Your SAS programs, embedded in web apps and elsewhere

Security Stored Processes

Reply
Regular Contributor
Posts: 229

Security Stored Processes

Hello,

Person A runs a stored process and it displays in HTML an image from a folder:
SASStoredProcess/do?_program=%2FFAB%2Fenhanced_lot_hist_vars&pictureNr=2

img alt="" src="file://netapp1/vars/imageDB/0001/2.jpg"

Person A is allowed to see picture 2, but not picture 3. But now he just has to change the path and he has access to every picture in the folder.

Is there any good solution to prevent this? We searched for a few:
- copy the image to a local directory, and display that one (but then we have to clean that directory up and ... )
- we can set security groups on each image but here they change very fast so not really an option
- img alt="" SRC="//SASStoredProcess/do?_program=CheckIfAccessIsOK&pictureNr=2 " (dont know of such a thing is possible). We can see to which product this picture belongs, and we have a list who is allowed to see which product.

so my main question is: how to show the picture without really giving the possibility to the user of seeing where this picture is stored so he can not access all other pictures

EDIT: ANYONE?? Message was edited by: Filipvdr
Super Contributor
Posts: 356

Re: Security Stored Processes

I gather the Pictures are static, ie not dynamic Graphs etc...
Regular Contributor
Posts: 229

Re: Security Stored Processes

correct, static pictures
Ask a Question
Discussion stats
  • 2 replies
  • 188 views
  • 0 likes
  • 2 in conversation