04-08-2016 04:32 AM
Recently I've began to use SAS Management Console, and I'm getting literally insane on how to create libraries. What I want to do is the simplest thing, but nobody has explained to me, so I'm quite lost.
The thing is, I want to grant access to different libraries for different users. I mean, SAS User A can see (and use) libraries L1 and L2, and SAS User B can see libraries L2 and L3, and so on.
Can anyone explain it to me step by step? I would be very pleased!
Thank you so much!
04-08-2016 04:52 AM
yours is a good question, unfortunately step by step would take a lof of time.
You can find the users guide of SAS Management Console here: http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#titlepage.htm
As remark, please consider something:
For SAS BASE libraries, you can set permissions on the metadata and on the operating system. And both have impact on the final authorizations that yhe users will experience.
There are also metadata bound libraries, but I would not start from the roof
04-08-2016 04:59 AM
In order to use a library, users need to be able to physically access the directory (which is the physical representation of a SAS library) and the files in that library.
So, on the operating system level, the users in question need read and execute permissions on that directory, either per username, group or "others", or through properly managed access control lists. Mind that my explanation is for UNIX, not Windows toyboxes.
Once this is verified, define the libraries in SAS MC; in the Authorization tab, make sure that either the users or a group to which they belong have the necessary permissions on the metadata and data. Also make sure that the SAS folder in which the library appears in the Folders structure can be "seen" by the users in question. If you want to restrict access, the first groups that need to have their settings set to "Denied" are PUBLIC and SASUSERS.
It may be that some combinations can't be done if group permissions are too permissive, so denying a single user may fail because of other more permissive settings. You may have to resort to some tricks in the operating system for this, as OS permissions trump everything else.
If you positively need to restrict access for security reasons, blocking users on the OS level is mandatory, as they can always execute a simple LIBNAME statement themselves when they have physical access.