Chapter Contents

Previous

Next

Ensuring Data Security

The SAS System preserves the data security provided by SYSTEM 2000 software and the SAS System. As the DBA, you have control over who has SYSTEM 2000 authorities. You control who can create SYSTEM 2000 databases, and creators of the databases control who can access the data. Therefore, SAS System users can access only SYSTEM 2000 databases they created or ones for which they have been granted specific password authorities.

To secure data from accidental update or deletion, you can take precautionary measures on both sides of the interface.

SYSTEM 2000 Security

On the SYSTEM 2000 side of the interface, give users only the authority they must have with secondary passwords. For example, JANE needs to be able to create a view descriptor that reads and selects just the personal information about each employee in the EMPLOYEE database, which is stored in the ENTRY record. JANE can only do retrievals and where-clause selection on schema items C1 through C16. Use the following commands to assign her authorities:

    valid password is jane;
    assign r,w to c1 through c16 for jane;

JOHN needs to add new employees to the data base, so he needs all authorities:

    valid password is john;
    assign r, u, w to all components for john;

With retrieval, update, and where-clause authorities, JOHN can create a view descriptor that reads the data records for the schema items and can use that view descriptor to add new logical entries to the database.

If the SYSTEM 2000 software detects a security violation while a SAS procedure or DATA step is running, it issues a return code 45 or 47 and an error message. Partial updates will be rolled out (cancelled), if rollback is enabled for the database.

SAS System Security

To secure data from accidental update or deletion, you can do the following on the SAS System side of the interface:

• Set up all access descriptors yourself and drop items containing sensitive data.

• Set up all view descriptors yourself and give them to users on a selective basis. You can store the appropriate passwords in the descriptors, or you might not want to store any passwords so that the user must supply his password.

• Give users read-only access to the SAS data library where you store the access descriptors. Read-only access prevents users from editing access descriptors and allows them to see only the items selected for each view descriptor.

• Set up several access descriptors for multiple secondary passwords, or require the user to create them.

Chapter Contents

Previous

Next

Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.