topic Re: Database Security in SAS Data Management

Database Security

R_Chung — Fri, 21 Apr 2017 03:09:20 GMT

Is there any possibility to grant right in accessing database like read, write or read&write?

through role or any permission?

As I have gone through the capability and it seems nothing for me to do it.

Re: Database Security

LinusH — Fri, 21 Apr 2017 04:24:46 GMT

Capabilities is about functionality, not data itself.
Two options that you could investigate :
- have the RDBMS libref assigned with the META engine, thus enforcing SAS metadata authorization.
- set authorization within the database. Use appropriate login from SAS (users own with AUTHDOMAIN, or some group login that fits your needs.

Re: Database Security

R_Chung — Fri, 21 Apr 2017 08:01:41 GMT

What do you mean for the first statement?
For the second statement, do you mean that we directly set authorization in database?

Re: Database Security

LinusH — Fri, 21 Apr 2017 10:58:34 GMT

I assumed that you had a Metadata Server, no?
If you have it, you will for the users assign a libref that points to the Metadata registration for that library. Then, any tables in that libref can fall under SAS metadata authorization. Check the doc for more info.

And yes, and you need somehow get the client user token/login to be used when connecting to the database.

Re: Database Security

thomp7050 — Fri, 21 Apr 2017 18:10:33 GMT

May not apply, but the simplistic solution is: If you are storing the data in a shared library folder, you can make the shared library folder read only or exclude the user from the folder. If you are using a server, another (albeit hacky) solution would be to create a scheduled task to copy the data to a folder that has your specified priveledges. This way, the user will be restricted to the datasets based on your specifications via windows, and not SAS.