07-01-2015 10:47 PM
As a SAS admin i am wondering to know how to restirct metadata user accessing oracle DB tables using libname statement in EG.
suppose I have SAS EBI system, created Oracle library set up done and applied read permission for user A and Deny permission for user B.
But i wanna make sure the user B access the oracle table using libname stamenet.
libname oralib oracle path=oratest1 scott=test user=test pw=test;
how to restrict this?
07-02-2015 03:26 AM
If a user can write and run code, there is no way to restrict which code can be run. You need to restrict access in the DBMS or (for SAS libraries) in the operating system.
07-02-2015 11:45 AM
System is configured with forecast studio, EG and SAS Studio. How can user B execute libname statement in EG without having oracle log in ID and PW? B should know ID & PW to add into libname statement i guess like libname Oralib Oracle path='test' user='test' pw='testpw';
07-03-2015 02:32 AM
If a user doesn't have (or know) credentials for the database, he/she can't set a libname to the database. Problem solved.
If said user has (or knows) credentials for the database, and can write and execute user-written SAS code (which allows non-metadata driven access), then I see no way to prevent him/her from succesfully defining a libname against the DB.
07-02-2015 04:00 AM
If you are using a shared account in Oracle, keep it safe.
Register the Oracle schema in SAS metadata, and use metadata group membership to restrict the access.
If the Oracle logins are personal, no sense of restricting access, not at least in SAS.
07-02-2015 11:48 AM
Yes, if i define schema & library for oracle in metadata with shared account and read permission to A and Deny permission to B.
how to restrict B user access to oracle DB tables using libname statement in EG?