Chapter Contents |
Previous |
Next |
SAS/ACCESS Interface to IMS-DL/I Software |
The SAS System enables you to control access to SAS data sets and access descriptors by associating one or more SAS System passwords with them. You must first create the descriptor files before assigning SAS passwords to them, as described in Assigning Passwords.
Password and Descriptor Interaction summarizes the levels of protection that SAS System passwords have and their effects on access descriptors and view descriptors.
|
READ= | WRITE= | ALTER= |
---|---|---|---|
access descriptor | no effect on descriptor | no effect on descriptor | protects descriptor from being read or edited |
view descriptor | protects DBMS data from being read or updated | protects DBMS data from being updated | protects descriptor from being read or edited |
When you create view descriptors, you can use a SAS data set option after the ACCDESC= option to specify the access descriptor's password (if one exists). In this case, you are not assigning a password to the view descriptor that is being created; rather, using the password grants you permission to use the access descriptor to create the view descriptor. For example:
proc access dbms=ims accdesc=mylib.account(alter=rouge); create vlib.customer.view; select all; run;
By specifying the ALTER-level password, you can read the MYLIB.ACCOUNT access descriptor and therefore create the VLIB.CUSTOMER view descriptor.
For detailed information about the levels of protection and the types of passwords you can use, refer to SAS Language Reference: Dictionary. The following section describes how you assign SAS System passwords to descriptors.
Assigning Passwords |
PROC DATASETS LIBRARY= libref MEMTYPE= member-type ;
|
RUN; |
In this syntax statement, the password-level argument can have one or more of the following values: READ=, WRITE=, ALTER=, or PW=. PW= assigns read, write, and alter privileges to a descriptor or data file. The password-modification argument enables you to assign a new password or to change or delete an existing password.
For example, this PROC DATASETS statement assigns the password REWARD with the ALTER level of protection to the access descriptor MYLIB.EMPLOYEE:
proc datasets library=mylib memtype=access; modify employee (alter=reward); run;
In this case, users are prompted for the password whenever they try to browse or edit the access descriptor or to create view descriptors that are based on MYLIB.EMPLOYEE.
You can assign multiple levels of protection to a descriptor or SAS data file. See Ensuring Data Security for more information about how to prevent unauthorized access to the data in your IMS-DL/I databases.
In the next example, the PROC DATASETS statement assigns the passwords MYPW and MYDEPT with READ and ALTER levels of protection to the view descriptor VLIB.CUSTACCT:
proc datasets library=vlib memtype=view; modify custacct (read=mypw alter=mydept); run;
In this case, users are prompted for the SAS password when they try to read the DBMS data, or try to browse or edit the view descriptor VLIB.CUSTACCT itself. You need both levels to protect the data and descriptor from being read. However, a user could still update the data accessed by VLIB.CUSTACCT, for example, by using a PROC SQL UPDATE. Assign a WRITE level of protection to prevent data updates.
To delete a password on an access descriptor or any SAS data set, put a slash after the password:
proc datasets library=vlib memtype=view; modify custacct (read=mypw/ alter=mydept/); run;
In the following example, PROC DATASETS sets a READ and ALTER password for view descriptor VLIB.CUSTINFO. PROC PRINT tries to use the view descriptor with both an invalid and valid password. PROC ACCESS tries to update the view descriptor with and without a password.
/* Assign passwords */ proc datasets library=vlib memtype=view; modify custinfo (read=r2d2 alter=c3po); run; /* Invalid password given */ proc print data=vlib.custinfo (pw=r2dq); where soc_sec_number = '178-42-6534'; title2 'Data for 178-42-6534'; run; /* Valid password given */ proc print data=vlib.custinfo (pw=r2d2); where soc_sec_number = '178-42-6534'; title2 'Data for 178-42-6534'; run; /* Missing password */ proc access dbms=ims; update vlib.custinfo.view; drop country; list all; run; /* Valid password given */ proc access dbms=ims; update vlib.custinfo.view (alter=c3po); drop country; list all; run;
Refer to SAS Language Reference: Dictionary for more examples of assigning, changing, deleting, and using SAS System passwords.
Chapter Contents |
Previous |
Next |
Top of Page |
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.