Skip to content

Authentication Domains

Altair SLC Hub uses authentication domains to store access credentials, which can then be referenced by SAS language programs, removing the need for those programs to hard code the credentials.

An Altair SLC Hub Authentication Domain is a central definition of access credentials for a server or a database. An authentication domain contains one or more credentials, each of which defines a user name and password that can be used to access a database or other server. Each credential is associated with an Altair SLC Hub user or group. SAS language programs use the authentication domain to replace hard-coded credentials in any SAS language statement that requires a user name and password pair; for example, a LIBNAME statement; a filename statement such as FILENAME EMAIL, or FILENAME HTTP; or a procedure statement such as PROC HTTP.

Altair SLC Hub users in the Hub Administrators group can create authentication domains and add credentials for any users. Hub users with the appropriate access permissions can, for example, create and modify their own credentials for existing authentication domains and reference authentication domains in SAS language programs in Altair SLC. Altair SLC Hub authentication domains are not case sensitive.

The advantages of authentication domains are:

  • Plain text user names and passwords can be removed from SAS language programs in Altair SLC.
  • Administrators manage user names and passwords centrally.
  • Administrators can restrict access to password-protected resources by restricting access to the corresponding authentication domains.
  • Administrators can set different credentials for different users and groups, so different users and groups can have different levels of access to the same resource.

Portal interface

The Authentication Domains page is used to view, create, and edit authentication domain definitions.

By clicking ... to the right of each authentication domain, you have the following options:

  • Rename: Launches the Rename Authentication Domain dialog box in which you can provide a new name for the selected authentication domain.
  • Delete: Confirms the deletion of the selected authentication domain.
  • Change Namespace: Displays a dropdown list of namespaces to which you can move the selected authentication domain.

Click the name of an authentication domain to launch an editor through which you can modify the properties.

To create an authentication domain, click the New button and provide a unique name in the dialog box that displays. Click OK to proceed with modifying the properties of the newly created authentication domain.

Authentication Domain Properties

Clicking an existing authentication domain or creating a new one launches the Edit Authentication Domain page, through which you can modify relevant properties.

In the Properties tab, assign a unique name to identify the AuthDomain and provide a description of its purpose, including the resource it relates to and other related information. By default users can define their own personal credentials. You can clear the Allow personal credentials checkbox to prevent users defining personal credentials.

Authentication Domain Credentials

In the Credentials tab, click the New button to launch the Add Credential dialog box, where you can modify the following properties:

  • User or Group: Select the user or group to which the credential applies from the list displayed.
  • Credential Type: Choose between internal or vault credential type.
    By default the vault option is not available unless enabled during Hub configuration.

Note that choosing the internal type requires the creation of a username and password, whereas choosing the vault type requires the path to the vault credential.

Click ... to the right of each user or group to perform the following actions:

  • Edit: Launches the credential editor from which you can modify the credential properties.
  • Delete: Confirms the deletion of the selected entry.
  • Rank highest, Rank higher, Rank lower, Rank lowest: Rearranges the list of credentials based on the selection (e.g., ranking an entry as the highest moves it to the top of the list).
  • Rank relative to credential: Launches a dialog box where you can modify the position of the selected entry in the list based on a selected credential.

Note that the ranks can also be changed by means of the arrow controls. Ranking is used to disambiguate which credential should be used, for example when a user belongs to more than one Group that has a credential for the authentication domain.

Click the Test button to verify whether a user has a credential for the authentication domain and which credentials will be used in the case where a user has multiple credentials specified due to group memberships.

Access Control Test

This tab allows you to test access control rules for a specific user or group.

To test access, select an action from the dropdown list, which displays the following options: Read, Update, and Delete. Then, select the relevant user and click the Test Access button to proceed. The results show the overall effect of the rules that match the test parameters. To clear the form and start over, click Reset.