User manual SAS SAS INTELLIGENCE PLATFORM OVERVIEW EDITION 2

[. . . ] SAS Publishing SAS Intelligence Platform ® Overview Second Edition The correct bibliographic citation for this manual is as follows: SAS Institute Inc. SAS® Intelligence Platform: Overview, Second Edition Copyright © 2002-2006, SAS Institute Inc. , Cary, NC, USA ISBN-13: 978-1-59047-916-2 ISBN-10: 1-59047-916-5 All rights reserved. For a hard-copy book: No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written permission of the publisher, SAS Institute Inc. For a Web download or e-book: Your use of this publication shall be governed by the terms established by the vendor at the time you acquire this publication. [. . . ] Cubes are queried by using the multidimensional expression (MDX) language. 22 SAS Metadata Server 4 Chapter 4 3 SAS/CONNECT servers, which provide computing resources on remote machines where SAS Integration Technologies is not installed. 3 batch servers, which give you the ability to execute code in batch mode. There are three types of batch servers: DATA step batch servers, Java batch servers, and generic batch servers. The DATA step server enables you to run SAS DATA steps and procedures in batch mode. The Java server enables you to schedule the execution of Java code, such as the code that creates a SAS Marketing Automation marketing campaign. Note: In the SAS Intelligence Platform, the term server refers to a program or programs that wait for and fulfill requests from client programs for data or services. The term server does not necessarily refer to a specific computer, since a single computer can host one or more servers of various types. 4 Note: For accessing specialized data sources, the SAS Intelligence Platform can also include one or more data servers. These might include the SAS Scalable Performance Data (SPD) Server and third-party database management system (DBMS) products. For information about data servers, see Chapter 3, "Data in the SAS Intelligence Platform, " on page 15. 4 The following sections describe: 3 the central role of the SAS Metadata Server in the management of the SAS Intelligence Platform 3 the organizational principles that are used to manage SAS server resources, including server objects, logical servers, and application servers 3 the use of load balancing (for stored process servers and workspace servers) and workspace pooling (for workspace servers) SAS Metadata Server The SAS Metadata Server is a multi-user server that enables users to read metadata from and write metadata to one or more SAS Metadata Repositories. This server is a centralized resource for storing, managing, and delivering metadata for all SAS applications across the enterprise. About the Metadata in the SAS Metadata Repository Here are examples of the types of metadata objects that can be stored in the SAS Metadata Repository: 3 3 3 3 3 3 3 users groups of users data libraries tables jobs cubes documents Servers in the SAS Intelligence Platform 4 How the Metadata Server Controls System Access 23 3 information maps 3 reports 3 stored processes 3 SAS Workspace Servers 3 SAS Stored Process Servers 3 SAS OLAP Servers A metadata object is a set of attributes that describe a resource. Here are some examples: 3 When a user creates a report in SAS Web Report Studio, a metadata object is created to describe the new report. 3 When a user creates a data warehouse in SAS Data Integration Studio, a metadata object is created to describe each table included in the warehouse. 3 When a system administrator defines a new instance of a SAS server, a metadata object is created to describe the server. The specific attributes that a metadata object includes vary depending on the resource that is being described. For example, a table object can includes attributes for the table's name and description, path specification, host type, and associated SAS Application Server. The SAS Metadata Server uses the SAS Open Metadata Architecture and the Common Warehouse Metamodel (CWM), which provide common metadata services to SAS and other applications. Third parties can access metadata in the SAS Metadata Server using an application programming interface (API) that is supplied by SAS. SAS supports CWM as a standard for metadata interchange. How the Metadata Server Controls System Access The SAS Metadata Server plays an important role in the security of the SAS Intelligence Platform. It controls system access in the following ways: 3 The server contains a metadata object called a metadata identity for every user of the SAS Intelligence Platform. The object includes each user's login information, including a user ID and an encrypted password. When a user logs on to a SAS application, the application verifies the user's identity by checking it against the metadata identity. The metadata identity also includes information about the groups that each user is part of. 3 Every metadata object includes authorization information that controls which users have which permissions for accessing the metadata object (for example, reading and writing the metadata that describes a server). In some cases, the authorization information also controls which users have which permissions for accessing the resource itself (for example, accessing a specific server). 3 Trusted peer session connections enable a SAS process (such as a SAS Workspace Server or SAS Stored Process Server) to connect to the SAS Metadata Server without explicitly providing credentials. [. . . ] Batch processes cannot be used to manage passwords. 3 Users can use the SAS Personal Login Manager desktop application to manage their own account information. Authorization in the SAS Intelligence Platform Introduction to Authorization Authorization is the process of determining which users have which permissions for which resources. For a comprehensive discussion of this subject, see the SAS Intelligence Platform: Security Administration Guide. Metadata-Based Authorization The SAS Intelligence Platform includes an authorization mechanism that consists of access controls that you define and store in a metadata repository. These metadata-based controls enable you to manage access to metadata and, in some cases, to the computing resources that the metadata represents. The available metadata-based permissions are summarized in the following table. Table 7. 1 Metadata-Based Permissions Permissions ReadMetadata, WriteMetadata, CheckInMetadata Read, Write, Create, or Delete Use Use to control user interactions with a metadata object. [. . . ]