RE: Restirict users accessing oracle tables using libname statement

Reply
Frequent Contributor
Posts: 88

RE: Restirict users accessing oracle tables using libname statement


Hi,

As a SAS admin i am wondering to know how to restirct metadata user accessing oracle DB tables using libname statement in EG.

suppose I have SAS EBI system, created Oracle library set up done and applied read permission for user A and Deny permission for user B.

But i wanna make sure the user B access the oracle table using libname stamenet.

libname oralib oracle path=oratest1 scott=test user=test pw=test;

how to restrict this?

Thanks,

Ram

Super User
Posts: 6,946

Re: RE: Restirict users accessing oracle tables using libname statement

If a user can write and run code, there is no way to restrict which code can be run. You need to restrict access in the DBMS or (for SAS libraries) in the operating system.

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
Frequent Contributor
Posts: 88

Re: RE: Restirict users accessing oracle tables using libname statement

Hi Kurt,

System is configured with forecast studio, EG and SAS Studio. How can user B execute libname statement in EG without having oracle log in ID and PW? B should know ID & PW to add into libname statement i guess like libname Oralib Oracle path='test' user='test' pw='testpw';

Thanks,

Ram

Super User
Posts: 6,946

Re: RE: Restirict users accessing oracle tables using libname statement

If a user doesn't have (or know) credentials for the database, he/she can't set a libname to the database. Problem solved.

If said user has (or knows) credentials for the database, and can write and execute user-written SAS code (which allows non-metadata driven access), then I see no way to prevent him/her from succesfully defining a libname against the DB.

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
Super User
Posts: 5,257

Re: RE: Restirict users accessing oracle tables using libname statement

If you are using a shared account in Oracle, keep it safe.

Register the Oracle schema in SAS metadata, and use metadata group membership to restrict the access.

If the Oracle logins are personal, no sense of restricting access, not at least in SAS.

Data never sleeps
Frequent Contributor
Posts: 88

Re: RE: Restirict users accessing oracle tables using libname statement

Hi Linus,

Yes, if i define schema & library for oracle in metadata with shared account and read permission to A and Deny permission to B.

how to restrict B user access to oracle DB tables using libname statement in EG?

Thanks,

Ram

i

Frequent Contributor
Posts: 88

Re: RE: Restirict users accessing oracle tables using libname statement

thank you for all your reply..

Ask a Question
Discussion stats
  • 6 replies
  • 275 views
  • 0 likes
  • 3 in conversation