diff --git a/docs/deploy-viya.md b/docs/deploy-viya.md index 7ed268b..47a7792 100644 --- a/docs/deploy-viya.md +++ b/docs/deploy-viya.md @@ -98,24 +98,34 @@ filename dc url "https://git.datacontroller.io/dc/dc/releases/download/latest/vi ### 3. Configure Frontend -#### Configure Frontend: Streaming Deploy +#### Streaming Deploy At the end of the SAS log from Step 2, there will be a link (`YOURSAS.SERVER/SASJobExecution?_file=/YOUR/APPLOC/services/DC.html`). Open this in **SASJobExecution** (not SAS Studio) to perform the configuration (below). -#### Configure Frontend: Separated Deploy +#### Separated Deploy Unzip the frontend into your chosen directory (eg `/var/www/html/DataController`) on the SAS Web Server. Edit `index.html` to perform the configuration (below). -#### Configuration: +#### index.html + +The following attributes may be updated in the index.html file. For streaming deploy, be sure to use the JobExecution app (not SAS Studio) for correct file type handling. - `appLoc` - the root folder where the Jobs were deployed in step 2 - `contextName` - here you should put the name of the compute context you created in step 1 - `servertype` - should be SASVIYA - `debug` - can stay as `false` for performance, but could be switched to `true` for debugging startup issues -- `useComputeApi` - use `true` for best performance. +- `useComputeApi` - setting `true` will give the best performance due to the use of hot sessions by the SASjs adapter. However we recommend `false` or `null` for security as explained in the next section. + +### 5. Security + +A group should be defined in Environment Manager that has the "create session" permission on the Shared Compute Context. + +To avoid giving users the ability to run code on that context in SAS Studio and other apps, this permission should have the following condition attached: `clientId() == 'sas.jobExecution'` + +By applying this condition, it will also become impossible to use the `useComputeApi=true` setting in the index.html file. Use 'false' or 'null' instead. -### 4. First Launch +### 6. First Launch Now the services are deployed (including the service which creates the staging area) we can open the Data Controller web interface and make the necessary configurations: @@ -124,7 +134,7 @@ Now the services are deployed (including the service which creates the staging a * Compute Context - the context configured in Step 1 -### 5. Optimisation +### 7. Optimisation At this point, every DC request will read the `services/public/settings.sas` file to get the DC library (and other) settings. To avoid these API calls (which will speed up the app) we can simply move this code to the autoexec. Steps as follows: