https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167310#M2113 <HTML><HEAD></HEAD><BODY><P>Hi there .. I have moved your discussion thread into the SAS Deployment community. </P></BODY></HTML> Fri, 13 Feb 2015 03:22:20 GMT Community_Help 2015-02-13T03:22:20Z https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167308#M2111 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>My organization is on 9.4 platform. We allow our power users to have direct access to the SAS data file on the host operating system. Typically, we grant access to each user only the data file they need to use. Now, I have a question about SAS View. If User A has a SAS Data file (which only User A has physical access) and User B has a SAS Data View (which is also a file which contain the code for the SAS DATA Step view). In the SAS Data View, the DATA Step will read from the SAS Data file belonging to User A. My question is, does User B need to have physical access to User A's SAS Data file on the host operating system.</P></BODY></HTML> Fri, 13 Feb 2015 01:06:47 GMT https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167308#M2111 leech74 2015-02-13T01:06:47Z https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167309#M2112 <HTML><HEAD></HEAD><BODY><P>A user reading the DATA step view would need at least read access to the underlying SAS dataset it is based on otherwise the read attempt would fail with an error. If write access is also required then the user would need write permission.</P></BODY></HTML> Fri, 13 Feb 2015 01:36:05 GMT https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167309#M2112 SASKiwi 2015-02-13T01:36:05Z https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167310#M2113 <HTML><HEAD></HEAD><BODY><P>Hi there .. I have moved your discussion thread into the SAS Deployment community. </P></BODY></HTML> Fri, 13 Feb 2015 03:22:20 GMT https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167310#M2113 Community_Help 2015-02-13T03:22:20Z https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167311#M2114 <HTML><HEAD></HEAD><BODY><P>When you have your os controls to data organized there is no way SAS is able to overrule those.</P><P>OS control is not allowing the access views (sql or datastep) cannot gain access.</P><P></P><P>It is the same with logical links on the os level.</P><P>When you find a loophole than have the OS being bashed.</P><P></P><P>This is different when you believe the sas metadata security. That one is not having that nice restriction as it leaving OS controls wide open. Bypasses are to be found. Run your we services open on the same and you are expecting a data breach.</P></BODY></HTML> Fri, 13 Feb 2015 20:48:49 GMT https://communities.sas.com/t5/Administration-and-Deployment/Access-Control-for-SAS-data-file-on-host-system-to-be-used-by/m-p/167311#M2114 jakarman 2015-02-13T20:48:49Z