| SAS/ACCESS Interface To ADABAS: Reference |
The SAS System enables
you to control access to SAS data sets and access descriptors by associating
one or more SAS System passwords with them. You must first create the descriptor
files before assigning SAS passwords to them.
Password and Descriptor Interaction
summarizes the levels of protection that SAS System passwords have and their
effects on access descriptors and view descriptors:
When you create view descriptors, you can use a SAS
data set option after the ACCDESC= option to specify the access descriptor's
password (if one exists). In this case, you are not assigning
a password to the view descriptor that is being created; rather, using the
password grants you permission to use the access descriptor to create the
view descriptor. For example:
proc access dbms=ababas accdesc=adlib.customer
(alter=rouge);
create vlib.customer.view;
select all;
run;
By specifying the ALTER-level password, you can read
the ADLIB.CUSTOMER access descriptor and therefore create the VLIB.CUSTOMER
view descriptor.
For detailed information on the levels of protection
and the types of passwords you can use, refer to the SAS Language Reference: Dictionary. The following
section describes how you assign SAS System passwords to descriptors.
To assign, change, or clear a password for an access
descriptor, a view descriptor, or another SAS file, use the DATASETS procedure.
To assign,
change, or delete a SAS password, use the DATASETS procedure's MODIFY statement
in the PROGRAM EDITOR window. Here is the basic syntax for using PROC DATASETS
to assign a password to an access descriptor, a view descriptor, or a SAS
data file:
PROC DATASETS LIBRARY=libref MEMTYPE=member-type;
MODIFY member-name
(password-level =
password-modification);
|
In this syntax statement, the
password-level
argument can have one or more of the following values: READ=, WRITE=, ALTER=,
or PW=. PW= assigns read, write, and alter privileges to a descriptor or data
file. The password-modification argument enables you to assign
a new password or to change or delete an existing password.
For example, this PROC DATASETS statement assigns the
password MONEY with the ALTER level of protection to the access descriptor
ADLIB.SALARIES.
proc datasets library=adlib memtype=access;
modify salaries (alter=money);
run;
In this case, users are prompted for the password whenever
they try to browse or edit the access descriptor or to create view descriptors
that are based on ADLIB.SALARIES.
You can assign multiple levels of protection to a descriptor
or SAS data file. However, for more than one level of protection (that is,
both READ and ALTER), be sure to use a different password for each level.
If you use the same password for each level, a user to whom you grant READ
privileges only (in order to read the DBMS data) would also have privileges
to alter your descriptor (which you do not want to allow).
In the next example, the PROC DATASETS statement assigns
the passwords MYPW and MYDEPT with READ and ALTER levels of protection to
the view descriptor VLIB.JOBC204:
proc datasets library=vlib memtype=view;
modify jobc204 (read=mypw alter=mydept);
run;
In this case, users are prompted for the SAS password
when they try to read the DBMS data, or try to browse or edit the view descriptor
VLIB.JOBC204 itself. You need both levels to protect the data and descriptor
from being read. However, a user could still update the data accessed by
VLIB.JOBC204, for example, by using a PROC SQL UPDATE. Assign a WRITE level
of protection to prevent data updates.
To delete a password on an access descriptor or any
SAS data set, put a slash after the password:
proc datasets library=vlib memtype=view;
modify jobc204 (read=mypw/ alter=mydept/);
run;
Refer to the SAS Language Reference: Dictionary for more examples of assigning,
changing, deleting, and using SAS System passwords.
Copyright © 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.
