SAS Safety Scalable Performance Data Server 4.5 Manual Do Utilizador
ACL Security Overview
SPD Server uses Access Control Lists (ACLs) and SPD Server user IDs to secure domain
resources. You obtain your user ID and password from your SPD Server administrator.
resources. You obtain your user ID and password from your SPD Server administrator.
SPD Server also supports ACL groups, which are similar to UNIX groups. SPD Server
administrators can associate an SPD Server user as many as five ACL groups.
administrators can associate an SPD Server user as many as five ACL groups.
ACL file security is turned on by default when an administrator brings up SPD Server.
ACL permissions affect all SPD Server resources, including domains, tables, table
columns, catalogs, catalog entries, and utility files. When ACL file security is enabled,
SPD Server only grants access rights to the owner (creator) of an SPD Server resource.
Resource owners can use PROC SPDO to grant ACL permissions to a specific group (called
an ACL group) or to all SPD Server users.
ACL permissions affect all SPD Server resources, including domains, tables, table
columns, catalogs, catalog entries, and utility files. When ACL file security is enabled,
SPD Server only grants access rights to the owner (creator) of an SPD Server resource.
Resource owners can use PROC SPDO to grant ACL permissions to a specific group (called
an ACL group) or to all SPD Server users.
The resource owner can use the following properties to grant ACL permissions to all SPD
Server users:
Server users:
READ
universal READ access to the resource (read or query).
WRITE
universal WRITE access to the resource (append to or update).
ALTER
universal ALTER access to the resource (add, rename, delete, or replace a resource and
add, delete indexes associated with a table).
add, delete indexes associated with a table).
The resource owner can use the following properties to grant ACL permissions to a named
ACL group:
ACL group:
GROUPREAD
group READ access to the resource (read or query).
GROUPWRITE
group WRITE access to the resource (append to or update).
GROUPALTER
group ALTER access to the resource (rename, delete, or replace a resource and add,
delete indexes associated with a table).
delete indexes associated with a table).
SPD Server ACL Security Model
Overview of the ACL Security Model
SPD Server provides an Access Control List (ACL) based security system. The ACL-based
security is enabled by default. You are encouraged to run SPD Server using ACLs. ACLs
add little overhead to SPD Server in terms of execution speed and disk space consumption.
ACLs keep files private to individual users and within groups.
security is enabled by default. You are encouraged to run SPD Server using ACLs. ACLs
add little overhead to SPD Server in terms of execution speed and disk space consumption.
ACLs keep files private to individual users and within groups.
Only disable ACLs if your computing environment requires free access of any user to any
other user's files. Migrating from a non-ACL environment to an ACL-based environment
is not simple, so use ACLs if you foresee needing security controls at a future time. Files
created by SPD Server running ACLs only should be accessed by SPD Servers running
other user's files. Migrating from a non-ACL environment to an ACL-based environment
is not simple, so use ACLs if you foresee needing security controls at a future time. Files
created by SPD Server running ACLs only should be accessed by SPD Servers running
150
Chapter 14 • ACL Security Overview