How to Store Passwords for a Third-Party Server

Note: Use these instructions to provide seamless access to a third-party server that uses a proprietary authentication provider (for example, Oracle). These instructions associate the database logins with a user or group, not directly with a database library.
  1. Verify that the third-party server is registered in the metadata and is in its own authentication domain.
    1. Select the third-party server's definition under Server Manager on the Plug-ins tab in SAS Management Console.
    2. In the display panel, right-click the server's connection object icon and select Properties. The server's authentication domain assignment is on the Options tab.
  2. In the server's authentication provider, identify or create accounts. Use any of the following approaches (here, Oracle is used as an example):
    • Create an individual Oracle account for each user. This provides the greatest accountability, but can also necessitate storing many Oracle user IDs and passwords in the metadata.
    • Create one Oracle account that all users will share. This greatly reduces the need to store Oracle user IDs and passwords, but also results in a loss of individual accountability.
    • Create a few Oracle accounts, each of which will be shared by several users. This middle-of-the-road approach enables you to make some access distinctions in Oracle and store only a few Oracle user IDs and passwords in the metadata.
  3. In the metadata, store the user IDs and passwords for each account as follows (here, Oracle is used as an example):
    • If you created individual accounts on the Oracle server, add an Oracle login to each user definition.
    • If you created one shared account on the Oracle server, identify or create a group that contains the users who will access the Oracle server. Give that group a login that includes the user ID and password for the Oracle shared account.
      Note: If you want to provide access for all registered users, give the login to the SASUSERS group.
      Note: If you want to provide access for all users (including users who do not have an individual SAS identity), give the login to the PUBLIC group.
    • If you created several shared accounts on the Oracle server, identify or create a user group in the metadata for each shared account. Give each group a login for the Oracle server, and assign each user who connects to Oracle to one of the groups.
    Assign these logins to the third-party server's authentication domain. Store both an ID and a password in each login.
    For example, for an Oracle server: 
    OracleAuth | myORAid | myORApassword
    Note: If you don't store the passwords, users of desktop applications are prompted for such credentials when they make a request that requires access to the server. SAS Web Report Studio has an interactive password management feature. Other Web applications don't support interactive logons to secondary servers.

See Also

Credential Management
How Logins Are Used
Copyright © SAS Institute Inc. All rights reserved.