cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
RAmarapuram
Obsidian | Level 7 RAmarapuram
Obsidian | Level 7

Providing Readonly access to Base engine libraries

Posted 03-19-2015 12:14 PM (4122 views)

Hi Team

I am new to SAS administration. I have to create a base engine SAS library in SAS Management console with readonly access to SAS datasets located at a particular path.

How do make those SAS datasets readonly ?

Kindly advice.

Thanks

Rajesh

0 Likes
Reply
4 REPLIES 4
LinusH
Tourmaline | Level 20 LinusH
Tourmaline | Level 20

Re: Providing Readonly access to Base engine libraries

Posted 03-19-2015 12:41 PM (3842 views)  |   In reply to RAmarapuram

There are several options. Which to chose depends on your requirement.

If you just want to protect from accidental updates, just have the libraries not preassigned, or preassigned using Metadata library engine. This is by default a read only access.

But, if your fear that your users will try to bypass metadata engine by assigning the libname directly to the file system path, you might want to look at using Meta Bound libraries.

Data never sleeps
0 Likes
Reply
jakarman
Barite | Level 11 jakarman
Barite | Level 11

Re: Providing Readonly access to Base engine libraries

Posted 03-19-2015 06:25 PM (3842 views)  |   In reply to RAmarapuram

Define the location were the SAS library is stored as read-access at the OS level.
The datasets wil be set read-only internal by SAS automatically. As you are safe at he OS level there are no issues to solve with SAS settings. 
Even the bound libraries will not protect those from copy at the OS level. SAS(R) 9.4 Guide to Metadata-Bound Libraries, Second Edition

If all of the following circumstances exist, it makes sense to consider using metadata-bound  libraries:
- You have SAS data sets that require a high level of security, with access distinctions at the user or group level.
- You are running (or planning to run) a SAS Metadata Server in which your users are registered.
- You have not already met your security requirements through a combination of physical layer (operating system) separation and customized configuration of your SAS servers.
---->-- ja karman --<-----
Reply
MikeMcKiernan
SAS Employee MikeMcKiernan
SAS Employee

Re: Providing Readonly access to Base engine libraries

Posted 04-03-2015 08:44 AM (3842 views)  |   In reply to RAmarapuram

Jaap's response, especially the item in bold, is a very good response.

I'll add one more trivially easy way to specify a library as read-only.  There's a Library access field in SAS Management Console that you can use to specify a library as READONLY (that's the menu choice).  See SAS(R) 9.4 Intelligence Platform: Data Administration Guide, Third Edition.

A word of caution. As easy as that setting is to configure, if that metadata setting is not also paired by restricting Write access in the operating system, a user can easily circumvent that setting by writing a program with a user-supplied LIBNAME statement to the data.

Reply
jakarman
Barite | Level 11 jakarman
Barite | Level 11

Re: Providing Readonly access to Base engine libraries

Posted 04-03-2015 09:24 AM (3842 views)  |   In reply to RAmarapuram

Mike and do not understand what is more trivial for restricting access to data using the OS layers.   I only copied that sentence from the SAS manual.

There is more of that:

SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition  (cautions)

+ In the metadata authorization layer, not all permissions are enforced for all items.
It is essential to understand which actions are controlled by each permission. See Use and Enforcement of Each  Permission.
+ Some clients enable power users to create and run SAS programs that access data directly, bypassing metadata-layer controls.  (Eguide Amo etc)
It is essential  to manage physical layer access in addition to metadata-layer controls. See Access to SAS Data
If you do not the security approach at the OS layer you can eliminate Eguide and AMO usage (EMiner included) from start. 
This chapter once had mentioned some vague to get SAS aligned with common ICT governance policies (standard of good practice).  
SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition as coming from SAS(R) 9.4 Intelligence Platform: Installation and Configuration Guide (Ongoing System Administration Tasks - checklist for a more secure deployment)

Can you explain why SAS doesn't want to cooperate with existing ICT department policies and not according those of regulators but instead of that is obviously fighting those, bypassing them selling it as a solutions with no IT staff needed?
---->-- ja karman --<-----
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Upcoming Events
View All
Get Started with SAS Information Catalog in SAS Viya

Learn how to explore data assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎03-19-2015 12:14 PM
  • 4123 views
  • 3 likes
  • 4 in conversation