Desktop productivity for business analysts and programmers

Library authorization at the table level

Accepted Solution Solved
Reply
Occasional Contributor
Posts: 18
Accepted Solution

Library authorization at the table level

Hi,

 

Working with Sas Management Console (SAS 9.4). We have a Library of 20 data sets that are used by two different Groups.

 

1.- We want Group A to have access to ALL of them, which works fine

2.- We want Group B to only see 2 tables

 

Unfortunately this seems impossible to set with SMC, even when we REMOVE all permissions (RM/WM/CIMD/R/W/C/D) are set to Deny, users of Group B still have access to ALL tables.

 

What are we missing???


Accepted Solutions
Solution
‎05-23-2018 02:35 PM
Occasional Contributor
Posts: 18

Re: Library authorization at the table level - R E S O L V E D

Posted in reply to KurtBremser

Hi Kurt,

 

Thank you very much for your input. Yes indeed, folders is a good clean way to do it.

 

I managed to get it going with the 'MetaData Secured Library' and setting the Linux User/Group permissions accordingly.

 

'proc authlib' with SAS EG was of great help.

 

Thank you ALL above who contributed on this post, you are wonderful and I hope I can return the favor.

 

 

 

Yvan

 

View solution in original post


All Replies
Super User
Posts: 10,570

Re: Library authorization at the table level

Did you deny globally, for SASUSERS?

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
How to post code
Occasional Contributor
Posts: 18

Re: Library authorization at the table level

Posted in reply to KurtBremser

Hi Kurt,

 

No, just that group.

Super User
Posts: 10,570

Re: Library authorization at the table level


@RexDeus9 wrote:

Hi Kurt,

 

No, just that group.


That's your problem. Deny for SASUSERS (PUBLIC should already be denied), and then allow selectively for your groups.

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
How to post code
Occasional Contributor
Posts: 18

Re: Library authorization at the table level

Posted in reply to KurtBremser

Hi Kurt,

 

Sorry, I was wrong in my first reply, SASUsers are DENIED everything.

Super User
Posts: 10,570

Re: Library authorization at the table level

Have you made sure that the users in group B are not in group A also?

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
How to post code
Occasional Contributor
Posts: 18

Re: Library authorization at the table level

Posted in reply to KurtBremser

Yes, they are totally different.

PROC Star
Posts: 399

Re: Library authorization at the table level

[ Edited ]

Hi!

I think what you need to do is:

 

For EACH table:

- Deny rm and r for SASUSERS.

- Grant rm and r for group A

- Grant rm and r for internal sas users (SAS Admins, SAS General servers...)

 

On the 2 tables:

- Deny rm and r for SASUSERS.

- Grant rm and r for group A

- Grant rm and r for group B

- Grant rm and r for internal sas users (SAS Admins, SAS General servers...)

 

//Fredrik

Occasional Contributor
Posts: 18

Re: Library authorization at the table level

Hi Fredrik,

 

Thank you for your reply. Unfortunately it doesn't change anything. I removed ALL permissions to 'sasusers' and 'public' as well, on top of Group B.

 

Group B still has access to ALL tables for that Library. I really wonder why SAS even bothers providing the 'Authorization' tab at this level (Tables).

 

Getting pretty frustrated with this.:-(

 

 

Yvan

Super User
Posts: 4,023

Re: Library authorization at the table level

I assume you know that permissions at the metadata level can be bypassed by users assigning their own LIBNAMEs pointing at the table folders, unless you use metadata-bound libraries. Are you OK with that?

Occasional Contributor
Posts: 18

Re: Library authorization at the table level

Hi,

 

I browsed the documentation, not sure it's worth the pain for a few tables, or maybe it's just me.

Occasional Contributor
Posts: 9

Re: Library authorization at the table level

Hi,

 

Where are you setting that permissions, at libname level, folder level?

 

Are the tables that you trying to grant and deny registered on metadata?

 

 

 

 

Occasional Contributor
Posts: 18

Re: Library authorization at the table level

Posted in reply to NunoTGrunho

Hi,

 

Permissions are set on he following:

 

- Library level (They will never see the library without this one)

- Folder of the Library

- Table in the Library folder

 

Yes, the tables are registered in the Metadata.

 

 

Super User
Posts: 4,023

Re: Library authorization at the table level

You mean metadata-bound libraries? I agree totally  - you would have to have a much better reason to justify implementing MBLs.

 

Just pointing out, you can spend a lot of time getting metadata permissions right only for users to bypass them...

Super User
Posts: 10,570

Re: Library authorization at the table level

How do you access the tables in question? By browsing through the SAS metadata folders, or by opening them from the server list in Enterprise Guide, or in code?

---------------------------------------------------------------------------------------------
Maxims of Maximally Efficient SAS Programmers
How to convert datasets to data steps
How to post code
☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 23 replies
  • 450 views
  • 4 likes
  • 6 in conversation