SAS Safety Scalable Performance Data Server 4.5 Manual Do Utilizador
"@SPDSSPEC" = "TRUE")
by sasspds;
by sasspds;
/* Create a view to worktable that allows users */
/* to access only rows where the column "usergrp" */
/* matches their group. The userID BOSS can access */
/* any group records where the column "userid" is */
/* "BOSS" */
/* to access only rows where the column "usergrp" */
/* matches their group. The userID BOSS can access */
/* any group records where the column "userid" is */
/* "BOSS" */
execute(create view workview as
select *
from worktable
where usergrp = "@SPDSGRP" and
("@SPDSUSR" = "BOSS" or userid != "BOSS"))
by sasspds;
disconnect from sasspds;
quit;
select *
from worktable
where usergrp = "@SPDSGRP" and
("@SPDSUSR" = "BOSS" or userid != "BOSS"))
by sasspds;
disconnect from sasspds;
quit;
ACL Security Examples
Overview of Security Examples
If LIBACLINHERIT=YES is added to a LIBNAME definition, the ACL precedence of
permission checks changes. In this case, the LIBNAME ACL is used to first give READ
or WRITE access to the domain, and then to inherit ACLs for resources that are owned by
the domain owner. When a user accesses resources in an owned domain by using
LIBACLINHERIT=YES, the following precedence of permissions checks on the ACL
resource:
permission checks changes. In this case, the LIBNAME ACL is used to first give READ
or WRITE access to the domain, and then to inherit ACLs for resources that are owned by
the domain owner. When a user accesses resources in an owned domain by using
LIBACLINHERIT=YES, the following precedence of permissions checks on the ACL
resource:
•
If user-specific permissions are defined on the object for the accessor, the accessor gets
these permissions.
these permissions.
•
If group-specific permissions are defined on the object for the accessor's group, the
accessor gets these permissions.
accessor gets these permissions.
•
If LIBNAME ACL permissions are defined for the accessor, the accessor gets these
permissions on the object.
permissions on the object.
•
If LIBNAME ACL permissions are defined for the accessor's group, the accessor gets
these permissions on the object.
these permissions on the object.
•
Otherwise, the accessor gets UNIVERSAL ACLs on the resource.
The following are examples using LIBACLINHERIT:
Below is a listing of the libnames.parm files that are used in the code examples, along with
a listing of users and groups in the password database.
a listing of users and groups in the password database.
libnames.parm:
----------------------------------
LIBNAME=d1
pathname=/IDX1/spdsmgr/d1
owner=admin ;
LIBNAME=d2
pathname=/IDX1/spdsmgr/d2
owner=prod1 ;
LIBNAME=colsec
----------------------------------
LIBNAME=d1
pathname=/IDX1/spdsmgr/d1
owner=admin ;
LIBNAME=d2
pathname=/IDX1/spdsmgr/d2
owner=prod1 ;
LIBNAME=colsec
ACL Security Examples
167