But if you want to keep users from accessing certain data, use the operating system's tools for that. If you grant read/execute permission for a directory only to a certain group, users who are not members of that group cannot assign a libname to that directory. Or read any datasets in it.
This also prevents any mishaps coming from forgotten passwords.
"You have not already met your security requirements through a combination of physical layer (operating system) separation and customized configuration of your SAS servers."
OS security is not that technically difficult to implement, the difficulty is getting it aligned with your business policies (RBAC). With this SAS institute (TLM) is commonly failing as they do not want to get aligned to your business policies. The reason is that is cost them too much of time with an implementation.
Are you going to use the encrypt= dataset option that is rather easy to do with SAS coding (program code). If you using Eguide or an other GUI interface you are into big trouble when that one is used adding/writing some records. At that moment not only the read password (essentially the salt) but recreating writing is needed alter access. Those GUI interfaces are failing because missing those options I their interfaces. The session/dataset will get corrupted.