Detailed instructions for use are in the User's Guide.
[. . . ] SAS Publishing
SAS Intelligence Platform
®
Overview Second Edition
The correct bibliographic citation for this manual is as follows: SAS Institute Inc. SAS® Intelligence Platform: Overview, Second Edition Copyright © 2002-2006, SAS Institute Inc. , Cary, NC, USA ISBN-13: 978-1-59047-916-2 ISBN-10: 1-59047-916-5 All rights reserved. For a hard-copy book: No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written permission of the publisher, SAS Institute Inc. For a Web download or e-book: Your use of this publication shall be governed by the terms established by the vendor at the time you acquire this publication. [. . . ] Cubes are queried by using the multidimensional expression (MDX) language.
22
SAS Metadata Server
4
Chapter 4
3 SAS/CONNECT servers, which provide computing resources on remote machines
where SAS Integration Technologies is not installed.
3 batch servers, which give you the ability to execute code in batch mode. There are
three types of batch servers: DATA step batch servers, Java batch servers, and generic batch servers. The DATA step server enables you to run SAS DATA steps and procedures in batch mode. The Java server enables you to schedule the execution of Java code, such as the code that creates a SAS Marketing Automation marketing campaign. Note: In the SAS Intelligence Platform, the term server refers to a program or programs that wait for and fulfill requests from client programs for data or services. The term server does not necessarily refer to a specific computer, since a single computer can host one or more servers of various types. 4 Note: For accessing specialized data sources, the SAS Intelligence Platform can also include one or more data servers. These might include the SAS Scalable Performance Data (SPD) Server and third-party database management system (DBMS) products. For information about data servers, see Chapter 3, "Data in the SAS Intelligence Platform, " on page 15. 4 The following sections describe:
3 the central role of the SAS Metadata Server in the management of the SAS
Intelligence Platform
3 the organizational principles that are used to manage SAS server resources,
including server objects, logical servers, and application servers
3 the use of load balancing (for stored process servers and workspace servers) and
workspace pooling (for workspace servers)
SAS Metadata Server
The SAS Metadata Server is a multi-user server that enables users to read metadata from and write metadata to one or more SAS Metadata Repositories. This server is a centralized resource for storing, managing, and delivering metadata for all SAS applications across the enterprise.
About the Metadata in the SAS Metadata Repository
Here are examples of the types of metadata objects that can be stored in the SAS Metadata Repository:
3 3 3 3 3 3 3
users groups of users data libraries tables jobs cubes documents
Servers in the SAS Intelligence Platform
4
How the Metadata Server Controls System Access
23
3 information maps 3 reports 3 stored processes 3 SAS Workspace Servers 3 SAS Stored Process Servers 3 SAS OLAP Servers
A metadata object is a set of attributes that describe a resource. Here are some examples:
3 When a user creates a report in SAS Web Report Studio, a metadata object is
created to describe the new report.
3 When a user creates a data warehouse in SAS Data Integration Studio, a
metadata object is created to describe each table included in the warehouse.
3 When a system administrator defines a new instance of a SAS server, a metadata
object is created to describe the server. The specific attributes that a metadata object includes vary depending on the resource that is being described. For example, a table object can includes attributes for the table's name and description, path specification, host type, and associated SAS Application Server. The SAS Metadata Server uses the SAS Open Metadata Architecture and the Common Warehouse Metamodel (CWM), which provide common metadata services to SAS and other applications. Third parties can access metadata in the SAS Metadata Server using an application programming interface (API) that is supplied by SAS. SAS supports CWM as a standard for metadata interchange.
How the Metadata Server Controls System Access
The SAS Metadata Server plays an important role in the security of the SAS Intelligence Platform. It controls system access in the following ways:
3 The server contains a metadata object called a metadata identity for every user of
the SAS Intelligence Platform. The object includes each user's login information, including a user ID and an encrypted password. When a user logs on to a SAS application, the application verifies the user's identity by checking it against the metadata identity. The metadata identity also includes information about the groups that each user is part of.
3 Every metadata object includes authorization information that controls which
users have which permissions for accessing the metadata object (for example, reading and writing the metadata that describes a server). In some cases, the authorization information also controls which users have which permissions for accessing the resource itself (for example, accessing a specific server).
3 Trusted peer session connections enable a SAS process (such as a SAS Workspace
Server or SAS Stored Process Server) to connect to the SAS Metadata Server without explicitly providing credentials. [. . . ] Batch processes cannot be used to manage passwords.
3 Users can use the SAS Personal Login Manager desktop application to manage
their own account information.
Authorization in the SAS Intelligence Platform
Introduction to Authorization
Authorization is the process of determining which users have which permissions for which resources. For a comprehensive discussion of this subject, see the SAS Intelligence Platform: Security Administration Guide.
Metadata-Based Authorization
The SAS Intelligence Platform includes an authorization mechanism that consists of access controls that you define and store in a metadata repository. These metadata-based controls enable you to manage access to metadata and, in some cases, to the computing resources that the metadata represents. The available metadata-based permissions are summarized in the following table.
Table 7. 1 Metadata-Based Permissions
Permissions ReadMetadata, WriteMetadata, CheckInMetadata Read, Write, Create, or Delete Use Use to control user interactions with a metadata object. [. . . ]