BookmarkSubscribeRSS Feed
Calcite | Level 5



Requirement: All SAS users should not have access to all the tables from a particular SAS library. They should only see those tables that they are authorized to view. Rest of the tables should not be visible to these users through SAS Enterprise Guide.


Solution: In order to achieve this, I have created ACTs (Access Control Templates) in the SAS management console and defined permissions for granting/denying access to particular table(s). I applied these ACTs manually on different SAS tables. 


These ACTs are working as expected, means wherever table access was denied through ACT, user is unable to see those tables. 


Challenge: Solution developed is working as expected, however challenge is that I need to apply these ACTs on a multiple tables. For example, if there are 500 tables within a particular library then set of users should not see 150 tables from this library. ACT need to be applied on these 150 tables. As an administrator it would be difficult to select each table manually and apply ACT.


I am looking for the solution, whereby Access Control Template can be applied on these 150 tables in one go (probably through SAS code). I am not sure how to achieve this.


Request your help, as I tried exploring various options on the internet but all the solutions gives information on how to creating ACT and applying it on library or object. I could not find solution where ACTs can be applied on multiple tables in one go.






What about having two SAS libraries pointing to the same physical set of SAS datasets? Then register all 500 tables in one and apply the ACT for users allowed to see all of these on the library not the tables. In the other register the 150 tables and apply the ACT for users allowed to see these on the library and not the tables.


This means users will only see the library that they are allowed access to.


Please bear in mind though users can still code their own LIBNAME statement and bypass metadata permissions either with your method or this one.

Rhodochrosite | Level 12

The standard approach to this would be to put the tables in different folders and secure the folders so that inheritance does the heavy lifting. There are several different example scenarios in the SAS documentation. I would definitely recommend that over securing hundreds of individual objects (and maintaining that into the future).


If you still want some example SAS code that applies an ACT to multiple objects then have a look at the standard SAS MDUGRPAC macro (e.g. /opt/sas94m7/sashome/SASFoundation/9.4/sasautos/ that used to be used in older versions of SAS to automatically secure user groups. It creates an ACT and then applies it to a bunch of objects.


Rhodochrosite | Level 12

Oh, and as @SASKiwi mentions, knowledgable SAS users can readily bypass metadata permissions on libraries and tables, so depending on how important this is, you may also want to look at SAS Metadata Bound Libraries:

Meteorite | Level 14

Hello @darshan_k2905 
If these are sas datasets, then one approahc would be to assign permissions  file system level.
A script can be created to perform this action.

Calcite | Level 5
Hi @Sajid01,

Thanks for the suggested approach. Is there any sample script that you can share? I can modify it as per my requirement.

Meanwhile, I am exploring option suggested by Paul. i.e., use of SAS MDUGRPAC macro.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 5 replies
  • 4 in conversation