is called credential caching.
y r r e
o p f o r
C o t
N
7.3 Giving Users Access to Servers 7-39
e In
(credential retrieval).
t u t
the workspace server’s authentication provider
s t i n .
5
5
55
I n t i o
S
A tri b u
Each solution has its advantages and disadvantages:
• Converting the standard workspace server to use SAS token authentication provides seamless access at
t S
the cost of host access via individual accounts.
s
• Aligning the authentication providers of both servers might not be possible in some mixed provider
i g h d i
environments, for example, Windows and UNIX servers using local or host accounts.
• Storing credentials in the SAS repository might mean additional administration if passwords are
r r e
required to change on a regular basis.
y
o p f o r
The best choice requires evaluating the goal of seamless access versus the cost of configuration effort,
maintenance effort, and granularity needed for host access from that server to SAS data.
C o t
N
7-40 Chapter 7 Administering Users
e
providing seamless access with a few distinct In
identities
t u t
All of these represent a form of credential retrieval.
s t i n .
5
6
56
I n t i o
Solutions:
S
A tri b u
The reason is that most external database servers use their own authentication provider.
t S
• Store the user ID and password for one shared account in the metadata (on the Accounts tab of a group
s
g h
definition).
d i
• Store individual user IDs and passwords in the metadata (on the Accounts tab of each user definition).
i
y r r e
• Store a different shared user ID and password in the metadata (on the Accounts tab of a few different
group definitions).
o p f o r
Another alternative is to combine the second and third solutions into a hybrid approach.
C
o tAn option to preserving individual identity, but not seamless access, is possible. No configuration
is required. Users are prompted for credentials for the target server. However, not all applications
N and servers support secondary prompting and the user might not be aware of what credentials are
requested.
7.3 Giving Users Access to Servers 7-41
password
authentication domain
c .
e In
t u t
s t i n .
5
7
57
I n t i o
S
A tri
Outbound Logins b u
t S s
Outbound logins can be defined on the Accounts tab
i g h d i
of individual and group identities.
y r r e
o p f o r
C o t
N
58
5
8
7-42 Chapter 7 Administering Users
e In
t u t
s t i n .
5
9
59
I n t i o
S
A tri
Authentication Domainsb u
t S s
i g h d i
y r r e
o p f o r
C o t
N
60
6
0
7.3 Giving Users Access to Servers 7-43
Authentication Domains
Authentication domains can be managed using the Server
Manager plug-in or the User Manager plug-in.
c .
e In
t u t
s t i n .
6
1
61
I n t i o
S
A tri b u
When to Store Passwords in the Metadata
t S s
In most deployments of the platform for SAS Business
i g h d i
Analytics, passwords for external accounts only need
to be stored in the metadata to support these types of
y r access:
r e
o p o r
seamless access to an external database
N
62
6
2
7-44 Chapter 7 Administering Users
Exercises
The following is an example of how a UNIX site might provide access to servers:
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
Here are some points about this example:
s
• The site cannot offer Integrated Windows authentication (IWA) because the metadata server is not on
Windows.
i g h d i
• The site chose to establish two levels of host access from the pooled workspace server. Notice that
r r e
there are two servers under the logical server, each with a different launch credential. The site gave
y
each credential different host layer access to SAS data sets. Another reason to define multiple servers
o p f o r
would be the use of different start-up scripts.
9. Documenting Authentication Choices
C o t
a. Complete the following template to show how things are set up in the classroom environment.
N Include the type of host for the metadata server and workspace server. Include the authentication
method used for the metadata server and workspace server.
7.3 Giving Users Access to Servers 7-45
b. Complete the following template to show how things are set up at your site. Include the type
of host for the metadata server and workspace server. Include the authentication method used
for the metadata server and workspace server.
c .
e In
t u t
s t i n .
I n t i o
10. Maintaining Passwords with the SAS Personal Login Manager
a. Select Start Ö All Programs Ö SAS Ö SAS Personal Login Manager 9.2.
S
A tri b u
b. Log on with the My Server connection profile as Marcel.
Manager?
t S
c. Where in SAS Management Console can you find what is displayed in SAS Personal Login
s
g h d i
d. Can Marcel modify an existing login?
i
r r e
e. Can Marcel add a new login?
y
o p f o r
11. Maintaining Passwords with SAS Enterprise Guide
a. Connect to SAS Enterprise Guide as Marcel.
C o t
b. Select Tools Ö SAS Enterprise Guide Explorer. In SAS Enterprise Guide Explorer, select
e
SAS Administrators
b. Which SAS Management Console role(s) makes the User Manager plug-in available to users? In
t u t
Management Console: Content Management role and Management Console: Advanced role
t i
Who are the members of those roles? The Sasusers group is a member of the Management
.
Console: Content Management role and the SAS Administrators group is a member of the
s n
Management Console: Advanced role.
I
2. Identifying Requirementsn t i o
S u
Orion Star identified the following requirements:
A tri b
t S
In addition to the existing Sales and Marketing organizations, the Finance and Payroll Departments
will also participate in the SAS platform. Business users will only access data and content relevant
s
i g h d i
to their organizations except Payroll members will require access to Finance data and content.
Application developers, data integrators, and report content creators will have access to all data
y r r e
and be responsible for creating content across departments.
The following additional identities and groups are required:
o p o r
• Finance – Ben, Jennifer, Megan, Katie
f
• Payroll – Peter, Alex, Megan
C o t
• Application Developers – James, Cecily
• Data Integrators – Jim, Ray
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3. Loading Users and Groups with User Import Macros
a. Use Windows Explorer to navigate to S:\Workshop\spaft. Use TextPad to open LoadUsers.sas.
Modify the code in the following ways:
C o t
1) In the OPTIONS statement, provide the correct host name for the metadata server in the
N METASERVER option and provide the credentials of an unrestricted user in the METAUSER
and METAPASS options.
In the section described below, add the following code:
/*----------------------------------------------------------
* FILL OUT INFO FOR METASERVER and METAUSER!!!!!!!!!
*----------------------------------------------------------*/
options metaserver="localhost"
metaport=8561
metauser="Ahmed"
metapass="Student1"
7-48 Chapter 7 Administering Users
2) Add a line to the code that populates the group membership table to set Payroll to be a
member of Finance.
In the /* Create members of group table */ section of the code, add the
line:
G101,G102
c .
P110,Ben, ,Business Analyst
e
In the section /* Create telephone table */, add the following code: In
u
P110,+19196775555,Office
t t
t i .
In the section /* Create table with locations */, add the following code:
s n
I n
,Cary,27513,NC,USA
t i o
P110,ORION Star Company,Office,ORION Star Boulevard 123
S u
In the section /* Create email table */, add the following code:
A tri b
t S
P110,ben@orion.com,business
s
In the section /* Create members of group table */, add the following code:
i g h d
G101,P110 i
y r r e
In the section /* input &logincoll; */, add the following code:
o p f o r
P110,localhost\Ben, ,A001
C o t
b. Right-click LoadUsers.sas and select Batch Submit with SAS 9.2. Search LoadUsers.log for
N errors.
7.4 Solutions to Exercises 7-49
c. Use SAS Management Console to verify that the new users and groups are created and that group
membership is correct.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-50 Chapter 7 Administering Users
2) Select Show Users. Using the CTRL key, select Cecily and James and click to move
them to the Current Members pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
e. Assign Jim and Ray to the Data Integrators group. Follow step 3.d. above.
7.4 Solutions to Exercises 7-51
f. Open the properties of the James identity. On the General tab, select External Identities.
What value is listed? Context of IdentityImport and an identifier of P106.
What is the purpose of this value? An external identity is an optional synchronization key
for a user, group, or role. Use to learn more about the fields in this display.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
4. Unrestricted Users
y
o p f o r
a. The SAS Administrator user is directly a member of the Metadata Server: Unrestricted role.
Is the SAS Administrator user an indirect member of any role? The SAS Administrator is a
C o t
member of the SAS Administrators group, which is a member of the following roles:
Management Console: Advanced, Metadata Server: Operation, Metadata Server:
User Administration, and Table Server Administrators.
N
b. Examine the adminUsers.txt file. What account is listed in the file? *sasadm@saspw
7-52 Chapter 7 Administering Users
5. Impersonating a User
a. In SAS Management Console. In the User Manager plug-in, open Henri’s properties.
On the Accounts tab, select Create Internal Account. Type the password Student1.
Click twice.
1) In the User Manager plug-in, open Henri’s properties. On the Accounts tab, select
Create Internal Account.
2) Type the password into the New Password and Confirm Password fields and click
c .
In
Ö .
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
7.4 Solutions to Exercises 7-53
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
1) Click
r e .
o p 2) Click
f
3) Click
o r .
C o t
What can you access? Folders, cubes
NWhat can you not access? Libraries and the SASAPP server without providing further
credentials
7-54 Chapter 7 Administering Users
c .
e In
t u t
t i .
c. Log on to SAS Web Report Studio with the Henri@saspw account.
s n
I n i o
What can you access? Open and view a report from the Orion Star/Marketing/Reports
folder. Create a new report using the wizard. View information maps.
t
S
A tri
can access.
b u
What can you not access? You can access all types of content that SAS Web Report Studio
t S
d. Delete Henri’s password from the DefaultAuth login associated with his metadata identity. Log on
s
to SAS Web Report Studio with the Henri@saspw account. What can you access? What can you
i g h
not access?
d i
y r r e
1) In Henri’s properties, select the DefaultAuth login and click . Delete the password
o p f o r
and click twice.
C o t
N
7.4 Solutions to Exercises 7-55
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
2) Log on to SAS Web Report Studio with the Henri@saspw account.
i g h d i
What can you access? Open and view a report from the Orion Star/Marketing/Reports
y r e
folder. Create a new report using the wizard. View information maps.
r
o p f o r
What can you not access? Reports based on information maps that run on a standard
workspace server
C t
6. Creating a Dual User
o
a. Christine needs to connect to the metadata server as an unrestricted user sometimes and
N as a regular user other times. In the User Manager plug-in, create two metadata identities:
• Name: Christine
• Display Name: Christine
• Groups and roles: Data Integrators, Report Content Creators, Marketing, Sales,
Orion Star Users
• Accounts
− User ID: localhost\Christine
− Password: Student1
− Authentication Domain: DefaultAuth
• Name: AdminChristine
• Display Name: Administrator | Christine
• Groups and roles: SAS Administrators, Metadata Server: Unrestricted
7-56 Chapter 7 Administering Users
• Accounts
− Internal User ID: AdminChristine@saspw
− Password: Student1
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.4 Solutions to Exercises 7-57
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-58 Chapter 7 Administering Users
3) Select the Groups and Roles tab. Using the CTRL key, select Data Integrators, Marketing,
Orion Star Users, Report Content Creators, and Sales. Click to move them to the
Member of pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.4 Solutions to Exercises 7-59
4) Select the Accounts tab and click . Type Christine as the user ID. Verify that
the authentication domain is DefaultAuth. Click Ö . Unless it is
required, do not save the password in the login.
c .
e In
t u t
s t i n .
I n t i o
S u
5) Right-click User Manager and select New Ö User.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-60 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.4 Solutions to Exercises 7-61
7) Select the Groups and Roles tab. Using the CTRL key, select Metadata Server:
Unrestricted and SAS Administrators. Click to move these to the Member of pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-62 Chapter 7 Administering Users
8) Select the Accounts tab and click . Verify that the internal user ID
is AdminChristine@saspw. Type Student1 in the New Password and Confirm
Password fields. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7.4 Solutions to Exercises 7-63
b. Log on to SAS Management Console using the localhost\Christine account. Open a second
instance of SAS Management Console and log on using the AdminChristine@saspw account.
How are the two instances of SAS Management Console similar? There are some of the same
plug-ins.
How are they different? There are many more plug-ins available for AdminChristine@saspw.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
7-64 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
7. Troubleshooting User Identities
y
o p f r
a. In the User Manager plug-in, open the properties of the Harvey metadata identity.
o
On the Accounts tab, select the login and click . Remove localhost from
C o t
the user ID to change the user name to Harvey.
1) Right-click Harvey and select Properties.
N
7.4 Solutions to Exercises 7-65
2) Click the Accounts tab. Select the desired login and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
3) Remove localhost\ from the user ID and click .
N
7-66 Chapter 7 Administering Users
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
b. Log on to SAS Enterprise Guide using the localhost\Harvey user ID. What is the effect?
C o t
N
c. Log on to SAS Data Integration Studio using the localhost\Harvey user ID. What is the effect?
7.4 Solutions to Exercises 7-67
d. Log on to SAS Web Report Studio using the localhost\Harvey user ID. What is the effect?
c .
c. Which users need to be more powerful than regular users but not unrestricted? What roles should
they belong to?
e In
9. Documenting Authentication Choices
t u t
a. Complete the following template to show how things are set up in the classroom environment.
s t i
Include the type of host for the metadata server and workspace server. Include the authentication
.
method used for the metadata server and workspace server.
n
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
b. Complete the following template to show how things are set up at your site. Include the type
N of host for the metadata server and workspace server. Include the authentication method used for
the metadata server and workspace server.
7-68 Chapter 7 Administering Users
e In
t u t
a. Connect to SAS Enterprise Guide as Marcel.
b. Select Tools Ö SAS Enterprise Guide Explorer. In SAS Enterprise Guide Explorer, select
File Ö Manage Logins.
s t i n .
I n
c. Can Marcel modify an existing login? Yes
t i
d. Can Marcel add a new login? Yes o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 8 Administering Data
Access
e In
Exercises .............................................................................................................................. 8-19
t u t
8.2
s i
Updating Table Metadata.............................................................................................. 8-24
t n .
Exercises .............................................................................................................................. 8-31
8.3
I n t i o
Pre-Assigning Libraries ............................................................................................... 8-32
S b u
Exercises .............................................................................................................................. 8-37
A tri
8.4
t S
Troubleshooting Data Access ..................................................................................... 8-38
s
8.5
i g h d i
Solutions to Exercises ................................................................................................. 8-48
y r r e
o p f o r
C o t
N
8-2 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.1 Registering Libraries and Tables in the Metadata 8-3
Objectives
Identify the two ways to access data.
Register a SAS library and tables in the metadata.
Register an Oracle library and tables in the metadata.
c .
In
Register an ODBC data source in the metadata.
u t e
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r
Data Sources
i g r e d
SAS can access a wide variety of data sources, including
p y o r
SAS data sets
RDBMS tables
C o t f
ODBC data sources.
4
4
The BASE engine is used to access SAS data sets. SAS data sets (tables) are the default SAS storage
format. A SAS table contains data values that are organized as a table of rows and columns that can
be processed by SAS software.
You can use the SAS/ACCESS Interface to Oracle product or the SAS/ACCESS Interface to ODBC
product to access Oracle tables. The SAS/ACCESS Interface to Oracle uses the ORACLE engine.
The SAS/ACCESS Interface to ODBC uses the ODBC engine.
8-4 Chapter 8 Administering Data Access
Accessing Data
Accessing data can be done in a couple of ways:
writing SAS code to connect to the data source
I n t i o
S
A tri b u
Even if you choose to register libraries in the metadata, you might find that stored processes and batch
jobs created at your site include their own library assignments.
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.1 Registering Libraries and Tables in the Metadata 8-5
Accessing Data
c .
e In
t u t
s t i n .
6
6
I n t i o
a network path. S
A tri b u
The data can be local to the workspace server machine or in a remote location, accessed using
t S
Other servers that can access data in this way:
s
g d
• Stored process server
i i
• Pooled workspace server
h
r
• SAS/SHARE server
y r e
• OLAP server
p o r
• DATA Step Batch server
o f
• SAS/CONNECT server
C o t
Other applications that can access data in this way:
N
• SAS Management Console (metadata only)
• SAS OLAP Cube Studio
• SAS Information Map Studio
• SAS Enterprise Guide
• SAS Add-In for Microsoft Office
• SAS BI Visualization
8-6 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
7
7
I n t i o
S u
You can register libraries in the metadata using the METADATA procedure.
A tri b
t S s
Accessing Tables Registered in the Metadata
g h d i
After tables are registered in the metadata, users can
i
y r e
access them using any of these applications:
r
o p f o r
C o t
N
8
8
The metadata LIBNAME engine can be used to access libraries and tables registered in metadata from
any coding interface.
8.1 Registering Libraries and Tables in the Metadata 8-7
c .
e In
t u t
s t i n .
9
9
I n t i o
S
A tri b u
How Applications Assign Libraries
t S s
By default, the SAS Add-In for Microsoft Office and
i g h d i
SAS Enterprise Guide assign libraries using the
metadata LIBNAME engine.
y r r e
o p f o r
C o t
N
10
1
0
8-8 Chapter 8 Administering Data Access
I n t i o
S
A tri b u
You can programmatically assign libraries using the metadata LIBNAME engine:
libname meta library="Orion Star Library";
t S
This is commonly done in stored process code to simplify code maintenance. You can use this in any code
s
i g h d i
that runs in a metadata-aware context, such as jobs scheduled using the SAS DATA Step Batch Server.
y r r e
o p f o r
C o t
N
8.1 Registering Libraries and Tables in the Metadata 8-9
Create a new SAS library using the New Library Wizard in SAS Management Console 9.2.
1. Select Start Ö All Programs Ö SAS Ö SAS Management Console 9.2.
2. Use the My Server connection profile to log on as Marcel.
c .
3. On the Plug-ins tab, expand Data Library Manager.
e In
t u t
4. Right-click Libraries and select New Library….
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-10 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
6. Type the name Marcel Orion Star Library 1. Click .
N
8.1 Registering Libraries and Tables in the Metadata 8-11
7. Navigate to SAS Folders Ö Orion Star Ö Marketing Department. Select Data and click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-12 Chapter 8 Administering Data Access
8. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.1 Registering Libraries and Tables in the Metadata 8-13
9. Move SASApp from the Available servers list to the Selected servers list. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C
o t This assignment makes the library available to the servers in the SASApp application server.
N
If you do not assign a library to an application server, the library is not available in several
client applications including SAS Enterprise Guide. Unless you intentionally want to limit
the accessibility of a library, you should assign each library to an application server.
8-14 Chapter 8 Administering Data Access
10. Type marcel1 as the libref. Move the path s:\workshop\OrionStar\orgold to the Selected items list.
Click .
If the path is not in the Available Items list, click and add the path.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N A libref is a nickname or short reference to the physical location of the data.
It is a best practice to use unique librefs in the metadata. Uniqueness of librefs is not
enforced.
8.1 Registering Libraries and Tables in the Metadata 8-15
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-16 Chapter 8 Administering Data Access
12. Under Data Library Manager, expand Libraries. Right-click Marcel Orion Star Library 1 and
select Register Tables….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
13. Verify the library settings and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
If you get prompted for credentials, you are probably logged in as an unrestricted user.
8.1 Registering Libraries and Tables in the Metadata 8-17
14. Hold down the CTRL key and select CUSTOMER_DIM, GEOGRAPHY_DIM,
ORGANIZATION_DIM, and TIME_DIM. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-18 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p o r
16. The tables are registered in the metadata and now appear in SAS Management Console. Close
f
SAS Management Console.
C o t
N
8.1 Registering Libraries and Tables in the Metadata 8-19
Exercises
1. Using SAS Data Integration Studio to Register a SAS Library and Tables
a. Log on to SAS Data Integration Studio as Marcel using the My Server profile.
b. On the Folders tab, expand Orion Star Ö Marketing Department. Right-click Data and select
c .
In
New Ö Library….
u t
Type of library: SAS BASE Library e
c. Create a library with the following characteristics:
t i t
Name: Marcel Orion Star Library 2
.
I n s i o n
Location: /Orion Star/Marketing Department/Data
Selected servers: SASApp
S
Libref: marcel2
u t
S A tri b
Path specification: S:\Workshop\OrionStar\orgold
h t i s
d. Register the ORDER_FACT and PRODUCT_DIM tables.
i g d
e. Open the ORDER_FACT table.
r r e
p y
o r
Right-click ORDER_FACT and select Open.
C o t f
f. Register the CUSTOMER_DIM table. What error message do you get? What is the source
of the problem?
N o
g. Can Marcel create a library with the following characteristics? If not, what is the problem?
Type of library: SAS BASE Library
Name: Marcel Orion Star Library 3
c .
In
d. Create a library with the following characteristics:
Name: Marcel Orion Star Library 3
Libref: marcel3
u t e
t i t .
Assign library using: Metadata Library Engine (with Show only tables with metadata
Server: SASApp
I n s
definitions selected)
i o n
S u t
Path: S:\Workshop\OrionStar\orgold
A tri b
Folder location: /Orion Star/Marketing Department/Data
S
h t
e. Expand Servers Ö SASApp Ö Libraries. Right-click Marcel Orion Star Library 3 and select
i s
Assign. Do any tables appear? Assign the Orion Star Library. Do any tables appear? Why do
r i g r e d
tables appear for one library but not the other?
f. Right-click Marcel Orion Star Library 3 and select Unassign. Right-click Marcel Orion Star
p y Library 3 and select Properties. Select Assignment and clear the Show only tables with
r
metadata definitions check box. Save the changes. Assign the library. Do any tables appear?
o
C o t f
g. With the library assigned, right-click on the library and select Properties. How are the properties
different than when the library is unassigned?
N o
8.1 Registering Libraries and Tables in the Metadata 8-21
c .
In
Selected servers: SASApp
Libref: Ora001
u t e
Database Server: Orion Star Oracle Database Server (See the characteristics of the new server
below.)
t i t .
I n s
Database Schema Name: SCOTT
i o n
S u t
Create a new database server with the following characteristics:
A tri b
Name: Orion Star Oracle Database
S
h t
Major version number: 11
i s
r i g r e d
Minor version number: 1
p y r
Vendor: Oracle Corporation
o
C o f
Associated Machine: localhost
t
N oPath: ora11g
Authentication Domain: OraAuth (Hint: You need to create this new authentication domain.)
c. In the User Manager plug-in, modify the properties of the Orion Star Users group. Add the
following login:
User ID: Scott
Password: tiger
Confirm Password: tiger
Authentication Domain: OraAuth
d. In the Data Library Manager plug-in, right-click Orion Star Oracle Library and select
Display LIBNAME Statement…. Verify that the value contains the USER= and PASSWORD=
options.
e. Register all of the tables for this library.
8-22 Chapter 8 Administering Data Access
c .
4) Select Microsoft Access Driver (*.mdb) as the driver type and click
e
5) Type SPAFT Course Data as the value for the Data Source Name field.
.
In
6) Click
t u t
in the Database area.
s t i n .
7) Navigate to s:\workshop\spaft in the Directories area and select SPAFT.mdb in the
I n
Database Name area. Click
t i o .
8) Click
S
A tri b
Ö
u .
t S
1) Log on to SAS Management Console as Ahmed. In the Plug-ins tab, right-click on the
s
i g h d i
Server Manager plug-in and select New Server….
y r r e
2) Create a server with the following characteristics:
Type of server: ODBC Server
o p f o r
Name: SPAFT Course Microsoft Access Database Server
N Select the Datasrc radio button to type the value. The quotation marks are necessary
because the ODBC data source name has spaces.
8.1 Registering Libraries and Tables in the Metadata 8-23
3) Expand Data Library Manager, right-click on the Libraries folder, and select
New Library….
4) Create a library with the following characteristics:
Type of library: ODBC Library
Name: SPAFT Course Microsoft Access Database
e In
t u t
Database Server: SPAFT Course Microsoft Access Database Server
s i
Connection: Connection: SPAFT Course Microsoft Access Database Server
t n .
5) Register the CustType table. Open the table.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-24 Chapter 8 Administering Data Access
Objectives
Identify when it is necessary to update table metadata.
List the tools available for updating table metadata
and the differences between them.
Update table metadata using
c .
In
SAS Management Console.
Update table metadata using
t e
SAS Data Integration Studio.
u
t i t
Update table metadata using SAS Enterprise Guide.
.
Update table metadata using the METALIB procedure.
I n s i o n
S u t
1
5
15
S A tri b
h t i s
r i g r e d
Why Update Table Metadata?
Updating table metadata enables you to do the following:
p y o r
add table metadata for tables that exist in the physical
library but have no metadata in the repository
C o t f
N o
Metadata
Physical data
1
6
16 continued...
8.2 Updating Table Metadata 8-25
c .
e In
t u t
s t i n .
1
7
17
I n t i o continued...
S
A tri b
Why Update Table Metadata?
u
t S s
Updating table metadata enables you to do the following:
i g h d i
delete metadata for table definitions that exist in the
metadata repository but do not have a corresponding
y r r e
table in the physical library
o p f o r No match
C o t
N Metadata
Physical data
18
1
8
8-26 Chapter 8 Administering Data Access
c .
In
custom code using the METALIB procedure
u t e
t i t .
19
I n s i o n
t
1
9
S u
The SAS Enterprise Guide Update Library Metadata task is a capability under Role Management.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.2 Updating Table Metadata 8-27
c .
e In
t u t
s t i n .
2
0
20
I n t i o
S
A tri b u
SAS Data Integration Studio
t S s
If you select one or more tables, you can right-click
i g h d i
to access the update table metadata feature.
y r r e
o p f o r
C o t
N
21
2
1
8-28 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
2
2
22
I n t i o
S
A tri b u
The Update Library Metadata task is available either from the Task List, under the Tools category,
or by selecting Tools Ö Update Library Metadata.
t S s
i g h d i
METALIB Procedure
y r r e
The METALIB procedure gives you the most control over
the updating features and can be run in batch.
o p f o r Task
Specify the data source and connection
Statement
OMR statement
C o t
parameters for the metadata server
Exclude or select a table or list of tables
for processing
EXCLUDE or
SELECT statement
2
3
23 continued...
8.2 Updating Table Metadata 8-29
METALIB Procedure
The METALIB procedure gives you the most control over
the updating features and can be run in batch.
Task Statement
Suppress the metadata changes from being NOEXEC statement
made
Specify a text string to add to the beginning
of all new metadata object names
PREFIX statement
c .
Create a report that summarizes metadata
changes
e
REPORT statement
In
t
Override default update behavior UPDATE_RULE
statement
t i t u .
24
I n s i o n
t
2
4
S u
The METALIB procedure syntax is as follows:
A tri b
t S
PROC METALIB;
OMR <=> (LIBID = <">identifier<"> | LIBRARY = <">name<">
s
i g h d i
| LIBRARY = "/folder-pathname/name" |
| LIBURI = "URI-format"
<server-connection-arguments>);
y r r e
<EXCLUDE <=> (table-specification <table-specification-n>);> |
o p f o r
<SELECT (table-specification <READ=read-password>
< table-specification-n <READ=read-password-n>>);>
C o t
<FOLDER <=> "/pathname";> |
<FOLDERID <=> "identifier.identifier";>
N <IMPACT_LIMIT = n;>
<NOEXEC;>
RUN;
For more information about the METALIB procedure, refer to SAS® 9.2 Language Interfaces to
Metadata.
8-30 Chapter 8 Administering Data Access
METALIB Procedure
The Create permission on the library is required
if PROC METALIB is being used to add table
metadata.
c .
e In
t u t
s t i n .
2
5
25
I n t i o
S
A tri b u
Table Metadata Updating Functionality
t S s
The functionality available varies depending on the tool
i g h d i
used to update table metadata:
e
SAS Data SAS PROC
o p f o
Report on differences
between metadata and
No
Console
Yes Yes
C o t
physical data
Select specific tables to Yes No Yes
N update
Add new table
registrations
Delete obsolete tables
No
No
Yes
Yes
Yes
Yes
26
2
6
You can register new tables or delete existing table metadata in SAS Data Integration Studio and
SAS Management Console, but not with the update table metadata feature.
The SAS Enterprise Guide Update Library Metadata task updates all of the existing table metadata
in a library and does not give you the option of selecting or excluding specific tables.
8.2 Updating Table Metadata 8-31
Exercises
u t
6. Updating Table Metadata with SAS Enterprise Guide
t
t i .
a. Open SAS Enterprise Guide and verify that you are logged on as Marcel.
s n
b. Select Tools Ö Update Library Metadata….
I n t i o
c. Select SASApp as the server and Marcel Orion Star Library 1.
S u
d. Select Report on the differences between physical tables and the metadata repository.
A tri b
t S
e. View the results. Do any tables need to be updated? Do any tables need to be added?
Do any tables need to be deleted?
s
i g h d i
f. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion Star
Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1". Keep the
y r r e
same server and library, but choose to update and add table definitions in the metadata with the
o p f o r
actual tables and columns. Are any new tables defined? If so, are they duplicates of tables that
already exist in that folder?
C t
g. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion
Star Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1".
o
For which actions can you override the default credentials? What are the default credentials?
Objectives
Identify how libraries can be assigned.
Pre-assign a library in the metadata.
Pre-assign a library using an autoexec file.
c .
e In
t u t
s t i n .
I n t i o
29 S
A tri b u
S
2
9
h t i s
r i g r e d
Library Assignment
Libraries can be assigned in two ways:
p y o r
By default, libraries are assigned by the client
applications but not until a user tries to access a
C o t f
library. In other words, library assignment is deferred
until it is needed.
30
3
0
Pre-assigning a large number of libraries can have a negative impact on the time required to start
up the server.
8.3 Pre-Assigning Libraries 8-33
Pre-Assigning Libraries
You can pre-assign a library in a couple of ways:
in the metadata
c .
In
The best practice is to pre-assign libraries using only
one method if possible. Having configuration
u t e
information in two places increases maintenance.
t i t .
31
I n s i o n
t
3
1
S
A tri b u
Pre-assigning a library in the metadata attaches a flag to the library itself and therefore applies
to all servers that the library is assigned to.
t S
Pre-assigning a library in an autoexec file affects only the server(s) that uses that autoexec file.
s
i g h d i
y r r e
Advantages of Pre-Assigning Libraries
o p o r
If you pre-assign libraries,
you control which engine is used to access the data
f
library assignments are identical across all SAS client
32
3
2
When SAS Enterprise Guide accesses a pre-assigned library, it displays all of the tables in the physical
location that the user has access to. In other words, it ignores table metadata.
8-34 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
3
3
33
I n t i o
S
A tri b u
Pre-Assigning Libraries in the Metadata
t S s
Use SAS Management Console to pre-assign libraries
i g h d i
in the metadata. In the Data Library Manager, right-click
on the library and select Properties Ö Options Ö
y r r e
Advanced Options… Ö Pre-Assign. Select the check
box.
o p f o r
C o t
N
34
3
4
8.3 Pre-Assigning Libraries 8-35
c .
e In
t u t
s t i n .
3
5
35
I n t i o
S
A tri b u
For the SAS/CONNECT server, the sasv9_usermods.cfg file is
in SAS-config-dir\Lev1\SASApp\ConnectServer.
t S
For the DATA Step Batch Server, the sasv9_usermods.cfg file is
s
in SAS-config-dir\Lev1\SASApp\BatchServer.
i g h d i
y r r e
Pre-Assigning Libraries in an Autoexec File
o p o r
1. Add the LIBNAME statement to the autoexec file.
f
C t
libname orstar "s:\workshop\OrionStar\orstar";
36
3
6
8-36 Chapter 8 Administering Data Access
e
whose autoexec files were modified. In
t u t
s t i n .
3
7
37
I n t i o
S
A tri b u
For information about the LIBNAME statement for the metadata engine, refer to the
SAS® Language Interfaces to Metadata.
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.3 Pre-Assigning Libraries 8-37
Exercises
9. Pre-Assigning Libraries
a. What are the advantages of pre-assigning libraries for a stored process server?
What are the disadvantages?
c .
In
b. What are the advantages of pre-assigning libraries for a workspace server?
What are the disadvantages?
t e
c. What are the disadvantages of pre-assigning RDBMS libraries?
u
i t
d. Pre-assign the Orion Star Library in the metadata.
t .
configuration file.
I s i o n
e. Add the METAAUTORESOURCES= system option to the DATA Step Batch Server
n
S u t
10. Pre-Assigning Libraries in Autoexec Files
A tri b
a. If you want to pre-assign a library for the stored process server alone, which autoexec file would
you modify?
S
h t
you modify?
i s
b. If you want to pre-assign a library for all of the servers in SASApp, which autoexec file would
r i g r e d
p y o r
C o t f
N o
8-38 Chapter 8 Administering Data Access
Objectives
Identify potential data access problems and how
to resolve them.
Test the LIBNAME statement generated from a library
metadata registration.
c .
Examine the use of formats and how to make them
available to SAS servers.
e In
t u t
Explore duplicate table registrations.
Identify the impact of not assigning a library
to a server.
s t i n .
Identify when the metadata LIBNAME engine
I n
is used to connect to data.
t i o
40 S
A tri b u
S
4
0
h t i s
r i g r e d
Connection Information
The New Library Wizard uses an instance of a workspace
p y o r
server to register new paths. If the path becomes
unavailable or changes, you can encounter an error when
C o f
connecting to the library.
t
N o
1 LIBNAME orstar BASE "S:\Workshop\OrionStar\orstar2";
NOTE: Library ORSTAR does not exist.
41
4
1
8.4 Troubleshooting Data Access 8-39
Connection Information
For RDBMS libraries, additional connection information
is required and could be erroneous:
server host
database name
schema name
credentials
c .
e In
t u t
s t i n .
4
2
42
I n t i o
S
A tri
RDBMS Libraries b u
t S s
i g h d i The correct
y r r e SAS/ACCESS product
must be licensed,
o p f o r installed,
and configured.
C o t
N
4
3
43 continued...
SAS/ACCESS must be on the same machine as the SAS process that will be accessing the data. In a
UNIX environment, the configuration of SAS/ACCESS requires setting some environment variables.
You can test SAS/ACCESS by submitting a LIBNAME statement from a SAS session.
8-40 Chapter 8 Administering Data Access
RDBMS Libraries
c .
The database client
must be installed
e In
and configured on
same machine as
t u t
SAS/ACCESS.
s t i n .
4
4
44
I n t i o continued...
S
A tri b u
The database client installation and configuration is typically done by a database administrator (DBA).
The DBA has access to tools that help test the configuration and connection to the database server.
t S s
i g h
RDBMS Libraries
d i
y r r e The database server
must be running and
t
by the database server.
C o
N
45
4
5
Library Metadata
The library metadata is converted to a LIBNAME
statement which you can access from the
Data Library Manager.
c .
e In
t u t
s t i n .
4
6
46
I n t i o
S
A tri b u
To retrieve the complete LIBNAME statement, including the user ID and password, you must be
connected to SAS Management Console as a user who has access in the metadata to credentials for
t S
the authentication domain associated with the database server.
s
i g h d i
y r r e
o p f o r
C o t
N
8-42 Chapter 8 Administering Data Access
u t e
t i t .
47
I n s i o n
t
4
7
S
A tri b u
The SASTRACE= option generates trace information from a DBMS engine. Setting the option to
',,,d' specifies that all SQL statements sent to the DBMS are sent to the log. These statements will
16 S
help the DBA troubleshoot potential connection problems.
t s
options sastrace=',,,d' sastraceloc=saslog;
17
g h d i
LIBNAME ora002 ORACLE PATH=oracle9i SCHEMA=SCOT USER=scott
17 ! PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;
i
y
Engine:
r e
NOTE: Libref ORA002 was successfully assigned as follows:
r ORACLE
r
Physical Name: oracle9i
o p f o
SCHEMA used: SCOT 48 1552509816 Main 0 DMSEXP
49 1552509816 Main 0 DMSEXP
C t
ORACLE_1: Prepared: on connection 1 50 1552509816 Main 0 DMSEXP
o
SELECT OBJECT_NAME ,OBJECT_TYPE FROM ALL_OBJECTS OBJ WHERE (OBJ.OWNER ='SCOT') AND
N
(OBJ.OBJECT_TYPE IN ('TABLE','VIEW')) UNION ALL SELECT SYNONYM_NAME ,'SYNONYM' FROM
ALL_OBJECTS
OBJ,ALL_SYNONYMS SYN WHERE (SYN.OWNER ='SCOT') AND (OBJ.OBJECT_TYPE IN ('TABLE','VIEW')) AND
(SYN.TABLE_OWNER=OBJ.OWNER ) AND (SYN.TABLE_NAME=OBJ.OBJECT_NAME ) UNION ALL SELECT SYNONYM_NAME
,'SYNONYM' FROM ALL_SYNONYMS SYN WHERE (SYN.OWNER ='SCOT') AND DB_LINK IS NOT NULL 51
1552509816
Main 0 DMSEXP
52 1552509816 Main 0 DMSEXP
53 1552509816 Main 0 DMSEXP
ORACLE_2: Executed: on connection 1 54 1552509816 Main 0 DMSEXP
SELECT statement ORACLE_1 55 1552509816 Main 0 DMSEXP
56 1552509816 Main 0 DMSEXP
8.4 Troubleshooting Data Access 8-43
Formats
A format is an instruction that SAS uses to write data
values. SAS provides some standard formats and users
can create custom formats.
An example of a SAS standard format:
12345 Dollar12.2 $12,345.00
c .
In
An example of a custom format:
FR $COUNTRY France
u t e
t i t .
48
I n s i o n
t
4
8
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-44 Chapter 8 Administering Data Access
Formats
Formats can be associated with table column metadata.
If the format is not available, an error is generated.
c .
e In
t u t
s t i n .
4
9
49
I n t i o
1 S
A tri b u
Another error message that is produced for this problem:
LIBNAME osdmstar BASE "S:\workshop\OrionStar\orstar";
Engine:
S
NOTE: Libref OSDMSTAR was successfully assigned as follows:
t BASE
s
i g h d i
Physical Name: S:\workshop\OrionStar\orstar
ERROR: Format $COUNTRY not found or couldn't be loaded for variable Customer_Country.
r r e
ERROR: Format $GENDER not found or couldn't be loaded for variable Customer_Gender.
y
o f o r
If you cannot access the formats, you can bypass this error by including the following SAS option
p
to suppress the error and display the stored values:
t
OPTIONS NOFMTERR:
C o
N
8.4 Troubleshooting Data Access 8-45
Formats
The location of custom formats is specified in a sasv9.cfg
file. By default, the formats should be stored in a catalog
named FORMATS in the SASEnvironment/SASFormats
configuration directory.
I n t i o
S
A tri b u
The FMTSEARCH option specifies the order in which format catalogs are searched. The
WORK.FORMATS catalog is always searched first, and the LIBRARY.FORMATS catalog is searched
t S
next unless one of them appears in the FMTSEARCH= list.
s
The SET option assigns a libref to a physical location which is used here in the FMTSEARCH= list.
i g h d i
y r r e
Duplicate Table Registrations
o p o r
It is possible to register the same table twice which can
f
cause problems. Use the SAS Data Integration Studio
C o t
impact analysis tools to help determine if a duplicate can
be deleted.
51
5
1
Duplicate table registrations can be deleted using SAS Management Console, SAS Data Integration
Studio, or SAS OLAP Cube Studio. PROC METALIB can also delete duplicate table metadata, but you
cannot control which table is considered the duplicate.
8-46 Chapter 8 Administering Data Access
Server Assignment
If a library is not assigned to a server context, the library
will not be available in the SAS Add-In for Microsoft Office
or SAS Enterprise Guide.
c .
e In
t u t
s t i n .
5
2
52
I n t i o
S
A tri b u
You can view or edit a library server assignment in SAS Management Console,
SAS Data Integration Studio, and SAS OLAP Cube Studio.
t S s
i g h
Security
d i
y r r e
Access to a table requires access to
server metadata for a server that will open data
o p f o r
database server metadata for RDBMS libraries
C o t
table metadata
N
53
5
3
8.4 Troubleshooting Data Access 8-47
Metadata Security
The level of metadata security applied to the tables
depends on whether the metadata LIBNAME engine
is used.
Metadata LIBNAME Metadata LIBNAME engine
engine used not used
Not pre-
assigned
SAS Enterprise Guide SAS Data Integration Studio
SAS Add-In for SAS OLAP Cube Studio
c .
In
Microsoft Office SAS Information Map Studio
Pre- Only if specified in If specified either in metadata
assigned
metadata engine
u t
autoexec file with
e or in autoexec file with non-
metadata engine
t i t .
54
I n s i o n
t
5
4
S
A tri b u
When the metadata LIBNAME engine is used, the Read, Write, Create, and Delete options
are enforced on the library and tables.
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-48 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
c. Create a library with the following characteristics:
Type of library: SAS BASE Library
Name: Marcel Orion Star Library 2
1) In the New Library Wizard, select SAS BASE Library as the type of library
and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-50 Chapter 8 Administering Data Access
2) Type the name of the library metadata definition and verify the correct folder location.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-51
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-52 Chapter 8 Administering Data Access
4) Type the name of the libref and specify the path specification.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r If the path is not in the Available Items list, click . Type the correct path
N
8.5 Solutions to Exercises 8-53
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-54 Chapter 8 Administering Data Access
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-55
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-56 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-57
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
4) Click
r e .
o p f o r
C o t
N
8-58 Chapter 8 Administering Data Access
e
Ö
In .
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-59
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) The CUSTOMER_DIM table is already registered. Click .
o p f o r
C o t
N
8-60 Chapter 8 Administering Data Access
g. Can Marcel create a library with the following characteristics? If not, what is the problem?
No. Marcel does not have permissions to create content in the Shared Data folder.
Type of library: SAS BASE Library
Name: Marcel Orion Star Library 3
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-61
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
r r e
c. Select File Ö New Ö Library….
y
o p f o r
C o t
N
8-62 Chapter 8 Administering Data Access
Libref: marcel3
Assign library using: Metadata Library Engine (with Show only tables with metadata
definitions selected)
Server: SASApp
Path: S:\Workshop\OrionStar\orgold
c .
Folder location: /Orion Star/Marketing Department/Data
e In
t u t
1) Type the name of the library definition. Click .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-63
2) Type the name of the libref. Verify that the Metadata Library Engine radio button is selected
and that the Show only tables with metadata definitions check box is selected. Click
.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-64 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-65
4) Verify that the engine type is File System. Verify that the engine is BASE - Latest Version of
Base SAS and type the physical path of the library. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
5) Click
C o t
N
8-66 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-67
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-68 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
No tables are defined.
C o t
N
8.5 Solutions to Exercises 8-69
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-70 Chapter 8 Administering Data Access
f. Right-click Marcel Orion Star Library 3 and select Unassign. Right-click on Marcel Orion
Star Library 3 and select Properties. Select Assignment and clear the Show only tables with
metadata definitions check box. Save the changes. Assign the library.
Do any tables appear? Yes
1) Right-click Marcel Orion Star Library 3 and select Unassign.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-71
2) Open the properties and select Assignment. Clear the Show only tables with metadata
definitions check box. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
The choice to show only tables with metadata definitions refers to an option for the
i g h d i
metadata LIBNAME engine, METAOUT.
r e
3) Right-click and select Assign from the menu.
y r
o p f o r
C o t
N
8-72 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n i o
The library might need to be refreshed to display the tables.
t
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-73
g. With the library assigned, right-click on the library and select Properties. How are the properties
different than when the library is unassigned?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-74 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-75
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
1) Right-click Libraries and select New Library… from the menu.
o p f o r
C o t
N
8-76 Chapter 8 Administering Data Access
2) Select Oracle Library as the type in the New Library Wizard. Click .
3) Type the library metadata name Orion Star Oracle Library. Verify that the location
of the new library is /Orion Star/Marketing Department/Data. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-77
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-78 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-79
6) Notice that there are no Database Server definitions. Click to define a new
database server object.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-80 Chapter 8 Administering Data Access
7) Type the server name Orion Star Oracle Database Server. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-81
8) Specify localhost as the host name of the Oracle server in the Associated Machine
field and verify the correct software and vendor information. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-82 Chapter 8 Administering Data Access
9) Type the Oracle Path information, ora11g. Verify that the authentication type is
User/Password. Define a new authentication domain by clicking .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N This Oracle server uses internal security, so the DefaultAuth authentication domain
will not work.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-84 Chapter 8 Administering Data Access
12) The new database server is defined. Type SCOTT in the Database Schema Name field.
Accept the defaults for the connection details. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-85
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
c. In the User Manager plug-in, modify the properties of the Orion Star Users group.
o
Add the following login:
Password: tiger
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
4) Type Scott as the user ID and tiger as the password. Select OraAuth as the
t S
authentication domain. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-87
5) The Orion Star Group now has a shared login to access the Oracle database. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
d. In the Data Library Manager plug-in, right-click Orion Star Oracle Library and select
options.
t S
Display LIBNAME statement…. Verify that the value contains the USER= and PASSWORD=
s
h d i
1) Verify that you are logged on to SAS Management Console as Marcel.
i g
y r r e
2) Expand Data Library Manager Ö Libraries, right-click Orion Star Oracle Library,
and select Display LIBNAME Statement….
o p f o r
C o t
N
8-88 Chapter 8 Administering Data Access
3) Click .
c .
e In
t u t
s i
e. Register all of the tables for this library.
t n .
1) Right-click Orion Star Oracle Library and select Register Tables….
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-89
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-90 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p
f o r If needed, use to change the location to the correct metadata folder.
C o t
N
8.5 Solutions to Exercises 8-91
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
4. Registering an ODBC Data Source
o p o r
a. Create an ODBC data source.
f
C t
1) Select Start Ö Control Panel. Double-click Administrative Tools.
o
N
8-92 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
click n .
t i o
3) In the ODBC Data Source Administrator window, click the System DSN tab and
I
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-93
4) Select Microsoft Access Driver (*.mdb) as the driver type and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g d i
5) Type SPAFT Course Data as the value for the Data Source Name field.
h
6) Click
o p f o r
C o t
N
8-94 Chapter 8 Administering Data Access
7) Navigate to s:\workshop\spaft in the Directories area and select SPAFT.mdb in the Database
Name area. Click .
If the s:\ drive does not appear in the list, you need to change the s:\ drive properties so
that it is not hidden.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
8) Click
t S s
Ö .
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-95
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
b. Register metadata for a table in a Microsoft Access database.
g h d i
1) Log on to SAS Management Console as Ahmed. In the Plug-ins tab, right-click
i
y r r e
on the Server Manager plug-in and select New Server….
o p f o r
C o t
N
2) Create a server with the following characteristics:
Type of server: ODBC Server
Name: SPAFT Course Microsoft Access Database Server
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-97
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-98 Chapter 8 Administering Data Access
c) Use the drop-down arrow to specify the data source type. Verify that the associated
machine is localhost. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-99
d) Type the ODBC data source name. Accept User/Password as the default authentication
type and select DefaultAuth as the authentication domain. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t You must select the Datasrc radio button to type the value. The quotation marks
are necessary because the ODBC data source name has spaces.
N
8-100 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
3) Expand Data Library Manager, right-click on the Libraries folder, and select
C o tNew Library….
N
8.5 Solutions to Exercises 8-101
c .
In
Database Server: SPAFT Course Microsoft Access Database Server
u e
Connection: Connection: SPAFT Course Microsoft Access Database Server
t
a) Select the type of library. Click .
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
8-102 Chapter 8 Administering Data Access
b) Type the name of the library metadata definition. Verify that the metadata folder location
is correct. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-103
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-104 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-105
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-106 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-107
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-108 Chapter 8 Administering Data Access
b) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-109
c) Select the table, verify that the metadata folder location is correct, and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-110 Chapter 8 Administering Data Access
d) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r e
e) Log on to an application such as SAS Data Integration Studio and open the table.
r
o p f o r
C o t
N
8.5 Solutions to Exercises 8-111
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-112 Chapter 8 Administering Data Access
c .
e In
2) Click
t
to view the details.
t u
s t i n .
I n t i o
S
A tri b u
t S
3) Review the SAS log and click
s
.
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-113
c. Right-click on the Orion Star Products table and select Analyze. What objects is this table
associated with?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-114 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
6. Updating Table Metadata with SAS Enterprise Guide
s
i g h d i
a. Open SAS Enterprise Guide and verify that you are logged in as Marcel.
y r r e
o p o r
b. Select Tools Ö Update Library Metadata….
f
C o t
N
8.5 Solutions to Exercises 8-115
c. Select SASApp as the server and Marcel Orion Star Library 1. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-116 Chapter 8 Administering Data Access
d. Select Report on the differences between physical tables and the metadata repository.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-117
e. View the results. Do any tables need to be updated? Yes, two tables
Do any tables need to be added? Yes, two tables
Do any tables need to be deleted? No
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-118 Chapter 8 Administering Data Access
f. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion Star
Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1". Keep the
same server and library, but choose to update and add table definitions in the metadata with the
actual tables and columns. Are any new tables defined? Yes
If so, are they duplicates of tables that already exist in that folder? Yes
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-119
2) In Step 2, select Update and add table definition in the metadata with the actual tables
and columns. Do not click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N Updating libraries and tables requires the Create permission.
8-120 Chapter 8 Administering Data Access
3) Verify that Marcel has the required permission to update the library. Go to SAS Management
Console. (Verify that you are logged in as Ahmed.) Using the Data Library Manger plug-in,
open the properties of the library.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-121
4) Click the Authorization tab. Highlight the Data Integrators group in the Users and Groups
pane and grant the Create permission. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N Because Marcel is a member of the Data Integrators group, granting Create to this
group ensures that Marcel has the required permission.
8-122 Chapter 8 Administering Data Access
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N 7) Click to replace the previous results.
8.5 Solutions to Exercises 8-123
c .
e In
t u t
s t i n .
I n t i o
S
9) Return to SAS Management Console, select the Folders tab, expand Orion Star Ö
u
Marketing Department, and select Data. Table names are duplicated.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-124 Chapter 8 Administering Data Access
g. In the Project Tree, under the process flow, right-click Update Metadata for "Marcel Orion
Star Library 1" and select Modify Update Metadata for "Marcel Orion Star Library 1".
For which actions can you override the default credentials? Update and add table definitions
in metadata with the actual tables and columns, Update only the existing table definitions
in metadata with the current column information, and Delete obsolete entries from the
metadata library (tables that no longer exist)
What are the default credentials? Marcel/Student1
Why or when might you want to override the default credentials? If the user that you used
to log on to SAS Enterprise Guide does not have the appropriate permissions to update
libraries and tables
c .
7. Updating Table Metadata with SAS Management Console
e
a. In the Data Library Manager plug-in, select Marcel Orion Star Library 2. In
t u t
(Verify that you are logged on as Marcel.)
Update Metadata….
s i
b. Select one or more tables in Marcel Orion Star Library 2, right-click, and select
t n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-125
c .
e In
2) Click
t
to view the details of the SAS log.
t u
s t i n .
I n t i o
S
A tri b u
3) Click
t S
.
s
i g h d i
y r r e
o p f o r
C o t
N
8-126 Chapter 8 Administering Data Access
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
8.5 Solutions to Exercises 8-127
c. Modify the code to update the tables. Submit the code in batch.
1) Remove the NOEXEC statement. Save the file.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-128 Chapter 8 Administering Data Access
2) Verify that Marcel was granted the Create permission on the library.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-129
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-130 Chapter 8 Administering Data Access
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
9. Pre-Assigning Libraries
s
g h d i
a. What are the advantages of pre-assigning libraries for a stored process server?
i
y r r e
• Stored process code does not need to include LIBNAME statements, which simplifies
code maintenance.
o p f o r
• Access to data is the same for all stored processes assigned to that server.
• You control the engine that is used to access the libraries. If you pre-assign using the
C o t
metadata LIBNAME engine, all data level permissions are enforced.
What are the disadvantages?
N • Access to data is the same for all stored processes assigned to that server.
• An excessive number of pre-assigned libraries might affect server performance.
• Using pre-assigned libraries can introduce additional maintenance for an administrator
if a new stored process needs access to a library that is not already pre-assigned.
b. What are the advantages of pre-assigning libraries for a workspace server?
You control the engine that is used to access the libraries. If you pre-assign using the
metadata LIBNAME engine, all data level permissions are enforced.
What are the disadvantages?
An excessive number of pre-assigned libraries might affect server performance.
8.5 Solutions to Exercises 8-131
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8.5 Solutions to Exercises 8-133
3) In the Advanced Options window, click the Pre-Assign tab and click the
Library is pre-assigned check box. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-134 Chapter 8 Administering Data Access
e. Add the METAAUTORESOURCES= system option to the SASApp DATA Step Batch Server
configuration file.
1) Use Windows Explorer to navigate to C:\SAS\Config\Lev1\SASApp\BatchServer.
Right-click sasv9_usermods.cfg and select TextPad.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
2) Add the following statement to the file:
–metaautoresources "omsobj:ServerComponent?@Name='SASApp'"
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8-136 Chapter 8 Administering Data Access
b. If you want to pre-assign a library for all of the servers in SASApp, which autoexec file would
you modify?
C:\SAS\Config\Lev1\SASApp\appserver_autoexec_usermods.sas
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 9 Securing Metadata
c .
Exercises .............................................................................................................................. 9-19
9.2
e
Exploring Metadata Permissions ................................................................................ 9-21 In
u t
Demonstration: Identifying Applicable Permissions ............................................................. 9-25
t
t i .
Exercises .............................................................................................................................. 9-28
s n
9.3
I n i o
Exploring Predefined ACTs ......................................................................................... 9-30
t
S u
Exercises .............................................................................................................................. 9-34
A tri b
9.4
S
Securing Content in the Folder Tree ........................................................................... 9-36
t s
i g h d i
Exercises .............................................................................................................................. 9-46
9.5
y r e
Securing Content outside the Folder Tree ................................................................. 9-53
r
o p f o r
Exercises .............................................................................................................................. 9-56
C 9.6
t
Creating Additional ACTs............................................................................................. 9-57
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.1 Introduction to Metadata Security 9-3
Objectives
Identify how the metadata authorization layer interacts
with other security layers.
Identify where metadata permissions are assigned.
Identify to whom metadata permissions are assigned.
c .
In
u e
Explore how metadata authorization decisions
t
t i t .
I n s i o n
S u t
3
3
S A tri b
h t i s
r i g r e d
Metadata Authorization Layer
SAS provides a metadata-based authorization layer that
p y o r
supplements protections from the host environment and
other systems.
C o t f Metadata
N o WebDAV
Database System
Operating System
4
4
Across authorization layers, protections are cumulative. To perform a task, a user must have sufficient
access in all applicable layers.
9-4 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
5
5
I n t i o
S
A tri
Authorization Tab b u
t S s
Each item’s effective permission settings are displayed
i g h d i
on that item’s Authorization tab. Permissions are set for
users and groups.
y r r e
o p f o r
C o t
N
6
6
Only relevant permissions are displayed on the Authorization tab for a particular object.
9.1 Introduction to Metadata Security 9-5
Identity Hierarchy
Identity precedence affects authorization decisions when
a user has more than one relevant permission setting
because of the user’s group memberships.
c .
e In
t u t
s t i n .
7
7
I n t i o
S
A tri b u
To avoid introducing unnecessary complexity, do not make PUBLIC or SASUSERS a member of another
group. This is not an issue for roles.
t S s
i g h d i
Where Are Permissions Set?
y r Explicit
o p ACT
f o r identity.
The permission comes from an applied ACT
8
8
Indirect settings can be derived from group membership, be inherited from a parent item, and for the
WriteMemberMetadata permission, can mirror the WriteMetadata setting.
9-6 Chapter 9 Securing Metadata
Authorization Tab
The check box color indicates how the permission was
assigned.
c .
e
explicit (white)
ACT (green) In
t u t indirect (gray)
s t i n .
9
9
I n t i o
ACTs
S
A tri b u
t S
Each ACT consists
s
i g h d i
of a pattern of grants
and denials that are
y r r e
assigned to different
users and groups.
o p o r
ACTs are created and
f
managed using the
C o t
Authorization Manager
plug-in.
N
10
1
0
9.1 Introduction to Metadata Security 9-7
Applying an ACT
When you apply an ACT to an object, the ACT settings
are added to the object’s protections.
c .
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri
Advantages of ACTs b u
t S s
When you want to assign the same settings to several
i g h d i
objects, using an ACT is beneficial.
It is easier to apply an ACT than it is to repeatedly
y r r e
set each permission.
o p f o r
Updates to an ACT permission pattern affect each
resource where the ACT has been applied.
C o t
N
12
1
2
9-8 Chapter 9 Securing Metadata
Indirect Settings
Indirect settings come from
another group with an explicit or ACT setting
on that resource
a parent resource
c .
e In
t u t
s t i n .
1
3
13
I n t i o
setting. S
A tri b u
For the WriteMemberMetadata permission, gray can indicate that the setting mirrors the WriteMetadata
t S
For an unrestricted user, gray indicates that a grant cannot be removed.
s
i g h d i
y r r e
Inheritance Paths
o p o r
Children inherit the net effect of their parents’ access
controls.
f
Most objects inherit permissions from folders. A number
C o t
of objects inherit permissions directly from the repository
ACT.
14
1
4
If an item has more than one immediate parent, a grant from any inheritance path is sufficient to provide
access. Having multiple immediate parents is not a common situation.
9.1 Introduction to Metadata Security 9-9
Repository ACT
The repository ACT is a template that is designated to
provide repository-level controls.
A user must have WM in the repository ACT to create
an object anywhere in the metadata.
Permissions on the repository ACT are applied
indirectly to all objects in the metadata.
– If there are no direct settings on the object or on
c .
any of that object’s parents, then the repository
ACT determines the outcome.
e In
u t
– If the repository ACT’s pattern neither grants
nor denies the permissions, then the permission
t
is denied.
s t i .
– If there is no repository ACT, all permissions
n
1
5
15
I n
are granted.
t i o
S
A tri b u
You should always have a designated repository ACT.
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-10 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
1
6
16
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.1 Introduction to Metadata Security 9-11
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Permission conditions constrain explicit grants of the Read permission on OLAP dimensions (limiting
access to members) or information maps (limiting access to rows). On the Authorization tab, the presence
of an Edit Condition or Edit Authorization button indicates that a permission condition is assigned to the
currently selected user or group.
9-12 Chapter 9 Securing Metadata
Settings on an item have priority LibraryA has an explicit denial for PUBLIC. Joe cannot see
over settings on the item’s LibraryA’s parent folder has an explicit grant LibraryA.
parents. for Joe.
Conflicting settings on an item LibraryA has an explicit denial for GroupA Joe cannot see
are resolved by identity
precedence.
and an explicit grant for GroupAA. Joe is a
direct member of GroupA. GroupA is a direct
LibraryA.
c .
In
member of GroupAA.
t
an explicit grant for GroupB. Joe is a direct
member of both GroupA and GroupB.
Joe can see
LibraryA.
settings.
t i t .
I n s
If identity precedence and the
type of setting do not resolve a
o n
LibraryA has an explicit denial for GroupA
and an explicit grant for GroupB. Joe is a
i
Joe cannot see
LibraryA.
conflict, the outcome is a denial.
S u t
direct member of both GroupA and GroupB.
A grant from any inheritance path ObjectA has no explicit or ACT settings, one Joe can see
S A tri
can provide access.
b immediate parent that conveys a grant, and
another immediate parent that conveys a
LibraryA.
h t i s denial.
r i g e d
The settings described for these examples are the only explicit or ACT settings for ReadMetadata
on LibraryA or ObjectA.
r
p y o r
C o t f
N o
9.1 Introduction to Metadata Security 9-13
c .
e In
t u t
s t i n .
1
7
17
I n t i o
S u
Explicit and ACT settings on an object always have priority over settings on the object’s parent.
A tri b
t S
Security Plan
s
i g h d i
It is very important to create a security plan that
y r r e
documents how your environment is or will be secured.
The security plan should contain the following:
o p f o r
metadata users and groups and corresponding identity
hierarchies
C o t
roles and their membership
18
1
8
9-14 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
3. Click the Authorization tab.
i g h d i
y r r e
o p f o r
C o t
N
9.1 Introduction to Metadata Security 9-15
4. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-16 Chapter 9 Securing Metadata
5. In the Currently Using pane, expand Foundation. The SAS Administrator Settings ACT has been
applied to this item.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
6. In the Available pane, expand Foundation, Ole’s Work Repository, and Barbara’s Work
Repository. Additional ACTs are available. Each repository has a repository ACT named
Default ACT.
t S s
i g h d i
y r r e
o p f o r
C o t
N
7. Click .
9. The Inheritance tab identifies the other items from which this item can inherit permissions.
Click the Explore Authorizations tab.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-18 Chapter 9 Securing Metadata
10. Type Marcel in the Name or Display name field. Click . Marcel’s effective
permissions for this item are displayed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11. Click twice.
9.1 Introduction to Metadata Security 9-19
Exercises
c .
In
b. Copy secrpt.sas from C:\Program Files\SAS\SASFoundation\9.2\core\sample to
S:\Workshop\spaft\Report.
t e
c. Open S:\Workshop\spaft\Report\secrpt.sas in TextPad.
u
1) Scroll to the bottom.
t i t .
I s i o n
2) Locate the OPTIONS statement. Provide the correct value for the METASERVER=,
n
METAUSER=, and METAPASS= system options.
S u t
3) Locate the FILENAME statement that assigns the rptdir fileref and provide
S:\Workshop\spaft\Report as the path value (in double quotation marks).
A tri b
4) Locate the LIBNAME statement that assigns the permlib libref and provide
S
S:\Workshop\spaft\Security as the path value (in double quotation marks).
h t i s
5) Locate the FILENAME statement that assigns the report fileref and provide
r i g r e d
S:\Workshop\spaft\Report\index.html.
6) Save the changes.
p y o r
d. Create a new file using TextPad. Type the following code and save the file as Report.sas in
C o t f
S:\Workshop\spaft\Report:
options metaserver=localhost metauser="Ahmed" metapass="Student1";
N o
libname permlib "s:\workshop\spaft\Security";
%mdsecds(outdata=permlib.mdsecds);
%include "S:\Workshop\spaft\Report\secrpt.sas";
The LIBNAME statements and macro options are set to save the output SAS data sets
into folders under S:\Workshop\spaft\Security.
e. In Windows Explorer, right-click Report.sas and click Batch Submit with SAS 9.2.
Review Report.log for errors.
f. Open S:\Workshop\spaft\Report\index.html.
g. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.
Open mdsecds.sas using TextPad. In addition to the OUTDATA= parameter, what parameters can
you use with this macro?
9-20 Chapter 9 Securing Metadata
The MDUEXTR macro is part of the user import macros and extracts information
c .
including user and group membership.
e In
The LIBNAME statements and macro options are set to save the output SAS data sets
t u t
into folders under S:\Workshop\spaft\User_group.
i
c. In Windows Explorer, right-click User_extr.sas and click Batch Submit with SAS 9.2.
t
Review User_extr.log for errors.
s n .
I n o
d. Open and examine the tables created by the code.
t i
S
e. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.
u
Open mduextr.sas using TextPad. In addition to the LIBREF function, what parameters can you
A tri
use with this macro?
b
t S
3. Creating and Applying an Access Control Template (ACT)
s
i g h d i
a. Use the Authorization Manager to create a new ACT with the following characteristics:
y r e
Name: Test Access Control Template
r
o p f o r
Permission Pattern: Deny RM and WM to Barbara
b. Apply an ACT.
C o t
1) Before applying the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
Objectives
Explore the use and enforcement of the different
metadata permissions.
c .
e In
t u t
s t i n .
I n t i o
22 S
A tri b u
S
2
2
h t i s
r i g r e d
Metadata Permissions
The permissions list on each Authorization tab includes
p y o r
at least two permissions:
ReadMetadata, which controls the ability to view
C o t fan item
WriteMetadata, which controls the ability to update
N o or delete an item
Other permissions are specialized and only affect
certain types of items.
23
2
3
Only permissions relevant to the item are displayed on the Authorization tab.
9-22 Chapter 9 Securing Metadata
t e
CheckInMetadata (CM) Check in and check out items
u
in a change-managed area.
t i t .
24
I n s i o n
t
2
4
S
A tri b u
In any change-managed areas of a foundation repository, change-managed users should have CM instead
of WM and WMM. Change management is a SAS Data Integration Studio feature.
t S
WMM is only meaningful for metadata folders.
s
i g h d i
y r r e
Use of Each Permission
o p o r
Here are some general rules to follow when assigning
permissions:
f
All users with a metadata identity should have RM and
N deny WMM.
To enable someone to interact with a folder’s contents
but not with the folder itself, grant WMM and deny WM.
Before you deny RM on a folder, consider the
navigational consequences.
25
2
5
A folder’s WMM settings mirror its WM Settings unless the folder has explicit or ACT settings of WMM.
A grant (or deny) of WMM on a folder becomes an inherited grant (or deny) of WM on the items and
subfolders in that folder. WMM is not inherited from one folder to another.
9.2 Exploring Metadata Permissions 9-23
u t e
t i t .
26
I n s i o n
t
2
6
S
A tri
Use of Each Permissionb u
t S
Read (R)
s Read data.
i g h
Create (C)
d i Add data.
y r Write (W)
r e Update data.
o p f o r
Delete (D) Delete data.
27
2
7
The Read permission applies to several types of data including SAS tables, RDBMS tables,
information maps, and cubes. The other permissions are only enforced when accessing data using
the metadata LIBNAME engine.
The table server supports additional permissions for objects that are under the Table Server plug-in
in SAS Management Console. See the SAS® 9.2 Table Server Administrator’s Guide.
9-24 Chapter 9 Securing Metadata
e In
Dashboard objects
Publishing channels
t u t 9 9
9
9
s t i n .
2
8
28
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.2 Exploring Metadata Permissions 9-25
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
3. Click the Authorization tab. Only the RM, WM, and A permissions are listed.
t S s
i g h d i
y r r e
o p f o r
C o t
N
4. Click .
9-26 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
7. Right-click Application server and select Properties.
s
i g h d i
y r r e
o p f o r
C o t
N
9.2 Exploring Metadata Permissions 9-27
8. Click the Advanced tab. The ApplicablePermissions property identifies the permissions applicable to
this type of item.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9. Click .
9-28 Chapter 9 Securing Metadata
Exercises
4. Identifying Permissions
Use SAS Management Console to identify which permissions appear on the permission lists for the
following types of items:
c .
Folder
RM WM WMM
e
CM A R C W
In D
Library
t u t
Table
s t i n .
Cube
Information I n t i o
map
S
A tri
(relational)
b u
t S
SAS Report
s
i g h
Workspace
Server
d i
y rUser
r e
o p o r
User Group
f
C o t
Role
N ACT
9.2 Exploring Metadata Permissions 9-29
e In
t u t
f. Remove the explicit WMM grant for PUBLIC. How does this affect WM for PUBLIC?
s i
g. Add Gloria to the permissions list for the Parent folder with an explicit denial of WM and an
t n .
I n t i o
h. Right-click on the Parent folder and select New Folder. Create a new folder named Child.
i. On the Authorization tab of the Child folder, select Gloria. What are the settings for WM
and WMM?
S
A tri b u
t S
j. Right-click My Folder. Are the following actions available or dimmed: New Folder,
New Stored Process, Rename, and Delete?
s
i g h d i
k. Right-click Parent. Are the following actions available or dimmed: New Folder,
New Stored Process, Rename, and Delete?
y r r e
l. Delete the Parent folder.
o p f o r
C o t
N
9-30 Chapter 9 Securing Metadata
Objectives
Explore the settings of the predefined ACTs.
Explore where the predefined ACTs are assigned
by default.
c .
e In
t u t
s t i n .
I n t i o
32 S
A tri b u
S
3
2
h t i s
r i g r e d
Predefined Access Control Templates
The predefined ACTs are used in the initial configuration.
p y o r
The permission pattern should not be modified:
Default ACT
C o t f
Portal ACT
33
3
3
If you do not have the SAS Information Delivery Portal at your site, you will not have the Portal ACT.
You might need to alter the membership of the Portal ACT.
If you need to modify the repository ACT, a best practice is to leave the current repository ACT
alone, create a new ACT with the settings you want and designate it as the repository ACT. This
enables you to revert to the previous repository ACT, if needed.
9.3 Exploring Predefined ACTs 9-31
Default ACT
Default ACT acts as the repository ACT by default:
RM WM WMM CM A R W C D
PUBLIC 8 8 8 8 8 8 8 8 8
SAS Administrators 9 9 9 9
SASUSERS
SAS System Services
9
9
9
9
9
9
c .
This ACT provides registered users with RM and WM
e In
repositories.
t u t
at the repository level. CM only affects users with project
8 = deny
t
9 = grant
s i n .
3
4
34
I n t i o
S
A tri
Portal ACT b u
t S s
The Portal ACT is used to set permissions on the
i g h d i
Permissions tree, which designates who can administer
the SAS Information Delivery Portal. By default, the
y r r e
SAS Trusted User is the only administrator for the portal.
o p f o
PUBLIC r RM WM WMM CM A
8 8
R W C D
t
SAS Trusted User 9 9
C o
N
35
3
5
9-32 Chapter 9 Securing Metadata
c .
This ACT is applied to each user’s personal folder in
e
conjunction with explicit settings to grant the user RM, In
WMM, CM, and R.
t u t
s t i n .
3
6
36
I n t i o
S u
The user, by default, is also indirectly granted WM and A on the folder.
A tri b
t S s
SAS Administrator Settings
i g h d i
The SAS Administrator Settings ACT is used to grant
y r r e
the SAS Administrators group and SAS System Services
group access to metadata.
o p f o r
SAS Administrators
RM WM WMM CM A
9 9 9 9
R W C D
C o t
SAS System Services 9
N
37
3
7
The RM grant for SAS System Services preserves access for the SAS Trusted User.
9.3 Exploring Predefined ACTs 9-33
c .
e In
t u t
s t i n .
3
8
38
I n t i o
S
A tri b u
Authorization tabs control who can modify the item in question. The Authorization tab on an ACT
controls who can modify the ACT, including the permission pattern.
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-34 Chapter 9 Securing Metadata
Exercises
e In
t u t
d. What changes, if any, would you make to the repository ACT?
7. Exploring the SAS Administrator Settings ACT
t i .
a. Verify that the SAS Administrator Settings ACT is applied to secure the predefined ACTs.
s n
Would you apply the SAS Administrator Settings ACT to any user-defined ACTs as well?
Why or why not?
I n t i o
S
A tri b u
b. To which roles is the SAS Administrator Settings ACT applied?
c. To which SAS server definitions is the SAS Administrator Settings ACT applied?
t S
Hint: Recall that some servers are defined to perform administration tasks.
s
i g h d i
d. Verify that the SAS Administrator Settings ACT is applied to the SAS Folders folder.
What additional explicit permissions are set on SAS Folders? Who can create and manage
y r r e
subfolders defined directly under SAS Folders?
o p
f o r You can only create folder items under SAS Folders because it is not a true folder.
The ability to add subfolders under SAS Folders is controlled by WM, not WMM.
C t
8. Applying the Private User Folder ACT
o
N a. Where is the Private User Folder ACT applied?
Hint: Recall that users who log on to applications that use the folder structure will have a personal
folder.
b. Who can create and manage folders under the Users folder?
9. (Optional) Analyzing the Portal ACT
a. What changes were made to the permission pattern of this predefined ACT? Why?
b. In the Plug-ins tab, navigate to Authorization Manager Ö Resource Management Ö
By Type Ö Tree. Verify that the Portal ACT is applied to the Portal Application Tree. What is the
parent of this object in the metadata?
Hint: Use the Advanced button on the Authorization tab to discover an object’s inheritance path.
c. Verify that the Portal ACT is applied to the Orion Star Users Permission Tree and
Eric Permission Tree.
9.3 Exploring Predefined ACTs 9-35
Repository ACT
c .
e In
t u t
SAS Administrator
Settings ACT
s t i n .
I n t i o
S
A tri b u
t S s
i g h
Private User Folder
d i
ACT
y r r e
o p f o r
C o t
N
Portal ACT
9-36 Chapter 9 Securing Metadata
Objectives
Explore permissions required for tasks involving the
following:
folders
stored processes
e In
information maps
t u t
reports
s t i n .
I n t i o
41 S
A tri b u
S
4
1
h t i s
r i g r e d
Permissions for Objects in the Folder Tree
You are going to explore permissions for selected items
p y o r
in the folder tree:
root folder schema
C o t f folder
information map
cube
cube component
N o report
stored process
library
table
channel column
dashboard
42
4
2
9.4 Securing Content in the Folder Tree 9-37
c .
In
It can only contain other folders.
u t e
t i t .
43
I n s i o n
t
4
3
S u
Custom repositories appear as folders under the SAS Folders root.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-38 Chapter 9 Securing Metadata
Folders
Follow these guidelines for setting security on metadata
folders:
RM Provide users a clear path of RM grants to all
content they need to access.
WM Grant WM only to users who should be able to
delete, move, or rename that folder.
c .
In
WMM Grant WMM to users who need to add items
to a folder.
u t e
t i t .
44
I n s i o n
t
4
4
in that folder. S
A tri b u
Do not assume that every permission listed on a folder’s Authorization tab is relevant for every item
t S
If you deny RM on a folder, make sure that you do not prevent the SAS Trusted User from having that
s
permission on all cubes and schemas within that folder. It is a best practice to leave the broad grant of RM
i g h d i
for SAS System Services (which includes SAS Trusted User) in place.
r e
Folders: Permissions for Selected Tasks
y r
o p f o r
Task Repository
ACT
Parent Folder Folder Item
C o t
Add a folder
Delete a folder
RM, WM
RM
RM, WMM
RM, WMM
-
RM, WM
-
N
Rename a folder
RM
RM
RM
RM, WM
RM, WM
-
Copy/export items RM RM RM RM
If the parent folder is the root folder, you need RM and WM on the root folder in order to add or delete a
folder.
9.4 Securing Content in the Folder Tree 9-39
Libraries
To associate a library with an application server, you
need WM permission for the server.
For a library accessed via the metadata LIBNAME engine,
you need the Create permission on the library item in
order to add tables and the Delete permission in order
to delete tables.
c .
e In
t u t
s t i n .
4
5
45
I n t i o
S u
Libraries and Tables: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
ACT
Application
Server
Library Parent
Folder
Table Column
i g h
Register a table
y r
Delete a table
r e RM RM RM, WM RM, RM, WM -
o p f
Set table
o r RM - RM
WMM
RM RM, WM -
C o t
permissions
N
Access table data
Register a library
RM
RM, WM
RM
RM, WM -
RM
RM,
WMM
-
RM
If a column is associated with a user defined format, the table is not displayed if the formats are
not available to the SAS server. The sasv9.cfg file in the application server folder points to the
location of the formats catalog. By default, the formats are stored in a catalog named FORMATS
in SAS-configuration-directory/Levn/application-server/SASEnvironment/SASFormats.
RMLE indicates that the Read permission is required only if the data is accessed through the metadata
LIBNAME engine.
9-40 Chapter 9 Securing Metadata
Tables
To associate a table with a library, you need WM for the
table and the library.
For a table accessed via the metadata LIBNAME engine,
you need Read in order to access data.
c .
e In
t u t
s t i n .
4
6
46
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.4 Securing Content in the Folder Tree 9-41
OLAP Cubes
To register cubes, you need WM permission for the
OLAP schema and WMM permission for the target folder.
Read permission is enforced for cubes.
c .
e In
t u t
s t i n .
4
7
47
I n t i o
S u
Cubes: Permissions for Selected Tasks
A tri b
Task
t S Repository
ACT
s
Application
Server
OLAP
Schema
Parent
Folder
Cube Source
Data Sets
cube
i g h
Register a RM, WM
y r
Delete a
r eRM RM RM, WM RM, WMM RM, WM -
o p cube
f
Rebuild a
o r RM RM RM RM RM, WM RM, RMLE
C cube
o t RM, RMLE
N
Refresh a
cube
Set cube
RM
RM
RM
-
RM
RM
RM
RM
RM, R
RM, WM -
permissions
Access RM RM RM RM RM, R -
cube data
Use the RM A - - - -
OLAP
Server
Monitor
RMLE indicates that the Read permission is required only if the data is accessed through the metadata
LIBNAME engine.
9-42 Chapter 9 Securing Metadata
Stored Processes
To register a stored process, you need WM permission
for the target application server and WMM permission
for the target folder.
To run a stored process, you need RM permission
on the stored process.
c .
e In
t u t
s t i n .
4
8
48
I n t i o
S u
Stored Processes: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
Parent
Folder
Application
Server
Stored
Process
Data
i g
process h
Register a stored
y r r
Delete a stored e RM RM, WMM RM, WM RM, WM -
o p process
f o r
Set stored process RM RM RM RM, WM -
C t
permissions
N
Run a stored
process
RM RM RM RM
RMLE indicates that the Read permission is required only if the data is accessed through the metadata
LIBNAME engine.
ROLAP indicates that the OLAP data can also be involved (the Read permission is always required
for OLAP data)
9.4 Securing Content in the Folder Tree 9-43
Information Maps
To access data through an information map, you need
R on that information map.
When accessing data through an information map,
you need R on the data if
data is accessed through the metadata LIBNAME
engine (RMLE)
the map is accessing OLAP data (ROLAP).
c .
e In
t u t
s t i n .
4
9
49
I n t i o
S u
Information Maps: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
Parent
Folder
Information
Map
Stored
Process
Data
i g h
Create and save a
new information
d i
RM, WM RM, WMM - RM RM, RMLE,, ROLAP
r
map
y r e
o p Delete an
o r
information map
f
RM RM, WMM RM, WM - -
C o t
Set information
map permissions
RM RM RM, WM - -
N
Edit or rename an
information map
RM RM RM, WM - -
RMLE indicates that the Read permission is required only if the data is accessed through the metadata
LIBNAME engine.
ROLAP indicates that the OLAP data can also be involved (the Read permission is always required
for OLAP data).
9-44 Chapter 9 Securing Metadata
Reports
Reports can either be static (pre-generated) or dynamic.
For a dynamic report, the underlying data is queried
every time the report is opened.
For a pre-generated or batch report, the data is
contained in the report and is not queried unless
the report is refreshed.
c .
e In
t u t
s t i n .
5
0
50
I n t i o
S u
Reports: Permissions for Selected Tasks
A tri b
Task
t S Repository
s
Parent
Folder
Report Stored
Process
Information
Map
Data
i g h
Create and save
new report
d i
RM, WM RM,
WMM
- RM RM, R RM, RMLE,,
ROLAP
y r
Delete report
r e RM RM, RM, WM - - -
o p f o r
View or refresh RM
WMM
C report
o t ROLAP
N
View a batch
report
Edit or rename
RM
RM
RM
RM
RM
RM, WM
-
-
-
-
-
-
report
RMLE indicates that the Read permission is required only if the data is accessed through the metadata
LIBNAME engine.
ROLAP indicates that the OLAP data can also be involved (the Read permission is always required
for OLAP data).
9.4 Securing Content in the Folder Tree 9-45
Reports
If a user cannot run a report, check the following:
Does the user have R permission for the underlying
information map?
Does the user have R permission for any underlying
OLAP cube?
Does the user have R permission for any underlying
relational data that is accessed via the metadata
c .
LIBNAME engine?
e
Does the SAS Trusted User have RM permissions In
for any underlying cube?
t u t
Does the account that retrieves the data have physical
t
access to the data?
s i n .
Is the underlying information map in a legitimate
5
1
51
folder?
I n t i o
S u
By default, SAS Web Report Studio can interact with information maps regardless of their
A tri b
location within the folder structure. The administrator can choose to establish a more controlled
t S
environment in which SAS Web Report Studio can interact with information maps only in
designated locations. See the wrs.map.accessibility.check property in the SAS® 9.2 Intelligence
s
i g h d i
Platform: Web Application Administration Guide.
y r r e
o p f o r
C o t
N
9-46 Chapter 9 Securing Metadata
Exercises
c .
Ellen is a Report Content Creator for Sales.
e In
b. In the SAS Folders pane, select
t u t
. Make sure no folders are highlighted and select .
Is Ellen able to successfully create a folder? If not, show the details of the error and find the text
t i .
that follows <SASMessage severity="Error">.
s n
c. Expand the Orion Star folder. What subfolder does Ellen see?
I n t i o
d. Select the Orion Star folder. Can Ellen create a subfolder?
S
A tri b u
e. Select the subfolder under Orion Star and select . Can Ellen create a folder here?
t S
If the new folder was created, delete the folder.
s
i g h d i
f. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions on the
Permission Pattern tab of the repository ACT? On the Folders tab, what are Ellen’s permissions
y r r e
to SAS Folders, Orion Star, and Sales Department?
o p f o r
g. Given Ellen’s permissions and the following table, should Ellen be able to create a subfolder
under SAS Folders, Orion Star, and Sales Department?
N Add a folder
ACT
RM, WM
Folder
RM, WMM - -
Delete a folder RM RM, WMM RM, WM -
Rename a folder RM RM RM, WM -
Set folder permissions RM RM RM, WM -
Add an item to a folder RM, WM RM RM, WMM -
Delete an item from a folder RM RM RM, WMM RM, WM
Copy/export items RM RM RM RM
Paste/import items RM, WM RM RM, WMM -
If the parent folder is the root folder, you need RM and WM on the root folder in order to add
or delete a folder.
9.4 Securing Content in the Folder Tree 9-47
h. Modify the security settings on the Sales Department folder structure so that Ellen and the other
Report Content Creators can only add content to the following folders, but not modify the folders
themselves: Information Maps, Reports, and Stored Processes.
12. Securing Libraries and Tables
a. Log on to SAS Data Integration Studio as Ellen. Would Ellen be likely to have
SAS Data Integration Studio installed on her desktop?
b. Register a SAS BASE library with the following characteristics:
Type of library: SAS BASE Library
c .
Name: Sales Data
e In
t u t
Location: /Orion Star/Sales Department/Data
Selected Server: SASApp
Libref: sales
s t i n .
I n i o
Path specification: S:\Workshop\OrionStar\orgold
t
S
A tri b u
Is Ellen successful? If not, where does she fail and what is the error message?
c. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions to the
t S
Orion Star/Sales Department/Data folder?
s
g h d i
d. Given Ellen’s permissions and the following table, should Ellen be able to register libraries
and tables in the Data folder?
i
y r r e
Libraries and Tables: Permissions for Selected Tasks
o p f o r
Task Repository
ACT
Application
Server
Library Parent
Folder
Table Column
C o t
Register a table RM, WM RM RM, WM RM,
WMM
- -
If a column is associated with a user-defined format, the table is not displayed if the
formats are not available to the SAS server. The sasv9.cfg file in the application server
folder points to the location of the formats catalog. By default, the formats are stored
in a catalog named FORMATS in SAS-configuration-directory/Levn/application-
server/SASEnvironment/SASFormats.
9-48 Chapter 9 Securing Metadata
e. If necessary, modify the security settings in the Data folder so that only the Administrators
and Data Integrators can register libraries and tables in that folder. All members of the Sales
Department should be able to open data in the Data folder.
f. Log on to SAS Data Integration Studio as a user who can register a library and tables.
Register the Sales Data library and all available tables.
g. Log on to SAS Data Integration Studio as Ellen and verify that she can view the data in the Sales
Data ORDER_FACT table.
e In
u t
b. Create a cube with the following characteristics:
t
Name: Sales_Cube
s t i
OLAP Schema: SASApp – OLAP Schema
n .
I n t i o
Location: /Orion Star/Sales/Department/Data
S u
Physical cube path: S:\workshop\SPAFT\cubes
A tri b
s
i gDimension
d i
Selected table: Sales Data Ö ORDER_FACT
h
y r r e
Name: Time
C o t Type: TIME
Sort order: Ascending Unformatted
d. Given Ellen’s permissions and the following table, should Ellen be able to create a cube
in the Data folder?
Cubes: Permissions for Selected Tasks
c .
In
Delete a RM RM RM, WM RM, WMM RM, WM -
cube
Rebuild a
cube
RM RM RM RM
u t e
RM, WM RM, RMLE
Refresh a
cube
RM
s
RM
n . RM
tit
RM RM, R RM, RMLE
Set cube
permissions I
RM
n t i o - RM RM RM, WM -
Access cube S
A tri RM
b u RM RM RM RM, R -
data
t
Register aS s
RM, WM RM, WM - RM, WMM - -
schema
i g h d i
y r
Use the
OLAP
r e RM A - - - -
o p Server
f
Monitor
o r
C t
e. Log on to SAS Enterprise Guide as Ellen and verify that she can view the data in
o
Sales Order_Cube.
N
9-50 Chapter 9 Securing Metadata
e In
t u t
Save SAS code as: S:\Workshop\spaft
s i
Is Ellen successful? If not, where does she fail and what is the error message?
t n .
c. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions to the
I n t i o
Orion Star/Sales Department/Stored Processes folder?
d. Given Ellen’s permissions and the following table, should Ellen be able to register a stored
S u
process in the Stored Processes folder?
A tri b
t S
Stored Processes: Permissions for Selected Tasks
Task
s Repository Parent Application Stored Data
y r process
r e
Register a stored RM, WM RM, WMM RM, WM - -
o p f o r
Delete a stored
process
RM RM, WMM RM, WM RM, WM -
N permissions
Run a stored
process
RM RM RM RM RM, RMLE,, ROLAP
e. Will modifying the current permissions enable Ellen to successfully register a stored process?
f. Make the source code repository path available by using SAS Management Console. Return
to SAS Enterprise Guide as Ellen and register and test the stored process.
9.4 Securing Content in the Folder Tree 9-51
You might need to add the new path and you cannot add this path from SAS Enterprise
Guide. In SAS Enterprise Guide, you are limited to registering server paths underneath the
default navigation location, which is the user’s home directory.
Return to SAS Management Console. On the Folders tab, right-click on any folder and select
New Stored Process…. Provide a name for the stored process and click . Select the
SASApp – Logical Stored Process Server and click . In the Manage Source Code
Repositories window, click . Provide the desired path and, if you choose, a description.
Click twice. Click to end the stored process creation. The path is now
c .
In
available.
15. Securing Information Maps
u t e
a. Log on to SAS Information Map Studio as Ellen.
t i t .
b. Create an information map named Sales Map with all of the columns from the Sales Reporting
s n
Library ORDER_FACT table. Save the information map in Orion Star/Sales
n
Department/Information Maps as Ellen Map.
I i o
S u t
Is Ellen successful? If not, where does she fail and what is the error message?
A tri b
c. Log on to SAS Management Console as Ahmed. What are Ellen’s permissions to the Orion
Star/Sales Department/Information Maps folder?
S
h t i s
d. Given Ellen’s permissions and the following table, should Ellen be able to register an information
map in the Information Map folder?
r i g r e d
Information Maps: Permissions for Selected Tasks
p y o r
Task Repository Parent
Folder
Information
Map
Stored
Process
Data
C o t f
Create and save a RM, WM RM, WMM - RM RM, RMLE,, ROLAP
N onew information
map
e. Return to SAS Information Map Studio as Ellen and run a test query on the sales map.
Is Ellen successful? If not, modify the permissions to enable her to access the map.
9-52 Chapter 9 Securing Metadata
e In
in the Reports folder?
t u t
Reports: Permissions for Selected Tasks
Task
s t i
Repository
n .
Parent
Folder
Report Stored
Process
Information
Map
Data
I
Create and save n RM, WM
t i o RM, WMM - RM RM, R RM, RMLE,,
new report
S
A tri
Delete report
b RMu RM, WMM RM, WM - -
ROLAP
t S
View or refresh
s
RM RM RM RM RM, R RM, RMLE,,
i g h
report
d i ROLAP
y r report
r e
View a batch RM RM RM - - -
o p f o r
Edit or rename
report
RM RM RM, WM - - -
C o tSet report
permissions
RM RM RM, WM - - -
Objectives
Explore permissions required for tasks that involve the
following:
servers
e In
t u t
s t i n .
I n t i o
54 S
A tri b u
S
5
4
h t i s
r i
Servers
g r e d
To monitor or operate servers other than the metadata
p y o r
server, you need the Administer permission on the server.
To associate a stored process, OLAP cube, or library with
C o t f
an application server, you need WM permission for that
application server.
N o
55
5
5
9-54 Chapter 9 Securing Metadata
Hiding Servers
To limit the use of a particular server, deny the
RM permission to hide the server.
Make sure the SAS System Services group has
RM permission for server metadata. This enables
the object spawner, connecting as SAS Trusted User,
to discover server metadata.
Make sure the SAS General Servers group has
c .
RM permission for server metadata. This is required
for stored process servers and pooled workspace
e In
servers.
u t
Any user who uses a server needs RM permission
t
for that server.
s t i n .
5
6
56
I n t i o
for that server. S
A tri b u
Users who need to access a client-side pooled workspace server do not need RM permission
t S s
i g h
Identities
d i
y r r e
User administration capabilities enable you to create,
update, and delete users, groups, and roles.
o p f o r
An identity’s Authorization tab has no effect on what that
identity can do. The Authorization tab controls who can
C o t
modify the metadata identity.
N
57
5
7
9.5 Securing Content outside the Folder Tree 9-55
ACTs
To create an ACT you need repository-level WM
permission.
It is important to add protection to any ACT that you
create.
c .
e In
t u t
s t i n .
5
8
58
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-56 Chapter 9 Securing Metadata
Exercises
e
b. Connect to SAS Enterprise Guide as Ellen. View the Server List. In
Which servers can Ellen see?
t u t
s i
c. Log on to SAS Management Console as Ahmed.
t n .
What are Ellen’s permissions on the following servers:
SASMeta
I n t i o
SASMeta - Logical Metadata Server
S
A tri b u
SASMeta - Logical Workspace Server
SASMeta - Logical SAS DATA Step Batch Server
t
SASAppS s
i g h d i
SASApp - Logical Workspace Server
y r r e
SASApp - Logical Pooled Workspace Server
SASApp - Logical SAS DATA Step Batch Server
o p o r
SASApp - Logical Stored Process Server
f
C t
18. Securing Identities
Objectives
Create baseline ACTs.
Use baseline ACTs to secure folders.
c .
e In
t u t
s t i n .
I n t i o
61 S
A tri b u
S
6
1
h t i s
r i g r e d
General Use ACTs
Most of the metadata that needs to be secured is stored
p y o r
in folders and inherits permissions from folders. One
approach to securing folders is to create and apply some
C o t f
general-use ACTs.
The ACTs can be applied to folders in combination with:
62
6
2
If you choose to create additional ACTs, be careful not to create conflict by granting and denying
permissions to multiple groups in a user’s identity hierarchy. For this reason, it can be easier to combine
the general use ACTs with explicit permissions.
9-58 Chapter 9 Securing Metadata
t e
OLAP server, information maps, and
u
the metadata LIBNAME engine for
t i t
all restricted users.
.
63
I n s i o n
t
6
3
S
A tri
The Hide ACT b u
t S s
The Hide ACT gives SAS Administrators and service
i g h d i
identities exclusive read access to metadata.
y r PUBLIC
r e RM WM WMM CM A
8
R W C D
o p f o r
SAS Administrators
SAS System Services
9
9
C o t
N
64
6
4
9.6 Creating Additional ACTs 9-59
c .
e In
t u t
s t i n .
6
5
65
I n t i o
S
A tri
The LimitData ACT b u
t S s
The LimitData ACT prevents all restricted users from
i g h d i
accessing data that requires the Read permission.
y r PUBLIC
r e RM WM WMM CM A R W C D
8
o p f o r
C o t
N
66
6
6
The Read permission is required when accessing data in an OLAP cube, through an information map,
or through the metadata LIBNAME engine.
It is not typical to use an ACT to limit a single permission for a single group, but applying an ACT
enables you to track where the permission has been denied. To remove the denial of the permission,
remove the ACT.
9-60 Chapter 9 Securing Metadata
Sales Department
c .
e In
t u t
s t i n .
6
7
67
I n t i o
S u
You can further subdivide the organizational folder structure by creating subfolders as needed.
A tri b
t S s
Securing Organizational Folders
i g h d i
If you have a central group that creates all content,
y r e
you could secure the organizational folders as follows:
r
o p f o r
C o t
N
68
6
8
The ability to create, manage, and delete content is shut off at the top by the Protect ACT on Orion Star.
The constraint is inherited through the tree except where there are supplemental grants of WMM.
The Hide ACT on Marketing Department prevents Sales from seeing that folder structure.
9.6 Creating Additional ACTs 9-61
If you further subdivided the department level folders, the supplemental grants at the department level
only need to grant RM to the appropriate groups:
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
If the Marketing Department includes managers that need to consume the content in all of the Marketing
C t
subfolders you can grant them RM on the Marketing Department folder and RM and R on each region
o
folder.
N
In this example, the Marketing Department folder is used to share content with the Marketing group.
9-62 Chapter 9 Securing Metadata
by function
c .
e In
t u t
s t i n .
6
9
69
I n t i o
S
A tri
Project Folders b u
t S s
If you choose to create project folders, you need
i g h
to decide
d i
who should be able to create and modify the project
y r r e
folders themselves
o p f o r
who should be able to create and modify content
within the folders.
C o t
N
70
7
0
The project folders would contain all the different objects that are used within a given project, including
libraries, tables, jobs, maps, stored processes, and reports.
9.6 Creating Additional ACTs 9-63
c .
e In
t u t
s t i n .
7
1
71
I n t i o
S
A tri b u
This example relies on SAS Administrators to create and manage project folders.
An alternative would be to leave the maintenance of existing project folders to the administrators, but to
t S
enable members of the Marketing group to create new folders. This is done by granting Marketing WMM
s
at the Marketing folder level. To prevent members of the Marketing group from modify the existing
i g h
in the folders,
d i
project folders (for example, renaming them), but to enable them to create and modify the content
r r e
• apply the Protect ACT to the project folders to override the inherited WM from the explicit WMM
y
o p f o r
on the group folder
• supplement by granting Marketing WMM on each project folder.
C o t
N
9-64 Chapter 9 Securing Metadata
Functional Folders
If your organization includes custom groups that represent
users who perform similar job functions, you can create
and secure subfolders as follows:
c .
e In
t u t
s t i n .
7
2
72
I n t i o
S
A tri b u
For Data Integrators, Map Creators, and Report Creators to have access to the Marketing
Department folder, you need to either make those groups members of the Marketing group
t S
or add explicit grants for them at the Marketing folder level.
s
g h d i
You can choose to add the Protect ACT to the functional subfolders, but the permissions inherited from
Orion Star should be sufficient and uninterrupted.
i
r r e
Nothing in these settings prevents the creation of a certain type of content. For example, a map creator
y
o o r
can create a report and add it to the map folder. Do not forget to do the following:
p
• Use roles to limit functionality like creating reports in SAS Web Report Studio.
f
C t
• Manage WM on the server to limit users’ ability to register libraries, stored processes, and
o
OLAP schemas.
N
• Use the map accessibility check configuration option, if needed, to limit the locations from which
SAS Web Report Studio use relational maps.
If the functional settings are repeated for other folders, for example, under the Sales folder, you can
choose to create ACTs for the functional group settings.
9.6 Creating Additional ACTs 9-65
Additional Considerations
In general, it is not necessary to add protection
to predefined folders.
To hide a branch, apply the Hide ACT to a particular
folder and grant back RM to any groups who should
have access.
To enable a group to contribute to a particular folder,
grant that group WMM on the folder and consider
c .
adding the Protect ACT on immediate subfolders.
Grant R on folders that contain data to groups that
e In
ACT on subfolders.
t u t
need to access it and consider applying the LimitData
s t i n .
7
3
73
I n t i o
S
A tri b u
A user who can update an item can add settings to that item. In addition to SAS Management Console,
users can set permissions in other applications including SAS Information Map Studio,
t S
SAS Data Integration Studio, SAS OLAP Cube Studio, and SAS Enterprise Guide.
s
A user who can contribute items for a folder can also create subfolders.
g h d i
If you give someone CM on a folder, they can check content into the folder, as well as update
i
y r r e
or delete the folder through change management. Change management is only available through
SAS Data Integration Studio.
o p f o r
C o t
Backing Up the Environment
Before you make a significant change, such as
74
7
4
9-66 Chapter 9 Securing Metadata
ACTs (Review)
To create an ACT, you need repository-level
WM permission.
It is important to add protection to any ACT you create.
c .
e In
t u t
s t i n .
7
5
75
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.6 Creating Additional ACTs 9-67
Exercises
c .
In
b. Log on to SAS Management Console as Ahmed. How are the custom ACTs secured?
Modify security if necessary.
t
20. Creating and Securing Custom Folders
u e
i t
Hint: Before making major security changes to existing folder structures, back up the metadata.
t .
I s i o n
a. Do the existing Marketing and Sales folders use project or functional subfolders?
n
b. Create the Hide, Protect, and LimitData ACTs.
S
c. Secure the new ACTs.
u t
A tri b
d. Under Orion Star, create a subfolder named Finance with the following subfolders:
S
Data
h t
Information Maps
i s
r i g
Jobs
r e d
p y Reports
r
Stored Processes
o
C o f
e. Secure the Finance folder and subfolders as follows:
t
N oIn Orion Star, the Data Integrators group will register libraries, tables, and cubes in the Data
subfolder and create jobs in the Jobs subfolder.
The Report Content Creators group will create maps in the Information Maps subfolder, stored
processes in the Stored Processes subfolder, and reports in the Reports subfolder.
All of Finance should be able to use the information under Finance.
The Data Integrators and Report Content Creators groups are not part of the Finance group
so ensure that they have access to the Finance folder.
f. Verify that the effective permissions are set on the new folders for Sales, Marketing, Finance,
Data Integrators, Report Content Creators, Jacques, Gloria, Bruno, and Robert. Test the
permission settings.
Hint: Use the Advanced button on the Authorization tab to explore the effective permissions for
a user or group not listed on the particular Authorization tab.
g. (Optional) Examine the security settings on the Marketing folder structure. Apply or modify
security if required.
9-68 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
b. Copy secrpt.sas from C:\Program Files\SAS\SASFoundation\9.2\core\sample to
S:\Workshop\spaft\Report.
c. Open S:\Workshop\spaft\Report\secrpt.sas in TextPad.
1) Scroll to the bottom.
2) Locate the OPTIONS statement. Provide the correct value for METASERVER=,
METAUSER=, and METAPASS= system options.
options metaserver=localhost metaport=8561 metauser="Ahmed"
metapass="Student1";
3) Locate the FILENAME statement that assigns the rptdir fileref and provide
S:\Workshop\spaft\Report as the path value (in double quotation marks).
/* Assign a fileref to the report directory. */
filename rptdir "S:\Workshop\spaft\Report";
9-70 Chapter 9 Securing Metadata
4) Locate the LIBNAME statement that assigns the permlib libref and provide
S:\Workshop\spaft\Security as the path value (in double quotation marks).
/* Assign the permlib library to location where the permission
information is located. */
libname permlib "S:\Workshop\spaft\Security";
5) Locate the FILENAME statement that assigns the report fileref and provide
S:\Workshop\spaft\Report\index.html.
filename report "S:\Workshop\spaft\Report\index.html";
6) Save the changes.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
d. Create a new file using TextPad. Type the following code and save the file as Report.sas in
S:\Workshop\spaft\Report:
options metaserver=localhost metauser="Ahmed" metapass="Student1";
libname permlib "s:\workshop\spaft\Security";
%mdsecds(outdata=permlib.mdsecds);
%include “S:\Workshop\spaft\Report\secrpt.sas”;
The LIBNAME statements and macro options are set to save the output SAS data sets
into folders under S:\Workshop\spaft\Security.
9.7 Solutions to Exercises 9-71
e. In Windows Explorer, right-click Report.sas and click Batch Submit with SAS 9.2. Review
Report.log for errors.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
f. Open S:\Workshop\spaft\Report\index.html.
s
i g h d i
y r r e
o p f o r
C o t
N
9-72 Chapter 9 Securing Metadata
c .
In
MemberTypes comma-separated list of the public object types for the folder members that
should be included in the data set. Specifying "*" will return all types.
memfilters
u e
The default is "*".
t
expression in the form of @attrname comp "value" used to filter the folder
t i t
"members" association. The default is no filter.
.
perms
I n s o n
comma-delimited list of permissions on which to report. This is an optional
parameter. The default is to report on only the permissions that apply
i
S t
to a specific object type. This is determined by information stored in the
metadata type dictionary.
u
S A tri
IdentityTypes
bcomma-delimited list of identity types to report on. The two types are
IdentityGroup and Person. The default is to report on all types.
h t i s
IdentityTypes and IdentityNames lists must be used in parallel to specify
identities for which authorizations are desired.
r i g r e d
IdentityNames comma-delimited list of identity names (for example, Fred Flintstone).
IdentityTypes and IdentityNames must be used as parallel comma-
C o t f
outdata base name of the data sets/views that will be created by a macro or those
that it calls. The default is work.mdsecds. Data sets that are created will
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-74 Chapter 9 Securing Metadata
b. Create a new file using TextPad. Type the following code and save the file as User_extr.sas in
S:\Workshop\spaft\User_group:
options metaserver=localhost metauser="Ahmed" metapass="Student1";
libname ugroups "s:\workshop\spaft\User_group";
%mduextr(libref=ugroups);
The MDUEXTR macro is part of the user import macros and extracts information
including user and group membership.
c
The LIBNAME statements and macro options are set to save the output SAS data sets
.
In
into folders under S:\Workshop\spaft\User_group.
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
9.7 Solutions to Exercises 9-75
c. In Windows Explorer, right-click User_extr.sas and click Batch Submit with SAS 9.2.
Review User_extr.log for errors.
d. Open and examine the tables created by the code.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
e. Use Windows Explorer to navigate to C:\Program Files\SAS\SASFoundation\9.2\core\sasmacro.
i
y r e
Open mduextr.sas using TextPad. In addition to the LIBREF function, what parameters can you
r
use with this macro? There are no other parameters to be used for this code.
o p f o r
3. Creating and Applying an Access Control Template (ACT)
a. Use the Authorization Manager to create a new ACT.
C o t
1) Expand Authorization Manager. Right-click Access Control Templates and select
2) On the General tab, type the name Test Access Control Template.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-77
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-78 Chapter 9 Securing Metadata
4) Move Barbara from the Available Identities pane to the Selected Identities pane.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-79
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-80 Chapter 9 Securing Metadata
b. Apply an ACT.
1) Before applying the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
a) On the Folders tab, right-click Orion Star and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-81
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-82 Chapter 9 Securing Metadata
a) Click .
b) Move the Test Access Control Template from the Available pane to the Currently Using
pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-83
3) After you apply the ACT, what identities are listed on the Orion Star metadata folder
Authorization tab?
The following identities appear on the Authorization tab: Application Developers, Data
Integrators, PUBLIC, SAS System Services, SAS Administrators, SASUSERS, and Barbara.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-84 Chapter 9 Securing Metadata
b) The error indicates that because the identity was added to the Authorization tab as part
of an ACT, it cannot be removed individually. You need to remove the ACT to remove the
identity. Click .
c .
e In
t u t
s t i n .
5) Remove the ACT from the Orion Star metadata folder.
a) Click I n t i o .
S
A tri b u
b) Move Test Access Control Template from the Currently Using pane to the Available
t S
pane. Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-85
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-86 Chapter 9 Securing Metadata
4. Identifying Permissions
Use SAS Management Console to identify which permissions appear on the permission lists for the
following types of items:
RM WM WMM CM A R C W D
Folder X X X X X X X X X
Library
Table
X
X
X
X
X
X
X
X
X
X
X X
X
c .X
Cube X X
e
X
In
Information
map
X X
t u t X
(relational)
SAS X
s t iX
n .
Report
I n t i o
Workspace
Server S
A tri
X
b
X
u X
User
t S X
s
X
i g h
User Group
d i
X X
y r
Role
r e X X
o p
ACT
f o r X X
C o t
N
9.7 Solutions to Exercises 9-87
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-88 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-89
c. Right-click on the Parent folder, select Properties, and then click the Authorization tab. Select
PUBLIC and add an explicit grant of WM. How does this affect WMM for PUBLIC?
It changes WMM to Grant with an indirect background color.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-90 Chapter 9 Securing Metadata
d. Select the grant WM box for PUBLIC again to clear the explicit setting. How does this affect
WMM for PUBLIC?
It changes both WM and WMM back to indirect Deny.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-91
e. Add an explicit grant of WMM for PUBLIC. How does this affect WM for PUBLIC?
No change for WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-92 Chapter 9 Securing Metadata
f. Remove the explicit WMM grant for PUBLIC. How does this affect WM for PUBLIC?
No change for WM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-93
g. Add Gloria to the permissions list for the Parent folder with an explicit denial of WM and
an explicit grant of WMM.
1) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-94 Chapter 9 Securing Metadata
2) Select Gloria from the list in the left pane. Select to move Gloria to the right pane.
Click to add Gloria to the folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-95
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-96 Chapter 9 Securing Metadata
h. Right-click on the Parent folder and select New Folder. Create a new folder named Child.
Click to create the folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-97
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-98 Chapter 9 Securing Metadata
j. Right-click My Folder.
Are the following actions available or dimmed: New Folder, New Stored Process, Rename, and
Delete?
New Folder and New Stored Process are available.
Rename and Delete are dimmed.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
k. Right-click Parent.
Are the following actions available or dimmed: New Folder,
y r r e
New Stored Process, Rename, and Delete?
o p f o r
All are available choices.
C o t
N
9.7 Solutions to Exercises 9-99
c .
e In
t u t
s t i n .
I n t i o
2) Click
S
A tri b u
to confirm the delete request.
t S s
i g h d i
y r r e
o p f o r
C t
6. Investigating the Repository ACT
o
a. Why is SASUSERS granted RM and WM in the repository ACT?
N After they are given an identity in SAS Management Console as a registered user, users
would be able to access SAS information based on permissions set for them by the platform
administrator. It also enables them to create metadata objects, which most users will do,
even if it is only in the private folders.
b. Why is SASUSERS granted CM in the repository ACT?
For use with SAS Data Integration Studio and project repositories
c. Why is PUBLIC denied all permissions in the repository ACT?
In this way, you are unable to access SAS information unless you become a registered user
in SAS Management Console.
d. What changes, if any, would you make to the repository ACT?
None
9-100 Chapter 9 Securing Metadata
c .
In
c. To which SAS server definitions is the SAS Administrator Settings ACT applied?
SASMeta - Logical Workspace Server, SASMeta - Logical SAS DATA Step Batch Server
t e
Hint: Recall that some servers are defined to perform administration tasks.
u
t t
d. Verify that the SAS Administrator Settings ACT is applied to the SAS Folders folder. What
i .
additional explicit permissions have been set on SAS Folders?
I s i o n
Data Integrators grant RM and CM; PUBLIC denies WM and CM
n
Who can create and manage subfolders defined directly under SAS Folders?
SAS Administrators
S u t
A tri b
You can only create folders items under SAS Folders because it is not a true folder.
S
The ability to add subfolders under SAS Folders is controlled by WM, not WMM.
t s
8. Applying the Private User Folder ACT
h i
r g e d
a. Where is the Private User Folder ACT applied?
i
The user’s My Folder folder
r
p y o
folder.
r
Hint: Recall that users who log onto applications that use the folder structure will have a personal
C o t f
b. Who can create and manage folders under the Users folder?
N o
SAS Administrators
9. (Optional) Analyzing the Portal ACT
a. What changes were made to the permission pattern of this predefined ACT? Why?
The Application Developers Group is added to the ACT so that the members can act
as portal administrators.
b. In the Plug-ins tab, navigate to Authorization Manager Ö Resource Management Ö
By Type Ö Tree. Verify that the Portal ACT is applied to the Portal Application Tree.
1) Expand Authorization Manager Ö Resource Management Ö By Type Ö Tree.
2) Right-click Portal Application Tree and select Properties.
9.7 Solutions to Exercises 9-101
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-102 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
h
5) Click
i g d i .
y r r e
6) The Inheritance tab indicates that the parent object is the SAS Folders folder.
o p f o r
Click twice.
C o t
N
9.7 Solutions to Exercises 9-103
c. Verify that the Portal ACT has been applied to the Orion Star Users Permission Tree and
Eric Permission Tree.
1) Expand Authorization Manager Ö Resource Management Ö By Type Ö Tree.
2) Right-click Orion Star Users Permissions Tree and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-104 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-105
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
5) Right-click Eric Permissions Tree and select Properties.
y r r e
o p f o r
C o t
N
9-106 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-107
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-108 Chapter 9 Securing Metadata
u t e RM and deny WM
SAS System Services
SAS Administrator
Settings ACT
t
SAS Administrator
i
Settings
t .
PUBLIC deny WM
deny WM
I n s i o n PUBLIC deny RM
SASUSERS grant RM
S u t and deny WM
Data Integrators grant
i s
SAS Administrator
Settings
PUBLIC deny WM
deny WM
r i g r e d PUBLIC deny RM
SASUSERS grant RM
p y o r
and deny WM
Data Integrators grant
C o t f RM and deny WM
N o
Portal ACT SAS Administrator
Settings
PUBLIC deny WM
SAS Trusted User grant
RM and WM
SAS System Services
deny WM
PUBLIC deny RM
SASUSERS grant RM
and deny WM
Data Integrators grant
RM and deny WM
b. In the SAS Folders pane, click . Make sure no folders are highlighted and click .
Is Ellen able to successfully create a folder? If not, show the details of the error and find the text
that follows <SASMessage severity="Error">. No, Ellen cannot create a folder. The
error is “The user does not have permission to perform this action.”
9.7 Solutions to Exercises 9-109
c. Expand the Orion Star folder. What subfolder does Ellen see?
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
d. Select the Orion Star folder. Can Ellen create a subfolder?
t S
No, the new folder icon is not available.
s
i g h d i
e. Select the subfolder under Orion Star and select . Can Ellen create a folder here? Yes
y r r e
If the new folder was created, delete the folder.
o p f o r
C o t
N
9-110 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-111
On the Folders tab, what are Ellen’s permissions to SAS Folders, Orion Star, and the Sales
Department?
1) Right-click SAS Folders and select Properties.
c .
e In
t u t
s t i n .
I n t i o
2) Click the Authorization tab and click .
S
3) Click the Explore Authorizations tab. Select the Search Name radio button. Select Contains
A tri b u
in the Name or Display name field and type Ellen. Select .
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-112 Chapter 9 Securing Metadata
4) View the results for Ellen and notice that she has RM permission for the SAS Folders.
Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-113
7) Click the Explore Authorizations tab. Select the Search Name radio button. Select Contains
in the Name or Display name field and type Ellen. Select .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-114 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-115
11) Click the Explore Authorizations tab. Select the Search Name radio button. Select
Contains in the Name or Display name field and type Ellen. Select .
12) Folder Ellen has RM, WM, WMM, and R. Click twice.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-116 Chapter 9 Securing Metadata
g. Given Ellen’s permissions and the following table, should Ellen be able to create a subfolder
under SAS Folders? No
Orion Star? No
Sales Department? Yes
Folders: Permissions for Selected Tasks
e In-
Rename a folder
RM
RM
RM
RM, WM
RM, WM
u t -
s
Add an item to a folder
t i n .
RM, WM RM RM, WMM -
I n
Delete an item from a folder
S
Copy/export items
A tri
Paste/import items
b u RM
RM, WM
RM
RM
RM
RM, WMM
RM
t S s
If the parent folder is the root folder, you need RM and WM on the root folder in order to add
i g h d i
or delete a folder.
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-117
h. Modify the security settings on the Sales Department folder structure so that Ellen and the other
Report Content Creators can only add content to the following folders, but not modify the folders
themselves: Information Maps, Reports, and Stored Processes.
1) In the Sales Department folder, add the Report Content Creators group and verify that they
are only granted RM.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-118 Chapter 9 Securing Metadata
2) In the folders for Information Maps, Reports, and Stored Processes, go to the Authorization
tab. Verify that the RM is indirectly granted and explicitly deny WM and explicitly grant
WMM for the Report Content Creators group.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-119
e In
Libref: sales
t u t
s i
Path specification: S:\Workshop\OrionStar\orgold
t n .
Is Ellen successful? If not, where does she fail and what is the error message?
I n
1) Select New Ö Library….
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-120 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-121
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-122 Chapter 9 Securing Metadata
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-123
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
7) Type sales as the libref.
C o t
8) Click to specify the path.
N
9-124 Chapter 9 Securing Metadata
9) Click to create the new path. Navigate to S:\Workshop\Orion Star. Select the
orgold subfolder and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
10) Click
d i .
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-125
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-126 Chapter 9 Securing Metadata
11) Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-127
The library registration now appears in the Data folder. Ellen is successful.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-128 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-129
d. Given Ellen’s permissions and the following table, should Ellen be able to register libraries and
tables in the Data folder?
Yes
Libraries and Tables: Permissions for Selected Tasks
c . -
Delete a table RM
e
RM RM, WM RM,
WMM
RM, WM
In -
Set table RM
t u t - RM RM RM, WM -
permissions
Register a library
I nRM, WM
t i oRM, WM - RM,
WMM
- -
S
A tri b u
If a column is associated with a user-defined format, the table is not displayed if the
t S
formats are not available to the SAS server. The sasv9.cfg file in the application server
folder points to the location of the formats catalog. By default, the formats are stored
s
i g h d i
in a catalog named FORMATS in SAS-configuration-directory/Levn/application-
server/SASEnvironment/SASFormats.
r r e
e. If necessary, modify the security settings in the Data folder so that only the Administrators
y
o p f o r
and Data Integrators can register libraries and tables in that folder. All members of the Sales
Department should be able to open data in the Data folder.
C o t
Data Integrators already have indirect grants of RM, WM, WMM, CM, and R, which
is sufficient. SAS Administrators already have indirect grants of RM, WM, WMM, CM,
R, and A, which is sufficient.
N In the Data folder, deny Sales WM and grant Report Content Creators R.
9-130 Chapter 9 Securing Metadata
f. Log on to SAS Data Integration Studio as a user who can register a library and tables. Register
the Sales Data library and all available tables.
1) Right-click on the Sales Data library and select Register Tables….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-131
2) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-132 Chapter 9 Securing Metadata
3) Click Ö .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-133
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-134 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
While the user, Bruno, has the permissions required to perform this action, you cannot register
duplicate tables in the same folder.
o p f o r
C o t
N
9.7 Solutions to Exercises 9-135
g. Log on to SAS Data Integration Studio as Ellen and verify that she can view the data in the
Sales Data ORDER_FACT table.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-136 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
13. Securing OLAP cubes
a. Log on to SAS OLAP Cube Studio as Ellen. Would Ellen be likely to have
SAS OLAP Cube Studio installed on her desktop? No
b. Create a cube with the following characteristics:
Name: Sales_Cube
Dimension
Name: Time
Caption: Time Dimension
Type: TIME
Sort order: Ascending Unformatted
Level: Add supplied time hierarchies
c .
In
Input column: Delivery_Date
u t e
Supplied Time Hierarchy: YQM
Measures: Total_Retail_Price (Minimum, Maximum, Sum, Average)
t i t .
CostPrice_Per_Unit (Minimum, Maximum, Sum, Average)
I n s i o n
Quantity (Minimum, Maximum, Sum, Average, Count)
S u t
Is Ellen successful? If not, where does she fail and what is the error message?
1) Select New Ö Cube… to start building the new cube.
S A tri b
2) Type Sales_Cube in the Name field.
h
3) Select
t i sfor the location. From the drop-down menu, select SAS Folders.
r i g r e d
Navigate to Orion Star Ö Sales Department. Select the Data folder and click .
p y o r
C o t f
N o
9-138 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
5) Click the New Folder icon (
s
). Type Cubes as the folder name. Press ENTER and then
i g h d i
select the Cubes folder. Click .
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-139
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
Because you secured the Data folder in Exercise 12.e, this step results in an error:
C o t
N
9-140 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-141
d. Given Ellen’s permissions and the following table, should Ellen be able to create a cube in the
Data folder?
No
Cubes: Permissions for Selected Tasks
Register a
cube
RM, WM RM RM, WM RM, WMM -
c .
RM, RMLE
Delete a
cube
RM RM
e
RM, WM RM, WMM RM, WM
In -
Rebuild a RM
Refresh a RM
s t i RM
n . RM RM RM, R RM, RMLE
cube
Set cube I
RM n t i
- o RM RM RM, WM -
permissions
S
A tri b u
data
t S
Access cube RM
s
RM RM RM RM, R -
i g
schemah
Register a
d i
RM, WM RM, WM RM, WMM - -
y r
Use the
r e RM A - - - -
o p OLAP
Server
f o r
C o t
Monitor
e. Log on to SAS Enterprise Guide as Ellen and verify that she can view the data in the
NSales Order_Cube.
1) Open SAS Enterprise Guide. Verify that you are connected as Ellen. If not, click on the
connection and modify the profile.
2) Select File Ö Open Ö OLAP Cube….
3) Select Folders and navigate to Orion Star\Sales Department\Data. Select
Sales Order_Cube and click .
e In
t u t
Save SAS Code As: S:\Workshop\spaft
s i
You might need to add the new path.
t n
1) Select File Ö New Ö Stored Process.
.
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-143
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-144 Chapter 9 Securing Metadata
3) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-145
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-146 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-147
6) Click in the Save SAS Code As pane in the Execution Options dialog box.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-148 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-149
8) Ellen is unable to select or create the correct path. Click three times.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
Is Ellen successful? No
o
If not, where does she fail and what is the error message?
N
Unable to register S:\Workshop\spaft as the source code repository.
9-150 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-151
d. Given Ellen’s permissions and the following table, should Ellen be able to register a stored
process in the Stored Processes folder?
Yes
Stored Processes: Permissions for Selected Tasks
Register a stored
process
RM, WM RM, WMM RM, WM -
c . -
Delete a stored
process
RM
e
RM, WMM RM, WM RM, WM
In -
t u t RM RM RM, WM -
permissions
Run a stored
s t
RMi n .
RM RM RM RM, RMLE,, ROLAP
process
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-152 Chapter 9 Securing Metadata
e. Will modifying the current permissions enable Ellen to successfully register a stored process?
No
f. Make the source code repository path available by using SAS Management Console. Return to
SAS Enterprise Guide as Ellen and register and test the stored process.
1) In SAS Management Console, navigate to the Orion Star\Sales Department\Stored
Processes folder for the Sales Department. Right-click on the folder and select
New Stored Process….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-153
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-154 Chapter 9 Securing Metadata
3) Select SASApp – Logical Stored Process Server from the drop-down list.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t
5) ClickS s
to add the new path.
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-155
c .
e In
t u t
7) Click Ö
s t i .
n .
this exercise.
I n t i o
8) In SAS Enterprise Guide, create the stored process using the steps that you used in part b of
S
A tri b u
9) Select S:\Workshop\spaft from the Source file path drop-down menu and click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-156 Chapter 9 Securing Metadata
10) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-157
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-158 Chapter 9 Securing Metadata
12) Verify that Run stored process when finished is not selected and then click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
15. Securing Information Maps
o
a. Log on to SAS Information Map Studio as Ellen.
N
b. Create an information map named Sales Map with all the columns from the
Sales Reporting Library ORDER_FACT table. Save the information map in Orion Star/Sales
Department/Information Maps as Ellen Map.
3) In the Selected Resources pane, expand Sales Reporting Library and move the
ORDER_FACT table to the Information Map Contents pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h
4) Select
d i
. From the menu, select SAS Folders. Navigate to Orion Star Ö
Sales Department Ö Information Maps. Type Ellen Map as the name. Click .
y r r e
o p f o r
C o t
N
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-161
d. Given Ellen’s permissions and the following table, should Ellen be able to register an information
map in the Information Map folder?
Yes
Information Maps: Permissions for Selected Tasks
c .
RM, RMLE,, ROLAP
In
map
Delete an
information map
RM
Set information
map permissions
RM
t i t RM
.
RM, WM - -
Edit or rename an
I n s RM
i o n RM RM, WM - -
information map
S
Run queries in an RM
u t RM RM, R RM RM, RMLE,, ROLAP
A tri
information map
S b
h t i s
r i g r e d
p y o r
C o t f
N o
9-162 Chapter 9 Securing Metadata
e. Return to SAS Information Map Studio as Ellen and run a test query on the sales map.
Is Ellen successful?
Yes
2) Select to send everything in the Available items list to the Selected items list.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-163
3) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
4) Click .
N
9-164 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
2) Type Ellen as the value of the User name field and Student1 as the value
for the Password field.
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-165
b. Create a new report using the report wizard. Use Sales Map as the data source and select Finish.
Can Ellen view the report? If not, what is the error message?
1) Select New Report Using Wizard.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-166 Chapter 9 Securing Metadata
3) Highlight ORDER_FACT and click to move the items to the Selected data items list.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-167
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-168 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-169
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-170 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
d. Log on to SAS Management Console as Ahmed.
e. Given Ellen’s permissions and the following table, should Ellen be able to save a report in the
Reports folder?
Yes
Reports: Permissions for Selected Tasks
c
ROLAP.
RM, RMLE,,
Delete report RM
e
RM,
WMM
RM, WM - -
In -
View or refresh RM
View a batch
s t
RM i n
RM
. RM - -
ROLAP
-
report
Edit or rename I n RM
t i o RM RM, WM - - -
report
S
A tri b u
Set report
t S
permissions
s
RM RM RM, WM - - -
i g h d i
A stored process is not a required component of a report.
y r r e
f. If necessary, modify the permissions so that Ellen can save a report in the
Orion Star/Sales Department/Reports folder. Return to SAS Web Report Studio and
o p f o r
create and save the report as Ellen. No changes need to be made.
g. Log on to the SAS Information Delivery Portal as Ellen and search for and view the sales report.
C o t
1) Open a Web browser and select Favorites Ö SAS Information Delivery Portal.
N
9-172 Chapter 9 Securing Metadata
2) Type Ellen as the value in the User ID field and Student1 as the value for the
Password field. Click Search.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-173
3) In the Keywords section, type Sales. Select SAS report in the Content Types area and
click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
4) Click on the sales report that matches the location criteria to view the report.
C o t
N
9-174 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
5) Select Log Off Ellen and close the Web browser window.
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-175
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
b. Connect to SAS Enterprise Guide as Ellen. View the Server List. Which servers can Ellen see?
C o t
Local, SASAPP, and OLAP Servers
In SAS Enterprise Guide, select from the left panel, or select View Ö Server List.
N
9-176 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-177
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-178 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-179
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-180 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-181
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-182 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-183
SASApp - Logical SAS DATA Step Batch Server – indirect grant of RM, WM, and CM
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-184 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-185
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-186 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-187
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-188 Chapter 9 Securing Metadata
b. Log on to SAS Management Console as Ahmed. View the properties of any user, group, or role.
How are the effective permissions of the SAS Administrators group different than the effective
permissions of other users/groups listed?
Other groups get indirect settings from the repository ACT, which includes an indirect
grant of RM for SASUSERS.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-189
What makes the effective permissions for the SAS Administrators group different?
SAS Administrators have user administration capabilities because the group is a member
of the Metadata Server: User Administration role.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-190 Chapter 9 Securing Metadata
In addition, the SAS Administrator Settings ACT is applied by default to some groups,
for example, SAS Administrators.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-191
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
19. Securing ACTs
s
g h d i
a. Log on to SAS Management Console as Ellen.
Which ACTs can she see?
i
y r r e
Ellen can see all ACTs.
o p f o r
C o t
N
9-192 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-193
b. Log on to SAS Management Console as Ahmed. How are the custom ACTs secured?
The SAS Administrator Settings ACT is applied to the predefined ACTs in conjunction with
explicit deny WM for PUBLIC. Modify security if necessary. No modifications are needed
except to possibly delete or secure the Test Access Control Template.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-194 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S
20. Creating and Securing Custom Folders
s
i g h d i
Hint: Before making major security changes to existing folder structures, back up the metadata.
y r e
a. Do the existing Marketing and Sales folders use project or functional subfolders?
r
Functional subfolders
o p f o r
b. Create the Hide, Protect, and LimitData ACTs.
1) Right-click Access Control Templates and select New Access Control Template.
C o t
N
9.7 Solutions to Exercises 9-195
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-196 Chapter 9 Securing Metadata
3) Click the Permission Pattern tab and select the permissions as described in Section 9.6 or
step 5 of these solutions.
4) Click . Clear the Show Users check box to only list groups.
5) Use the CTRL key to select the desired groups. Select to move them to the Selected
Identities pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-197
6) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-198 Chapter 9 Securing Metadata
7) Select the required grant and deny settings for permissions for each group.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-199
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-200 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
8) Click to create the ACT.
N
9.7 Solutions to Exercises 9-201
9) Follow the same steps to create the Protect and LimitData ACTs.
PUBLIC 8
SAS 9
Administrators
SAS System
Services
9
c .
Protect ACT RM WM
e
WMM CM A R W C In D
PUBLIC 8
t u t
SAS
Administrators
9
s t i n .
LimitData RMI n WM
t i o
WMM CM A R W C D
ACT
S
A tri b u
PUBLIC
t S s
8
g d i
c. Secure the new ACTs.
h
1) Right-click on the newly created ACT and select Properties.
i
y r r e
2) Click the Authorization tab and click .
o p f o r
C o t
N
9-202 Chapter 9 Securing Metadata
4) Select the SAS Administrator Settings ACT and select to move this to the Currently
Using pane to secure the ACT.
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-203
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-204 Chapter 9 Securing Metadata
d. Under Orion Star, create a subfolder named Finance with the following subfolders:
Data, Information Maps, Jobs, Reports, Stored Processes
1) On the Folders tab in SAS Management Console, right-click on the Orion Star folder and
select New Folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-205
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) Right-click on the new Finance folder and select New Folder. Create the following
o p f o r
subfolders: Data, Information Maps, Jobs, Reports, and Stored Processes.
C o t
N
9-206 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-207
The Report Content Creators group will create maps in the Information Maps subfolder, stored
processes in the Stored Processes subfolder, and reports in the Reports subfolder.
1) Right-click on the Reports folder in the Finance folder and select Properties.
Click .
2) Select the Report Content Creators group and click to move to the Selected Identities
pane. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-208 Chapter 9 Securing Metadata
3) Grant RM and WMM and deny WM. Click . Grant the same permissions for the
Information Maps and Stored Processes folders.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-209
2) Select the Finance group and click to move to the Selected Identities pane.
Click .
3) Grant RM and R.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-210 Chapter 9 Securing Metadata
4) To keep Sales and Marketing and any other unauthorized individuals from accessing the
Finance folder, deny SASUSERS all permissions and grant back RM and other permissions
as required for the groups that will need access: Application Developers, Data Integrators,
Report Content Creators, SAS System Services, and SAS Administrators.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
5) Click .
9.7 Solutions to Exercises 9-211
f. Verify the effective permissions on the new folders for Sales, Marketing, Finance, Data
Integrators, Report Content Creators, Jacques, Gloria, Bruno, and Robert. Test the permission
settings.
Hint: Use the Advanced button on the Authorization tab to explore the effective permissions
for a user or group not listed on the particular Authorization tab.
g. (Optional) Examine the security settings on the Marketing folder structure. Apply or modify
security if required.
No change is needed. Finance is indirectly denied access from the SASUSERS settings.
c .
21. Adjusting Conflicting Permission Settings
e In
t u t
a. Create a new metadata group named Group A. Assign Harvey as a member.
1) Right-click User Manager and select New Ö Group.
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-212 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9.7 Solutions to Exercises 9-213
3) Click the Members tab. Select Harvey and to move to the Current Members pane.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N4) Click .
3) Click the Members tab. Select Harvey and to move to the Current Members pane.
4) Click .
9-214 Chapter 9 Securing Metadata
5) Click .
c .
Group B RM.
e In
d. On the Authorization tab of the Shared Data folder, apply the Allow Group A ACT and deny
t u t
1) Right-click on the Shared Data folder and select Properties. Click the Authorization tab.
2) Click
s t i .
n .
I n
3) Expand Foundation and select Allow Group A from the Available pane. Click
i
it to the Currently Using pane.
t o
to move
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
4) Click .
9.7 Solutions to Exercises 9-215
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p 6) Click
f o
.
r
C o t
N
9-216 Chapter 9 Securing Metadata
7) Explicitly deny RM for Group B and make sure that the other permissions are indirectly
denied.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
8) Click .
9.7 Solutions to Exercises 9-217
e. What is the effective permission for Harvey to the Shared Data folder?
Harvey is denied all permissions.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
9-218 Chapter 9 Securing Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Chapter 10 Moving Metadata
c .
Exercises ............................................................................................................................ 10-38
e
10.2 Solutions to Exercises ............................................................................................... 10-39 In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-2 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-3
Objectives
Identify the types of objects that can be promoted.
Explore when to use promotion.
Use the Export SAS Package and
Import SAS Package wizards.
c .
Use the batch export tool and the batch import tool.
e In
t u t
s t i n .
I n t i o
2 S
A tri b u
S
2
h t i s
r i g r e d
p y o r
C o t f
N o
10-4 Chapter 10 Moving Metadata
Promotion
Promotion The process of copying selected
metadata and associated content within
or between planned deployments of SAS.
After preparing the source and target environments,
the promotion process involves
exporting selected objects and folders from the
c .
In
source environment into a SAS package file
importing some or all of the contents of a SAS
u t e
package file into the target environment.
t i t .
3
I n s i o n
t
3
and Windows. S
A tri b u
The promotion process is platform-independent. For example, you can promote content between UNIX
t S
Preparing the source and target environments includes ensuring that required servers are configured
s
and running. If you are promoting from one metadata server to another, you must prepare the target
i g h d i
environment by creating folders for the metadata, directories for the physical files, and setting up security.
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-5
c .
e In
t u t
s t i n .
4
4
I n t i o
S
A tri b u
Objects can be promoted from one location in the SAS Folder tree to another location in the same tree.
For example, you might want to promote a newly created or modified object from a user’s home folder
t S
to a shared location.
s
Promotion can also be used to create a backup of specific folders and objects.
g h d i
The package format is the same regardless of the host machine’s operating system or the tool (wizard
i
r e
or batch tool) used to create it.
y r
o p f o r
Promotion between Planned Deployments
C o t
N
5
5
You can promote objects between development, test, and production environments. You can also promote
content that was exported from a SAS 9.1.3 environment into a 9.2 environment.
10-6 Chapter 10 Moving Metadata
c .
In
Use a filter to select objects
based on object name, object
type, or time period during
which the object was created
or last modified.
u t e
t
Include empty folders.
i t .
6
content.
I s
Include associated physical
n i o n
t
6
S
A tri b
Promoting Selected Content
u
t S s
Only objects under the SAS Folder tree can be promoted:
i g h
Actions
Applications
d i Documents
Event subscribers
OLAP schemas
Prompts
y r r e
Burst definitions Event subscriber groups Prompt groups
o p
Channels
f o r
Conditions
Condition action sets
External files
Folders
Generated transformations
Queue managers
Reports
Report components
C o t
Content subscribers
Content subscriber
Information maps
Jobs
Report images
N groups
Cubes
Data explorations
Libraries
Message queues
Office documents
SAS Data Integration Studio and SAS OLAP Cube Studio can only import and export objects that pertain
to the application.
10.1 Promoting Selected Content 10-7
Limitations
Certain types of objects cannot be promoted:
users, groups, and roles
servers
portal pages
ACTs
e In
t u t
s t i n .
8
8
I n t i o
S
A tri
Promotion Tools b u
t S s
Among the promotion tools are
i g h d i
the Export SAS Package and Import SAS Package
wizards in SAS Management Console, SAS Data
y r r e
Integration Studio, and SAS OLAP Cube Studio
o p f o r
the batch export tool and the batch import tool.
C o t
N
9
9
The wizards are available in SAS Management Console on the Folders tab.
The batch import and export tools can only be used with a SAS 9.2 Metadata Server. The batch import
tool and export tool are called ImportPackage and ExportPackage and are located in SAS-installation-
directory\SASPlatformObjectFramework\9.2.
10-8 Chapter 10 Moving Metadata
e In
t u t
s t i n .
1
0
10
I n t i o
S
A tri b u
If the promotion of an object’s associated content is optional, information about the associated content
is displayed in the wizard’s Options tab.
t S
For details about which types of content are exported and imported with metadata, refer to the
s
SAS® 9.2 Intelligence Platform System Administration Guide.
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-9
c .
e In
t u t
s t i n .
1
1
11
I n t i o
S
A tri b u
When importing objects, you might need to establish associations to some objects such as a SAS
Application Server, library, or physical path. You can choose to restore the same metadata associations
t S
that were established in the source environment or to establish different associations.
s
Depending on the type of objects that you are importing, you might need to establish associations with
i g h d i
the following objects and entities on the target system:
y r e
• a SAS Application Server
r
• a SAS Content Server
o p
• libraries
f o r
• base path on a SAS Content Server
C • tables
o t
• external files
N
• physical locations for external files or for libraries
• physical locations for custom code that is associated with jobs, if the code is stored outside
the metadata
• OLAP schemas
• mining results
• a source code repository (for stored processes)
10-10 Chapter 10 Moving Metadata
Additional Considerations
Before promoting content, you should consider the impact
of the following:
including direct assignments of ACEs and ACTs
I n t i o
S u
Fewer object types can be promoted in SAS 9.1.3.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-11
Promoting Content
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
10-12 Chapter 10 Moving Metadata
4. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
5. Navigate to S:\workshop\spaft and type the filename Export_Demo. Click .
t S s
i g h d i
y r r e
o p f o r
C o t
N
If you specify a filename that already exists, then a warning displays when you click
. Click to overwrite the existing package, or click
to return to the package specification page and rename the package.
10.1 Promoting Selected Content 10-13
6. Select the Include dependent objects when retrieving initial collection of objects check box for
the export option. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-14 Chapter 10 Moving Metadata
7. In the Types section, select Clear All. Select only Information map (OLAP) and
Information map (relational). Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-15
8. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-16 Chapter 10 Moving Metadata
9. Under the Information Maps folder, select Orion Star Customer Orders Cube. The Dependencies
tab shows that the dependent objects have been checked to be included in the package, as well.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-17
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-18 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C
o tIf you are prompted to log on to SASApp or to SASApp - DATA Step Batch Server, type
N Marcel as the value in the User ID field and Student1 as the value for the Password
field.
If you log on to SAS Management Console as a user who has sufficient access to the
SASApp Workspace Server and the SASApp DATA Step Batch Server, you will not
be prompted for credentials.
10.1 Promoting Selected Content 10-19
12. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
13. Review the log for warnings and errors. Click to close the Export Log.
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-20 Chapter 10 Moving Metadata
14. Click .
c .
e In
t u t
s t i n .
I n t i o
S u
15. Use Windows Explorer to navigate to S:\workshop\spaft. Verify that the spk file was created.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
16. In SAS Management Console, right-click SAS Folders and select New Folder.
10.1 Promoting Selected Content 10-21
17. Name the new folder Orion Star Test and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-22 Chapter 10 Moving Metadata
18. Right-click Orion Star Test and select Import SAS Package….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-23
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-24 Chapter 10 Moving Metadata
20. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N If you try to import an object that already exists in the destination folder, the object has a red
exclamation mark on it.
10.1 Promoting Selected Content 10-25
c .
e In
t u t
22. Click .
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-26 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
24. Click in the Error dialog box.
10.1 Promoting Selected Content 10-27
25. Click twice and clear the SASApp - OLAP Schema check box.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-28 Chapter 10 Moving Metadata
26. Click three times to return to the point at which the error originally occurred. Accept the
default OLAP Schema mapping and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-29
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-30 Chapter 10 Moving Metadata
28. Verify that the summary is correct and click to begin importing.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-31
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
30. Locate the warnings in the log. The problem is that you tried to register objects that already exist in
the target environment and cannot be duplicated. Library names must be unique within an application
S
server and cube names must be unique within an OLAP schema. The objects were registered with
t
different names that begin with "Copy of". Click
s
.
i g h d i
y r r e
o p f o r
C o t
N
10-32 Chapter 10 Moving Metadata
31. Click .
c .
e In
t u t
s t i n .
I n t i o
S u
32. In SAS Management Console, expand the Orion Star Test folder.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-33
33. Expand the Marketing Department folder and select the Information Maps folder.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-34 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n
3. Type CD\ and press ENTER.
t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
4. Type cd program files\SAS\SASPlatformObjectFramework\9.2 and press ENTER.
5. Type the following code on the command line and press ENTER:
ExportPackage –host "localhost" –port "8561" –user "Marcel" –
password "Student1" –domain "DefaultAuth" –package
"S:\workshop\spaft\export_batch.spk" –objects "/Orion Star/Marketing
Department" -types "InformationMap"
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-36 Chapter 10 Moving Metadata
6. Use Windows Explorer to navigate to S:\workshop\spaft and verify that export_batch.spk was
created.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.1 Promoting Selected Content 10-37
7. Use Windows Explorer to navigate to the location of the log file created, C:\Documents and
Settings\student\Application Data\SAS\Logs. Open the most recent export log file and review
it for warnings and errors.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-38 Chapter 10 Moving Metadata
Exercises
c .
In
b. Create a new metadata folder under SAS Folders named Import_Exercise. Import export_stp.spk
into this new folder.
2. Promoting a Report
u t e
t i t
a. Create a package from the Orion Star Analysis report in the Orion Star\Marketing
.
Department\Reports folder. Do not include the underlying information map, Orion Star
Employees.
I n s i o n
b. Navigate to Orion Star\Marketing Department\Information Maps and rename the Orion Star
S u t
Employees map by adding _OLD to the end of the name.
A tri b
c. Import the package in the Import_Exercise folder. Were you successful? If not, why not?
S
d. Rename the information map by removing _OLD from the end of the name.
h t i s
3. Importing with the Batch Tool
r i g r e d
a. In SAS Management Console, create a new folder under SAS Folders called Orion Batch Test.
p y o r
b. Use the following command to generate a list of the contents of the export_batch.spk file:
ImportPackage –host "localhost" –port "8561" –user "Marcel"
C o t f
–password "Student1" –domain "DefaultAuth" –package
"S:\workshop\spaft\export_batch.spk" –target "/Orion Batch Test"
N o
-noexecute
c. Did the process produce an error? If so, modify the environment and rerun the command. When
the command is successful, review the contents of the package file. Do they match what was
exported? Review the generated log.
d. Issue the same command without the –NOEXECUTE option to import the package contents.
Review the log for warnings and errors. Use SAS Management Console to verify that the package
contents were successfully imported.
10.2 Solutions to Exercises 10-39
c .
In
2) Right-click Marketing Department and select Export SAS Package….
u t e
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o
10-40 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-41
4) In the Types pane, select Clear All. Scroll down through the types and select Stored Process.
Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-42 Chapter 10 Moving Metadata
5) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-43
6) Select each stored process and verify that there are no dependencies. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-44 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
8) Click S
A tri b
. u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-45
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-46 Chapter 10 Moving Metadata
10) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
11) Open Windows Explorer and navigate to S:\Workshop\spaft. Verify that export_stp.spk
i
y r e
exists and close Windows Explorer.
r
o p f o r
b. Create a new metadata folder under SAS Folders named Import_Exercise. Import export_stp.spk
into this new folder.
C o t
1) On the Folders tab in SAS Management Console, right-click SAS Folders and select
New Folder.
N
10.2 Solutions to Exercises 10-47
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
3) Right-click on the Import_Exercise folder and select Import SAS Package….
o p f o r
C o t
N
10-48 Chapter 10 Moving Metadata
4) Verify that the location of the input SAS package file is S:\Workshop\spaft\export_stp.spk.
Accept the defaults and click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-49
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C t
6) If you receive an import warning, click
o
.
N
10-50 Chapter 10 Moving Metadata
7) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-51
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-52 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-53
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-54 Chapter 10 Moving Metadata
11) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-55
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-56 Chapter 10 Moving Metadata
13) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
14) On the Folders tab, expand Import_Exercise Ö Marketing Department Ö Stored
C o t Processes. Select Stored Processes to see the two registered stored processes.
N
10.2 Solutions to Exercises 10-57
2. Promoting a Report
a. Create a package from the Orion Star Analysis report in the Orion Star\Marketing
Department\Reports folder. Do not include the underlying information map,
Orion Star Employees.
1) On the Folders tab in SAS Management Console, expand Orion Star Ö
Marketing Department Ö Reports.
2) Right-click Reports and select Export SAS Package….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-58 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-59
4) Verify that only the Orion Star Analysis report is listed. Select the report and verify that the
information map is not included. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-60 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
6) Click
r e .
o p f o r
C o t
N
10.2 Solutions to Exercises 10-61
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-62 Chapter 10 Moving Metadata
8) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
g h d i
b. Navigate to Orion Star\Marketing Department\Information Maps and rename the
i
y r e
Orion Star Employees map by adding _OLD to the end of the name.
r
o p f o r
1) Navigate to Orion Star Ö Marketing Department Ö Information Maps. Right-click
Orion Star Employees and select Properties.
C o t
N
10.2 Solutions to Exercises 10-63
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-64 Chapter 10 Moving Metadata
c. Import the package in the Import_Exercise folder. Were you successful? If not, why not?
1) Right-click on the Import_Exercise folder and select Import SAS Package….
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-65
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-66 Chapter 10 Moving Metadata
3) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-67
4) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-68 Chapter 10 Moving Metadata
5) The information map that the report was originally associated with no longer exists (because it
was renamed). Select to select Orion Star Employees_OLD as the target map.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-69
6) On the Folders tab, expand Orion Star Ö Marketing Department Ö Information Maps.
Select Orion Star Employees_OLD. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-70 Chapter 10 Moving Metadata
7) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-71
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-72 Chapter 10 Moving Metadata
9) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10.2 Solutions to Exercises 10-73
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-74 Chapter 10 Moving Metadata
11) Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
12) On the Folders tab, expand Import_Exercise. Select Reports to see the registered report.
The import process was successful but because there no longer was an information map
by the name specified in the report. You had to map the report to another information
map.
10.2 Solutions to Exercises 10-75
d. Rename the information map by removing _OLD from the end of the name.
1) Navigate to Orion Star Ö Marketing Department Ö Information Maps. Right-click
Orion Star Employees_OLD and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-76 Chapter 10 Moving Metadata
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
The new report imported into the Import_Exercise folder no longer works because
it is pointing to a nonexistent information map. The original copy of the report in
Orion Star Ö Marketing Department Ö Report does function.
10.2 Solutions to Exercises 10-77
c .
e In
t u t
s t i n .
I n t i o
2) Type the name Orion Batch Test and click .
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-78 Chapter 10 Moving Metadata
b. Use the following command to generate a list of the contents of the export_batch.spk file:
ImportPackage –host "localhost" –port "8561" –user "Marcel"
–password "Student1" –domain "DefaultAuth" –package
"S:\workshop\spaft\export_batch.spk" –target "/Orion Batch Test"
-noexecute
1) Select Start Ö Run.
2) Type cmd and select OK.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
3) Type CD\ and press ENTER.
t S s
i g h d i
y r r e
o p f o r
C o t
N 4) Type cd program files\SAS\SASPlatformObjectFramework\9.2 and press
ENTER.
10.2 Solutions to Exercises 10-79
5) Type the following code on the command line and press ENTER:
ImportPackage –host "localhost" –port "8561" –user "Marcel"
–password "Student1" –domain "DefaultAuth" –package
"S:\workshop\spaft\export_batch.spk" –target "/Orion Batch Test"
-noexecute
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-80 Chapter 10 Moving Metadata
c. Did the process produce an error? If so, modify the environment and rerun the command. When
the command is successful, review the contents of the package file. Do they match what was
exported? Review the log generated.
The process included several warnings indicating that Marcel does not have permission to
import objects into the Orion Batch Test folder.
1) On the Folders tab in SAS Management Console, right-click on the Orion Batch Test folder
and select Properties.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N 2) Click the Authorization tab.
10.2 Solutions to Exercises 10-81
3) Marcel is a member of the Data Integrators group. With Data Integrators highlighted, grant
WriteMemberMetadata. Click .
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
You can grant the WriteMemberMetadata permission to Marcel specifically
as an alternative.
10-82 Chapter 10 Moving Metadata
4) Return to the command window and retype the command line. The command produced
no errors or warnings. The contents of the package file match what was exported.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r
r e
o p f o r You can view the log stored in C:\Documents and Settings\student\Application
Data\SAS\Logs. The location and filename are listed in the Command window.
C o t
N
10.2 Solutions to Exercises 10-83
d. Issue the same command without the –NOEXECUTE option to import the package contents.
Review the log for warnings and errors. Use SAS Management Console to verify that the package
contents were successfully imported.
1) In the Command window, type the command without the –NOEXECUTE option. No errors
are produced. Close the Command window.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
10-84 Chapter 10 Moving Metadata
2) On the Folders tab in SAS Management Console, expand Orion Batch Test Ö
Marketing Department Ö Information Maps. The folder includes three information maps.
The package was successfully imported.
c .
e In
t u t
Refresh.
s i
If the Orion Batch Test folder appears empty, right-click on the folder and select
t n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
®
Chapter 11 Updating the SAS
Environment
c
11.1 Applying Hot Fixes to Your SAS Environment .......................................................... 11-3
.
In
Demonstration: Exploring the SAS Technical Support Web Site ......................................... 11-7
e
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11-2 Chapter 11 Updating the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11.1 Applying Hot Fixes to Your SAS Environment 11-3
Objectives
Identify which hot fixes to apply.
Receive notifications about new hot fixes.
Identify considerations when applying hot fixes.
c .
e In
t u t
s t i n .
I n t i o
2 S
A tri b u
S
2
h t i s
r i g r e d
What Is a Hot Fix?
Hot fixes can serve several purposes, such as the
p y o r
following:
providing a quick fix for an immediate problem
C o f
providing an essential fix for a recurring problem
t
N o Hot fixes are tested and fully supported, and most hot
fixes are incorporated into the next scheduled release.
ftp.sas.com/techsup/download/hotfix/hotfix.html
3
3
c .
e In
t u t
s t i n .
4
4
I n t i o
S
A tri b
Install Only What Is Needed
u
t S s
Some sites choose only to fix problems when they occur.
i g h d i
Install just the fixes that are needed to keep existing
jobs running successfully.
y r r e
Minimize number of changes, regression testing, and
o p o r
time spent installing hot fixes.
Do not install hot fixes for problems that do not affect
f
users at the site, except for hot fixes labeled as “Alert”
N
5
5
Installing hot fixes that address problems labeled as “Alert” for any product that is installed at the site can
prevent some serious problems before they are encountered.
11.1 Applying Hot Fixes to Your SAS Environment 11-5
c .
e In
t u t
s t i n .
6
6
I n t i o
S
A tri
Hot Fix Notifications b u
t S s
When hot fixes become available, announcements are
i g h d i
posted to a listserv named tsnews-l.
You can subscribe to this listserv from the following URL:
y r r e
support.sas.com/techsup/news/tsnews.html
o p f o r
C o t
N
7
7
11-6 Chapter 11 Updating the SAS® Environment
c .
In
If possible, test hot fixes outside of your production
environment.
u t e
t i t .
8
I n s i o n
t
8
S u
If SAS is still running on a machine, a hot fix might not be fully installed.
A tri b
t S s
i g h d i
y r r e
o p f o r
C o t
N
11.1 Applying Hot Fixes to Your SAS Environment 11-7
i g
y r r e
o p f o r
C o t
N
11-8 Chapter 11 Updating the SAS® Environment
5. The Hot Fix Quick Links on the left side include links to hot fixes by release and by product,
as well as a link to the Hot Fix FAQ. Select SAS 9.2.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11.1 Applying Hot Fixes to Your SAS Environment 11-9
6. The SAS 9.2 Phase 1 release includes SAS Foundation. The SAS 9.2 Phase 2 release includes the
platform for SAS Business Analytics. Select SAS 9.2 (TS2M0) Hot Fix Downloads.
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
11-10 Chapter 11 Updating the SAS® Environment
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
8. The table at the top of the page shows you which products include hot fixes. You can select a specific
N
product or scroll through the list. Close Internet Explorer.
Chapter 12 Learning More
c .
12.2 Beyond This Course ..................................................................................................... 12-6
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12-2 Chapter 12 Learning More
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
12.1 SAS Resources 12-3
Objectives
Identify areas of support that SAS offers.
List additional resources.
c .
e In
t u t
s t i n .
I n t i o
3 S
A tri b u
S
3
h t i s
r
Education
i g r e d
Comprehensive training to deliver greater value
p y o r
to your organization.
more than 200 course offerings
C o t f
world-class instructors
N o and self-paced
training centers around the world
4
4 support.sas.com/training
12-4 Chapter 12 Learning More
SAS Publishing
SAS offers a complete selection of publications to help
customers use SAS software to its fullest potential.
Multiple delivery methods: e-books,
CD-ROM, and hard-copy books.
Wide spectrum of topics.
I n
support.sas.com/publishing
t i o
S
A tri b u
SAS Global Certification Program
t S s
SAS offers several globally recognized certifications.
i g h d i
Computer-based
certification exams –
y r r e
typically 60-70 questions
o p o r
and 2-3 hours in length,
Preparation materials and
f
practice exams available.
C o t
Worldwide directory of
SAS Certified Professionals.
N
6
6 support.sas.com/certify
12.1 SAS Resources 12-5
Support
SAS provides a variety of self-help and assisted-help
resources.
SAS Knowledge Base
license assistance
c .
In
SAS Technical Support
u t e
t i t .
7
I n s
support.sas.com/techsup
i o n
t
7
S
A tri
User Groups b u
t S s
SAS supports many local, regional, international,
i g h d i
and special-interest SAS user groups.
SAS Global Forum
y r r e
online SAS community:
o p f o r
www.sasCommunity.org
C o t
N
8
8 support.sas.com/usergroups
12-6 Chapter 12 Learning More
Objectives
Introduce the different types of SAS training.
Identify where to find the current classroom training
for the SAS platform.
Identify where to find the current e-learning for the
c .
In
SAS platform.
u t e
Identify the next set of courses that follow this course.
t i t .
I n s i o n
S u t
1
1
11
S A tri b
h t i s
r i g r e d
Several “Flavors” of SAS Training
Choose from a variety of training formats designed
p y r
to satisfy your learning style.
o
o Classroom Courses taught by certified SAS instructors
C t f
training or business experts in real time.
Public courses – Attend courses at training
12
1
2
12.2 Beyond This Course 12-7
c .
e In
t u t
s t i n .
1
3
13
I n i
support.sas.com/platformtraining
t o
S
A tri b
SAS Platform: e-Learning
u
t S s
The SAS Self-Paced e-Learning page on the Web is the
i g h d i
best place to find the current offerings in that format.
y r r e
o p f o r
C o t
N
1
4
14 support.sas.com/selfpaced
12-8 Chapter 12 Learning More
SAS Platform
Administration: Fast Track
Business BI Applications
c .
In
User Developer
Data Integration
Developer
u t e Platform
Administrator
SAS Programming
t i t . SAS Analytics
15
I n s i o n
t
1
5
S
A tri b u
Next Steps – Possible Courses
t S s
To learn more about this: Enroll in the following:
i g h SAS Data
d i
Integration Studio
SAS Data Integration Studio:
Administration
y r r e
SAS Enterprise SAS Enterprise Guide:
o p f o r
Guide
SAS Enterprise
Administration
C o t Miner
SAS OLAP
Administration
N Environment
SAS Scalable
Performance Data
Server
Administration
1
6
16 continued...
12.2 Beyond This Course 12-9
Middle Tier
SAS Platform Administration:
c .
In
SAS Middle Tier Applications
e
SAS Platform Administration 4:
Optimization
t u t Optimization
s t i n .
1
7
17
I n t i o
S
A tri b u
SAS Intelligence Platform Documentation
t S s
The SAS 9.2 platform administration documentation can be
i g h d i
found on this Web site:
support.sas.com/documentation/onlinedoc/intellplatform/index.html
o p f o r platform administration
documentation
C o t link to product-specific
documentation
grouped by software
N offering
18
1
8
12-10 Chapter 12 Learning More
consolidated reference
to what is new in all
SAS 9.2 products
c .
In
provides an overview
of the SAS platform
u t e
t i t .
19
I n s i o n
t
1
9
S
A tri b u
SAS Intelligence Platform Documentation
t S s
i g h d i
y r r e
o p f o r
C o t
N
20
2
0
12.2 Beyond This Course 12-11
c .
e In
t u t
s t i n .
2
1
21
I n t i o
S
A tri b u
SAS Intelligence Platform Documentation
t S s
i g h d i
y r r e
o p f o r
C o t
N
22
2
2
12-12 Chapter 12 Learning More
c .
e In
t u t
s t i n .
2
3
23
I n t i o
S
A tri
SAS Papers b u
t S s
There are different types of technical papers that can
i g h d i
provide the following:
information for different industries and solutions
y r r e
technical details to achieve specific goals and harness
o p f o r
robust features of the software
C o t
N
24
2
4
12.2 Beyond This Course 12-13
SAS Papers
Different types of papers can be found on the following
sites:
SAS Technical Papers
support.sas.com/resources/papers/
SAS Presents
.
support.sas.com/rnd/papers/index.html
White Papers
www.sas.com/whitepapers/index.html
In c
Conference Proceedings
u t e
support.sas.com/events/sasglobalforum/previous/online.html
t i t .
25
I n s i o n
t
2
5
S
A tri
SAS Global Forum conference.
b u
The conference proceedings include the SAS Presents papers as well as user papers from the
t S
An example of a SAS Presents paper referenced in this course is
s
Using SAS® 9.2 Metadata Security Reporting and Auditing Features, which can be found at
i g h d i
support.sas.com/resources/papers/proceedings09/321-2009.pdf.
y r
following:
r e
Additional links to documentation and papers which cover topics relevant to this course include the
o p f o r
• SAS® 9.2 Management Console Guide to Users and Permissions
support.sas.com/documentation/cdl/en/mcsecug/61708/PDF/default/mcsecug.pdf
C t
• How to Configure SAS Token Authentication
o
support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/a003276218.htm
N
• Removing a SAS Configuration
support.sas.com/documentation/cdl/en/biig/60946/HTML/default/remove.htm
• How to Configure Integrated Windows Authentication
support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/a003276221.htm
• Using the Batch Export and Import Tools
support.sas.com/documentation/cdl/en/bisag/60945/HTML/default/a003261084.htm
• V9 OLAP: An Architectural Overview
www2.sas.com/proceedings/sugi27/p176-27.pdf
12-14 Chapter 12 Learning More
c .
e In
t u t
s t i n .
I n t i o
S
A tri b u
t S s
i g h d i
y r r e
o p f o r
C o t
N
Appendix A Index
business user, 1-16
A
C
accessing data, 8-4–8-5
ACT, 9-6
advantages, 9-7
client applications, 6-3, 6-50
client tier, 1-4, 1-14–1-18
c .
In
applying to an object, 9-7 Clients tab, 4-31
creating additional, 9-58–9-59, 9-65 client-side pooling, 4-9, 4-21
ACT, predefined, 9-30–9-33
Default ACT, 9-31
t i t .
storing user credentials in, 6-15
Windows applications, 6-14
I
administrative users, 7-22
n s
SAS Administrator Settings ACT, 9-32
i o n
Connections tab, 4-30
connectivity
establishing, 2-8
adminUsers.txt file, 3-43, 3-46, 7-29
backing up, 5-11
S u t credentials cache
clearing, 4-21
location, 3-43
S A tri
ALLOWXCMD option, 5-8 b custom repository, 3-21, 6-43
h t
appenders, 4-46, 4-50–4-52
assigning libraries, 8-7
i s
D
data access
g
host-based, 7-8
r r e d
authentication, 7-4–7-7
i
identification phase, 7-14
troubleshooting, 8-38–8-47
data integration developer, 1-16
p y o r
Integrated Windows authentication
(IWA), 7-10–7-11, 12-13
data sources, 8-3
establishing connectivity to, 2-8
C o t f
internal, 7-26
LDAP and active directory, 7-9
DATA Step Batch Server, 4-14, 4-16, 5-43–
5-44, 8-35
data tier, 1-20
N o
logging, 4-46
SAS token authentication, 7-34–7-38, 12-
13
Web authentication, 7-12–7-13
dfPower Studio from DataFlux, 1-18
F
authentication domains, 3-51, 7-41–7-43 FMTSEARCH option, 8-45
authentication mechanisms, 7-7 folder trees
Authorization tab, 9-4, 9-6, 9-21, 9-33, 9-54 information maps, 9-43
stored processes, 9-42
B tables, 9-40
folders
backing up metadata
exploring, 6-41–6-50
scheduling, 5-43–5-44
inheritance, 9-8
backing up SAS environment, 2-6
libraries, 9-39
backing up metadata, 5-49–5-51
OLAP cubes, 9-41
backing up physical files, 5-49–5-53
reports, 9-44
Backup Wizard, 5-8–5-11
root folder, 9-37
batch servers, 4-14, 4-16, 5-43–5-44
SAS folders, 6-41–6-50
BI applications developer, 1-15
securing content in folder tree, 9-22–9-33
business analyst, 1-15
A-2 Index
t i t .
security plan, 9-13
metadata server, 1-20
I
I n
identity hierarchy, 7-15, 9-5s i o n configuration files, 3-43–3-44
journaling, 3-45
indirect settings, 9-5, 9-8
S
inheritance paths, 9-8
u t roles, 7-28
states, 3-18–3-19
S
7-10–7-11, 12-13A tri b
Integrated Windows authentication (IWA), METALIB procedure, 8-26, 8-28–8-30
middle tier, 1-19
monitoring servers, 2-5, 4-20, 4-29–4-35
h t
internal accounts, 7-24, 7-26
i s
internal authentication, 7-25, 7-27
O
L
p y
LIBNAME statement, 8-4, 8-41
testing, 8-42
libraries
o r OLAPOPERATE procedure, 4-35
OMABAKUP macro, 5-5–5-8
C o t f
pre-assigning, 8-32–8-36, 8-47
library assignment, 8-7, 8-32
syntax, 5-33
Online Analytical Processing. See OLAP
o
library metadata, 8-41
N
Log tab, 4-33, 4-48–4-49
LOGCONFIGLOC= system option, 4-46
Options tab, 4-33
outbound login, 7-39–7-42
P
loggers, 4-46–4-47
Loggers tab, 4-33 passwords
logging, 4-45 storing in the metadata, 7-43
enabling server logging, 4-46 updating for service accounts, 4-60–4-62
logging configuration files, 4-54 Permission Pattern tab, 9-33
logging levels, 4-50 permissions, 9-5, 9-21–9-24
modifying server logging, 4-53–4-55 platform administrator, 1-7
login tasks, 2-3
inbound, 7-14 platform for SAS Business Analytics
outbound, 7-39–7-42 overview, 1-3–1-12
pre-assigning libraries, 8-33–8-36
M advantages, 8-33
metadata disadvantages, 8-34
analysis and repair tools, 3-51 in an autoexec file, 8-35
troubleshooting, 3-51–3-52 in the metadata, 8-34–8-35
Index A-3
e benefits, 7-37 In
SAS token authentication, 7-35, 12-13
t u t limitations, 7-37
SAS training, 12-6–12-13
R
REORG option, 5-7, 5-33–5-35
s t i SAS Visual BI, 1-18
.
SAS Web Report Studio, 1-18
n
SAS Workspace Server, 4-4–4-7
I n
repositories, 2-10, 3-21–3-23
repository ACT, 9-9
t i osas.servers script, 3-6–3-8
SAS/CONNECT Server, 4-15
S
repository manager, 3-21
A tri b
restoring your environment, 5-36 u SAS/CONNECT Spawner, 3-4
SAS/SHARE Server, 3-4
SASTRACE option, 8-42
roles, 6-22–6-38
t S
creating, 6-25–6-26
s
security plan, 9-13
server assignment, 8-46
g h
features, 6-23
managing, 6-24
o
S
p f o r
SAS 9.2 logging facility, 4-45
SAS Add-In for Microsoft Office, 1-17
servers, 2-4
additional functions, 4-22
C o t
SAS AppDev Studio, 1-17
SAS application server, 4-16
as Windows services, 3-5
managing, 4-20
monitoring, 2-5, 4-20, 4-29–4-35
N
SAS BI Dashboard, 1-17
SAS configuration
securing, 1-8–1-12
Servers tab, 4-29
Sessions tab, 4-32
Spawned Server Activity tab, 4-34
SAS Content Server, 3-4, 5-49–5-51, 6-42 spawners, 4-12–4-13
SAS Data Integration Studio, 1-17, 8-27 standard workspace server, 4-6
SAS Deployment Manager, 4-63–4-78
SAS Enterprise Guide, 1-17, 8-28 T
SAS folders, 2-9, 6-41–6-50, 9-38
table metadata
SAS Information Delivery Portal, 1-17
accessing, 8-6
SAS Information Map Studio, 1-17
registering in metadata, 8-6
SAS Information Maps, 4-7–4-8
securing, 9-39–9-40
SAS Management Console, 1-18
updating, 8-24–8-30
monitoring activity of servers, 2-5
tables
SAS Metadata Server, 1-20
duplicate table registrations, 8-45
SAS Object Spawner, 4-12–4-13
troubleshooting
SAS OLAP Cube Studio, 1-18
SAS servers, 4-62
SAS OLAP Server, 4-14
A-4 Index
u t e
XCMD option, 5-31, 5-44
users
t i t .
I n s i o n
S u t
S A tri b
h t i s
r i g r e d
p y o r
C o t f
N o