Hi,
Working with Sas Management Console (SAS 9.4). We have a Library of 20 data sets that are used by two different Groups.
1.- We want Group A to have access to ALL of them, which works fine
2.- We want Group B to only see 2 tables
Unfortunately this seems impossible to set with SMC, even when we REMOVE all permissions (RM/WM/CIMD/R/W/C/D) are set to Deny, users of Group B still have access to ALL tables.
What are we missing???
Hi Kurt,
Thank you very much for your input. Yes indeed, folders is a good clean way to do it.
I managed to get it going with the 'MetaData Secured Library' and setting the Linux User/Group permissions accordingly.
'proc authlib' with SAS EG was of great help.
Thank you ALL above who contributed on this post, you are wonderful and I hope I can return the favor.
Yvan
Hi Kurt,
No, just that group.
@RexDeus9 wrote:
Hi Kurt,
No, just that group.
That's your problem. Deny for SASUSERS (PUBLIC should already be denied), and then allow selectively for your groups.
Hi Kurt,
Sorry, I was wrong in my first reply, SASUsers are DENIED everything.
Have you made sure that the users in group B are not in group A also?
Yes, they are totally different.
Hi!
I think what you need to do is:
For EACH table:
- Deny rm and r for SASUSERS.
- Grant rm and r for group A
- Grant rm and r for internal sas users (SAS Admins, SAS General servers...)
On the 2 tables:
- Deny rm and r for SASUSERS.
- Grant rm and r for group A
- Grant rm and r for group B
- Grant rm and r for internal sas users (SAS Admins, SAS General servers...)
//Fredrik
Hi Fredrik,
Thank you for your reply. Unfortunately it doesn't change anything. I removed ALL permissions to 'sasusers' and 'public' as well, on top of Group B.
Group B still has access to ALL tables for that Library. I really wonder why SAS even bothers providing the 'Authorization' tab at this level (Tables).
Getting pretty frustrated with this.:-(
Yvan
I assume you know that permissions at the metadata level can be bypassed by users assigning their own LIBNAMEs pointing at the table folders, unless you use metadata-bound libraries. Are you OK with that?
Hi,
I browsed the documentation, not sure it's worth the pain for a few tables, or maybe it's just me.
Hi,
Where are you setting that permissions, at libname level, folder level?
Are the tables that you trying to grant and deny registered on metadata?
Hi,
Permissions are set on he following:
- Library level (They will never see the library without this one)
- Folder of the Library
- Table in the Library folder
Yes, the tables are registered in the Metadata.
You mean metadata-bound libraries? I agree totally - you would have to have a much better reason to justify implementing MBLs.
Just pointing out, you can spend a lot of time getting metadata permissions right only for users to bypass them...
How do you access the tables in question? By browsing through the SAS metadata folders, or by opening them from the server list in Enterprise Guide, or in code?
Join us for SAS Innovate 2025, our biggest and most exciting global event of the year, in Orlando, FL, from May 6-9. Sign up by March 14 for just $795.
What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.
Find more tutorials on the SAS Users YouTube channel.
Ready to level-up your skills? Choose your own adventure.