https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65603#M3293 Hello,<BR /> <BR /> Person A runs a stored process and it displays in HTML an image from a folder:<BR /> SASStoredProcess/do?_program=%2FFAB%2Fenhanced_lot_hist_vars&amp;pictureNr=2 <BR /> <BR /> img alt="" src="file://netapp1/vars/imageDB/0001/2.jpg"<BR /> <BR /> Person A is allowed to see picture 2, but not picture 3. But now he just has to change the path and he has access to every picture in the folder.<BR /> <BR /> Is there any good solution to prevent this? We searched for a few:<BR /> - copy the image to a local directory, and display that one (but then we have to clean that directory up and ... )<BR /> - we can set security groups on each image but here they change very fast so not really an option<BR /> - img alt="" SRC="//SASStoredProcess/do?_program=CheckIfAccessIsOK&amp;pictureNr=2 " (dont know of such a thing is possible). We can see to which product this picture belongs, and we have a list who is allowed to see which product.<BR /> <BR /> so my main question is: how to show the picture without really giving the possibility to the user of seeing where this picture is stored so he can not access all other pictures<BR /> <BR /> EDIT: ANYONE?? Message was edited by: Filipvdr Fri, 13 May 2011 07:39:55 GMT Filipvdr 2011-05-13T07:39:55Z https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65603#M3293 Hello,<BR /> <BR /> Person A runs a stored process and it displays in HTML an image from a folder:<BR /> SASStoredProcess/do?_program=%2FFAB%2Fenhanced_lot_hist_vars&amp;pictureNr=2 <BR /> <BR /> img alt="" src="file://netapp1/vars/imageDB/0001/2.jpg"<BR /> <BR /> Person A is allowed to see picture 2, but not picture 3. But now he just has to change the path and he has access to every picture in the folder.<BR /> <BR /> Is there any good solution to prevent this? We searched for a few:<BR /> - copy the image to a local directory, and display that one (but then we have to clean that directory up and ... )<BR /> - we can set security groups on each image but here they change very fast so not really an option<BR /> - img alt="" SRC="//SASStoredProcess/do?_program=CheckIfAccessIsOK&amp;pictureNr=2 " (dont know of such a thing is possible). We can see to which product this picture belongs, and we have a list who is allowed to see which product.<BR /> <BR /> so my main question is: how to show the picture without really giving the possibility to the user of seeing where this picture is stored so he can not access all other pictures<BR /> <BR /> EDIT: ANYONE?? Message was edited by: Filipvdr Fri, 13 May 2011 07:39:55 GMT https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65603#M3293 Filipvdr 2011-05-13T07:39:55Z https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65604#M3294 I gather the Pictures are static, ie not dynamic Graphs etc... Mon, 16 May 2011 20:03:37 GMT https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65604#M3294 twocanbazza 2011-05-16T20:03:37Z https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65605#M3295 correct, static pictures Tue, 17 May 2011 06:02:35 GMT https://communities.sas.com/t5/Developers/Security-Stored-Processes/m-p/65605#M3295 Filipvdr 2011-05-17T06:02:35Z