SAS Safety Scalable Performance Data Server 4.5 Manual Do Utilizador
ACLs. Likewise, areas created without ACLs should be accessed only by SPD Servers
using -NOACL.
using -NOACL.
SPD Server comes bundled with the SAS Management Console (SMC). The SAS
Management Console is a GUI utility that an SPD Server administrator can use to manage
passwords and ACLs. The SAS Management Console manages passwords using the same
capabilities that the psmgr utility provides, and the SAS Management Console also
manages ACLs using the same capabilities provided by PROC SPDO.
Management Console is a GUI utility that an SPD Server administrator can use to manage
passwords and ACLs. The SAS Management Console manages passwords using the same
capabilities that the psmgr utility provides, and the SAS Management Console also
manages ACLs using the same capabilities provided by PROC SPDO.
Enabling ACL Security
Overview of Enabling ACL Security
You enable SPD Server security with the -ACL option on the spdsserv command.
Numerous security features are in effect with ACLs enabled.
Numerous security features are in effect with ACLs enabled.
UNIX File-Level Protection with ACL Security
Each session of SPD Server is attached to a user with some UNIX or Windows user ID. If
SPD Server runs on UNIX, all files created by the software are protected according to the
UNIX file creation permissions associated with that UNIX user's ID. The SPD Server only
can read or write files that have the appropriate file and directory access permissions to the
SPD Server's user's ID. Use the UNIX 'unmask' command to restrict the desired creation
permissions.
SPD Server runs on UNIX, all files created by the software are protected according to the
UNIX file creation permissions associated with that UNIX user's ID. The SPD Server only
can read or write files that have the appropriate file and directory access permissions to the
SPD Server's user's ID. Use the UNIX 'unmask' command to restrict the desired creation
permissions.
User/Password Validation
SAS users must issue a user ID and password with the LIBNAME statement in order to
connect to SPD Server. The user ID and password are verified against an SPD Server user
ID table set up by the system administrator. Password expiration can be enforced by the
system administrator via the psmgr administration tool for the user ID table or through the
SAS Management Console, if it is installed and configured for SPD Server. In either of the
two environments, the system administrator can prevent logins under the anonymous user
ID by placing user 'anonymou' in the user ID table with a password unknown to the SAS
users.
connect to SPD Server. The user ID and password are verified against an SPD Server user
ID table set up by the system administrator. Password expiration can be enforced by the
system administrator via the psmgr administration tool for the user ID table or through the
SAS Management Console, if it is installed and configured for SPD Server. In either of the
two environments, the system administrator can prevent logins under the anonymous user
ID by placing user 'anonymou' in the user ID table with a password unknown to the SAS
users.
Control of LIBNAME Domains by the System Administrator with ACL
Security
Security
The system administrator defines the valid LIBNAME domains with entries in the libname
parameter file for each SPD Server. The PATHNAME= specification defines the file
system for the LIBNAME. LIBNAME= specifications provide the access route to the file
system. Restricting knowledge of the LIBNAME= specification information restricts
access to the corresponding file systems.
parameter file for each SPD Server. The PATHNAME= specification defines the file
system for the LIBNAME. LIBNAME= specifications provide the access route to the file
system. Restricting knowledge of the LIBNAME= specification information restricts
access to the corresponding file systems.
User Ownership of LIBNAME Domains
In the LIBNAME parameter file, the system administrator can attach the OWNER=
specification to any defined LIBNAME domain. Only the system user whose user ID
matches the OWNER= specification can create tables in this domain. (However, that user
can grant other users read or write access rights through ACLs that were issued from the
SAS LIBNAME statement.)
specification to any defined LIBNAME domain. Only the system user whose user ID
matches the OWNER= specification can create tables in this domain. (However, that user
can grant other users read or write access rights through ACLs that were issued from the
SAS LIBNAME statement.)
User Ownership of Tables
Each table created is tagged with the SPD user ID (referred to as the owner) who created
it. Only the owner or ACLSPECIAL users can access a table. (However, the owner can
grant access to other users through ACLs by adding a LIBNAME ACL with PROC SPDO.)
it. Only the owner or ACLSPECIAL users can access a table. (However, the owner can
grant access to other users through ACLs by adding a LIBNAME ACL with PROC SPDO.)
Enabling ACL Security
151