SAS Safety Scalable Performance Data Server 4.5 Manual Do Utilizador
PROC SPDO lib=clin;
set acluser;
add ACL /
LIBNAME groupread;
modify ACL /
LIBNAME drfgood=(y,y,,y);
quit;
set acluser;
add ACL /
LIBNAME groupread;
modify ACL /
LIBNAME drfgood=(y,y,,y);
quit;
The owner of the LIBNAME domain 'clinical' has granted permission to other members
of his or her ACL group to the LIBNAME domain to have READ access to the domain.
This permits these users to perform SAS LIBNAME assignments to the domain. Users not
belonging to the owner's ACL group will not even be permitted to make LIBNAME
assignments to the 'clinical' domain. The owner has also granted READ, WRITE and
CONTROL access to the explicit user 'drfgood'. This enables 'drfgood' to make LIBNAME
assignments and write new files to the 'clinical' domain, and to also alter the LIBNAME
ACL permissions if desired.
of his or her ACL group to the LIBNAME domain to have READ access to the domain.
This permits these users to perform SAS LIBNAME assignments to the domain. Users not
belonging to the owner's ACL group will not even be permitted to make LIBNAME
assignments to the 'clinical' domain. The owner has also granted READ, WRITE and
CONTROL access to the explicit user 'drfgood'. This enables 'drfgood' to make LIBNAME
assignments and write new files to the 'clinical' domain, and to also alter the LIBNAME
ACL permissions if desired.
Disabling ACL Security
Overview of Disabling ACL Security
You disable SPD Server security by using the -NOACL option with the spdsserv command.
When ACLs are disabled, there are almost no security restrictions in the SPD Server
environment. Anyone can access SPD Server, as long as they know the LIBNAMES that
are defined by the system administrator in the -libname file.
When ACLs are disabled, there are almost no security restrictions in the SPD Server
environment. Anyone can access SPD Server, as long as they know the LIBNAMES that
are defined by the system administrator in the -libname file.
UNIX File-Level Protection with ACL Security Disabled
In UNIX, each SPD Server session runs under a UNIX user ID. All files created by SPD
Server therefore are protected according to the UNIX file creation permissions of that
UNIX user ID. Use the UNIX 'umask' command to restrict the desired creation permissions.
File permissions are based on the permissions of the directory where the file was created.
Server therefore are protected according to the UNIX file creation permissions of that
UNIX user ID. Use the UNIX 'umask' command to restrict the desired creation permissions.
File permissions are based on the permissions of the directory where the file was created.
Control of LIBNAME Domains by the System Administrator without
ACL Security
ACL Security
The system administrator defines the valid LIBNAME domains with entries in the
LIBNAME parameter file for each SPD Server. PATHNAME= defines the file system for
the LIBNAME. LIBNAME= provides the access route to the file system. Restricting
knowledge of the LIBNAME= labels restricts access to the corresponding file system.
LIBNAME parameter file for each SPD Server. PATHNAME= defines the file system for
the LIBNAME. LIBNAME= provides the access route to the file system. Restricting
knowledge of the LIBNAME= labels restricts access to the corresponding file system.
Example Server Setup without ACL Security
The following command invokes SPD Server without ACL security enabled.
spdssrv -noacl -acldir
InstallDir/site -nameserver samson
-libnamefile libnames.parm
InstallDir/site -nameserver samson
-libnamefile libnames.parm
The libnames.parm file contains:
LIBNAME=open_access
pathname=/disk1/sas_tables;
LIBNAME=mgmt_access
pathname=/disk2/managers/data;
pathname=/disk1/sas_tables;
LIBNAME=mgmt_access
pathname=/disk2/managers/data;
Disabling ACL Security
153