"I even read places that describe commercial products (ex. SAS?) that use this variable described as "lazy programmers" and "bad programming"... two descriptions I generally do not associate with SAS."  SAS is nice at the fron-end going into the OS system internals the are not the nice. Enough troubles seen to classify SAS als lazy and bad programmers on that area. http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html  (tldp.org) And you find the LD_library_path as standard approach.  Although most systems these days are 64-bit programmed there is still a lot of 32-bit (and less) history. Oracle documented the LD_Library_Paht_64 http://docs.oracle.com/cd/E19205-01/819-5262/aeude/index.html It is working as you described.   This is at OS level and guess what, most middleware tools liike all those database interfaces are middelware and following the OS conventions. Only a middleware tool like SAS is rather stubborn not following those guidelines. (getting the trouble). Is the SAS system an application, The SAS applications are the sas-programs build in your environment your business and are not the COTS ones by sas-institute.     ... View more

Eguide is a coding environment in a more classical way. There are helpers to generate code like query builder, but it is code based.   The concept of DI is quite different it is not code based instead it is metadata based. With the relations of metadata (records/fields) wiht the transformations pattersn jobs are generated. The jobs are seen as SAS - code. There you the difference. Where code/tasks is the object you are working on wiht Eguide wiht DI it are the results of that generation as like the SAS-metadata is your source-code and the relulting sas-code is the executable. ... View more

You are wanting to fasltoad (that is I assume create data level access) at the base dataset you don not have create rights for. Was your intention multiload?  First solve that create error message.   ... View more

Hi Hans, It is the same everywhere you cannot emigratie to get rid of that level support : ) What did you try? Definining a SAS dataset with associated formats as input? ... View more

You need to understand how Unix DAC (Discrete Access Control) security is working in a HFS (Hierarchical Files system). The other one is the role the "Owner" has in that Unix security concept and I would not bother too much on ACL's Jerks and confinement (SElinux) no having those. The remarks: - ACL's looks more convenient as the similarity to Windows. They are unreliable as the access check can disappear unexpected. the goals is a fixes not changing environment. - Jerks is the idea you can limit access rights by granting them to additional groups - Selinux is delivering the containerization you can find with Docker (and SAS-VA). The maximum numbers of groups on a Linux/Unix system was once a problem (Posix-8 BSD-16). Windows for a long time far better with 1020.          Check that number with ngroups_max limits.h https://www.j3e.de/ngroups.html  As modern systems are above that old low limit that should be no problem anymore. One exception is the NFS system.  Some nice papers on DAC are:  part 1 Hacking Linux Exposed  part 2  Hacking Linux Exposed   For a sharing and isolation strategy you need to design your hierarchy What must be able to be shared should be in the same hierarchy, what should be isolated must be in separated trees. The idea is starting a full read/execute access (directories) and than limiting the directories in still further refinements. The reason: all access of the complete hierarchy every level counts and cannot be bypassed. This is needing to switch your mind as the initiation is only seeing the current directory  (wrong!). The owner of directories/folders is for the best done with a privileged key (functional account)  or you will sooner or later running get into problems. I don not see the setting the owner-group? For the DAC rights owner/group/other only one of the tree will evaluated, not all. For changing to a directory you need a Execute grant for that directory For moving/deleting files you need write access to the directory.  No, no grants on the file itself as it is only a registration in the directory.  (Often being faulty interpreted). To have only the owner of the directory or the owner of the directory doing a delete/move you need to set the sticky bit on the directory.  The bad thing is, you will see a differentiation in DAC rights of files and directories. It is how -Nix systems DAC are working.  Having files being created by users, the primary group of the user will be set to the file. That is not necessary the same as the group of the directory. To have the files the same group as the directory set the groupid on the directory.  There is no need the user processing a file in that directory is a member of that group. Your elegant approach request looks like wanting to have a file dropping zone. Create a dedicated directory as a marketing dropping zone   eg:  .../drpbx/marketing     Set the group to marketing , Set the DAC rights as 3777 (sticky bit and groupid bit) - Anybody having access to drpbx can post files in that marketing directory (you can limit the usage by using a dedicated group on drpx)     - The files will be able to be accessed by the marketing group and the owner of the file. The owner of the file will have to set those rights  - the "owner" of the directory marketing can delete files when dacs (chmod)  for the user/group are wrong.             ... View more

There are many tools to process log4j log4net logs. The top one in this market is: Splunk makes machine data accessible, usable and valuable to everyone. The reason is it is accepted by CSO (Centrsl Security oiificers) departments. SAS logging the arm messages are log4j messages......   ... View more

SAS(R) 9.2 Language Interfaces to Metadata   See also the restrictions (mentioned before). ... View more

Your autoexec connection is working. When users are using a libname in their sas-code that will work also. What doesn't work is that automatic implied library connection used by the SMC importing the data. It could be an external identified=yes and oracle type def is missing. There must be some logging in a appserver somewhere. Can you find that one? But making is more easy why not using the proc metalib eguide code?  Avoiding SMC is avoiding a lot of the mentioned trouble. ... View more

Defining libraries can be done in many ways. See: http://blogs.sas.com/content/sgf/2013/05/15/pre-assign-sas-libraries-if-so-which-method/ Some products and the work of the users like data mining make it very impractical data access to be managed by a godfather DBA and not aligned IT staff. You library is correctly assigned in the autoexec with access to all users open.  Needing a secured access having sensitive data to Oracle you would need to better isolated credentials access leaving it all to Oracle. When you want to register those tables you are doing that on behalf of an DBA admin role within the SAS environment. That process is not necessary using the same APPserver where the users are running.  To overcome that someone at SAS has chosen the way SMC works is to assign the libname first with all definitions that should exist in SAS metadata and use that for importing the metadata. What is going along with this is that an open shared account to access Oracle must exist in the SAS meta data. They failed in checking this with common security guidelines using sensitive data. You can try the metallib procedure leaving the data management process to the data-owner http://support.sas.com/documentation/onlinedoc/guide/EG43MetaLibraries.pdf  ... View more

Working with Eminer you should be allowed to use xcmd for the shell. The default as set by SAS is an obstruction as SAS-Unix Admins having problems to understand this kind of work. Nice to see you have putty possible is also winscp functional not harmed. Anyway having Eguide and a storage location on the server you can always drag and drop files from Windows to Unix (drag-drop copy paste).  No need for some code aor tasks doing this kind of work for you.       ... View more

saspronfile, "main mounting point /sas" . "others like /sas/work below" ??   Unix is different to Windows in storage management. This makes no sense. With Unix you have storage and you can map that to a directory/folder that is a mountpoint.. With Windows you have a drive/storage where you can define directories folders. With a DFS you can present many of those as as single directory structure. That is a bit different way of thinking. With a HFS you have those mounpoints and the security inheritance by all level. this is why there is a standardized structure like General overview of the Linux file system - /opt for third party software eg SAS  (with rpm also bin) - /var for temporary data eg    saswork and logging. - /home for personal "my documents" - .... SAS institiute did made a complete mess of this common approach and guidelines by ignoring those. This is commonly causing a lot of trouble needing cooperation by unix admins. You are running out of space/resources. The firtst one is what are the mountpoints.... "df -g" and how big it he work/util? ... View more

reeza, your are right.   Normally you can have logging like nmon/topas being active making snapshots. Mostly every 5 minutes so you can see afterwards what is happening.  What sasprofle is saying all mountpoints are filled up at the same  moment. The mountpoints/filesystems are visible with the "df -g" command. saswork and several others should be isolated. It doesn't make sense when all of them get filled up on the same moment. Having a 200Gb or 500Gb of saswork you can easily seen that growing/filling up as IO speed is not that fast it is capable to do that very quickly it will take as an hour. The last part of filling up for 80 to 100% will slow down dramatically as the filesystem is needing harder work to find free space. If the behavior is different something else could be causing that. Corruptions in the SAN an filesystem could happen and cause this kind of OS system failures. Yup I have experienced  those on this kind of machines. All hardware and OS have their failures and at some level lack of reliability.  One of those was a lost disk - unknown reason another was failure in DAC rights processing, never found the cause.    ... View more

The header is indicating the ARM logging is active. That is where those INFO messages have their origin. See SAS(R) Environment Manager 2.4: User's Guide and SAS(R) 9.4 Logging: Configuration and Programming Reference, Second Edition Your question  is about something doing yourself that is delivered as a service. ... View more

When your users are of the type analytics miners, then do not use any quotas you can isolate them on a dedicated saswork filesystem. I am against quotas because you are going into a fight against users needing to do their work. When hurring them they will look for other ways to achieve their goals. One side of the company is keeping the other side busy without having any business efficiency (job creation).  When you have predictable workload that is have verified and tested sas programs running. Their behavior is mostly planning. Only not noticed program bugs will cause errors. The user having problems will complain about those. ... View more

SAS/STAT(R) 9.3 User's Guide Example 39.5 GEE for Binary Data with Logit Link Function   The GENMOD Procedure   ? ... View more