02-12-2015 08:06 PM
My organization is on 9.4 platform. We allow our power users to have direct access to the SAS data file on the host operating system. Typically, we grant access to each user only the data file they need to use. Now, I have a question about SAS View. If User A has a SAS Data file (which only User A has physical access) and User B has a SAS Data View (which is also a file which contain the code for the SAS DATA Step view). In the SAS Data View, the DATA Step will read from the SAS Data file belonging to User A. My question is, does User B need to have physical access to User A's SAS Data file on the host operating system.
02-12-2015 08:36 PM
A user reading the DATA step view would need at least read access to the underlying SAS dataset it is based on otherwise the read attempt would fail with an error. If write access is also required then the user would need write permission.
02-13-2015 03:48 PM
When you have your os controls to data organized there is no way SAS is able to overrule those.
OS control is not allowing the access views (sql or datastep) cannot gain access.
It is the same with logical links on the os level.
When you find a loophole than have the OS being bashed.
This is different when you believe the sas metadata security. That one is not having that nice restriction as it leaving OS controls wide open. Bypasses are to be found. Run your we services open on the same and you are expecting a data breach.