In a distributed SAS© BI (Business Intelligence) architecture, it is common for the Compute Server to be located on a different machine from where the physical data resides.
A classic scenario: your SAS© platform is installed on Server A, but you are trying to declare a library pointing to files located on Server B. This is when the blocking error message appears:
This message is particularly frustrating because, often, the user finds they can access the remote folder via Windows File Explorer (Run command) without any issue. If system access seems to work, why does SAS© refuse the connection?
Here are the diagnostic tracks and solutions to resolve this authorization conflict.
This is the most common and simplest cause to check.
By default, when SAS© allocates a library (via a LIBNAME statement or through metadata), it often tries to get full access (Read and Write).
If, at the operating system level (Windows/Linux), the user only has read-only rights on the shared folder of Server B, SAS© will return this generic authorization error, even if you are only trying to read the data.
The solution: Check if the "Read-Only" option is checked in the library's properties or force read-only access in your code (ACCESS=READONLY).
To find out if the blockage is coming from SAS© metadata or system (OS) permissions, there is a foolproof test.
Manually execute a LIBNAME statement in a program (via SAS© Enterprise Guide or Studio), pointing directly to the network path, without going through the pre-registered metadata definition.
| 1 | LIBNAME TestLib '\\ServeurB\Chemin\Vers\Donnees'; |
If this code works: This means that the system (OS) permissions are correct. The problem is therefore in the metadata definition (SAS© Management Console). You need to check the permissions on the library object in the metadata tree (read rights on metadata AND on physical data).
If this code fails: The problem is indeed at the operating system or network level. The user account under which the SAS© process is running on Server A does not have the appropriate rights on Server B.
In a BI architecture, the identity of the user connecting to the portal is not always the one used by the server to access files.
It is imperative to check the configuration in the SAS© Management Console:
Open the User Manager.
Locate the profile of the user or group concerned.
Check the "Accounts" tab.
Ensure that the credentials (Login) defined here correspond to a valid domain account that has the necessary privileges on the remote server. If authentication is done via a generic service account (e.g., sassrv), it is this specific account that must have the rights on the shared folder, and not your personal account.
The "Appropriate authorization level" error is often a mask for a simple "Read vs. Write" rights conflict or confusion between the connected user's identity and the SAS© server process's identity. By testing access with pure code, you can quickly isolate the layer responsible for the blockage.
The codes and examples provided on WeAreCAS.eu are for educational purposes. It is imperative not to blindly copy-paste them into your production environments. The best approach is to understand the logic before applying it. We strongly recommend testing these scripts in a test environment (Sandbox/Dev). WeAreCAS accepts no responsibility for any impact or data loss on your systems.