Chapter Contents

Previous

Next

Controlling the Application Run-Time Environment

Customizing the Run-Time Environment

In addition to controlling the data, applications, and application features that users can access, you can use access control to customize the run-time environment for applications at your site. You can perform some or all of the following tasks depending on your site and your users' requirements.

Controlling the Type of Messages That Are Presented to the User

When users display reports that were defined by using columns that have been removed with access control, warning or error messages might be produced, indicating that columns are being removed from the report.

By default, a generic error message is displayed in a dialog box when a report cannot be displayed because columns that are essential for the report to display have been removed. Also, any messages about dropped columns are written to the log.

You can control the level of messages to display for individual users by completing the steps below.

1. Open the Build-/Run-time Options window by selecting Setup from the EIS Main Menu and Build-/Run-time Options from the Setup window's Multidimensional Applications group.

2. In the Build-/Run-time Options window, set the message level for dialog messages and log messages. The message level values will be stored in the current user's profile.

Logging In without Displaying a Login Dialog Window

Users already could have identified themselves to their computer systems as they logged in to networks or security software installed at your site. To avoid displaying another login screen as users start their SAS/EIS applications, specify the USER= and PASSWD= options on the EIS and RUNEIS commands. When these options are set to a valid value, a login window does not display.

Make sure that the Allow Automatic Login check box in the Access Control Setup window is checked. (It is active by default.)

If you start your SAS/EIS application in an AUTOEXEC.SAS file or by using the -INITCMD invocation option, you can pick up the current user's ID and password from the external access control system, assign it to an environment variable or SAS macro variable, and set your USER= option to that value.

Building Customized Login Windows

The Access Control facility provides two default login windows. Use the arrow beside the Access Control Setup window's Login Window field to select either

• [Default Login Dialog](the default)

• [Login Dialog with Change Password].

You can also specify the four-level name of any SAS/AF FRAME or SCL entry, or a SAS/EIS Application Screen Builder application as the login window.

To build your own Login window using the SAS/EIS Application Screen Builder object, follow these steps:

1. Use the Build EIS facility to create an Application Screen Builder object. In your Application Screens Builder frame, add the class SASHELP.EIS.LOGIN.CLASS to your Components list. (To add a class to your Components list, click the right mouse button in the Components window and select Add Classes.)

2. Drag the recently created Login Composite class onto your application frame. Now add any additional elements to your frame.

3. To use the new Login window, specify the four-level name of the Application Screen Builder applications (for example, mylib.myappdb.login.applscr) in the Login Program field of the Access Control Setup window, and then save the new setting.

To build your own Login window using a SAS/AF FRAME or SCL entry, follow these steps:

1. In your FRAME or SCL entry, use the object ID of the SAS/EIS access control subsystem, which is stored in the local environment as a numeric item named SECURITY_OBJECT.

2. To check for a valid User ID/password pair, use the security object's _login method (see the online Help for SASHELP.MB.ACLSERV.CLASS for details on the _login method's syntax). On valid login attempts, close your AF application and return a positive numeric value as your application's ENTRY parameter; return 0 when you close with unsuccessful login attempts.

3. To use the new Login window, specify the four-level name of the entry (for example, mylib.mycat.login.frame) in the Login Program field in the Access Control Setup window, and save the new setting.

Enabling Access Auditing

You can log the time and duration of a user's access application and data.

Before you begin

• Activate access control.

Then, follow these steps:

1. Open the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the SAS/EIS Setup window's Multidimensional Applications group.

2. Select [Auditing] to open the Access Audit Setup window.

3. Specify a location for your log file. To select an Audit File Path and Host, follow the same rules given to set up your ACL Root Path and Host in Initializing the Environment.

4. Choose the events that you want to log, and activate Enable Access Auditing.

5. Select [OK] to check the path, create the LOG file, and save the settings

   The access audit setup information is physically stored in the SASHELP.AC catalog. For all applications that use SAS/EIS access auditing, make sure that this catalog, or a copy of it, is being used.

6. To enable the new settings, close your SAS/EIS session and all active SAS/EIS applications; then restart your SAS/EIS session.

Assigning Multiple Groups to a User

You can assign multiple groups to a user. Users with multiple groups have the combined access rights of all groups to which they belong. Data, applications, or functions are removed for them only if they are dropped or hidden or not kept for all the groups to which the user belongs. To assign multiple users to a group, select multiple groups in the user's definition window.

Before you begin

• Activate access control.

Then, follow these steps:

1. Open the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional Applications group. When you are prompted, type the access control key.

2. Select [User/Group Management] and [User Management].

3. Select a userid and select [Edit]. In the user's definition, select [Edit] next to the group list. Then, select the groups you want to assign to the user.

   

Chapter Contents

Previous

Next

Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.