Advanced User Topics for the SAS/ACCESS Interface View Engine for IMS

Ensuring IMS Data Security

SAS preserves the data security that is provided by IMS and the operating system. The Database Administrator (DBA) has control over who has access to an IMS database. A user cannot use IMS facilities through the ACCESS procedure or the SAS/ACCESS interface view engine unless the PSB specified provides that user with the appropriate IMS authority. The PSB determines if a user can access an IMS database and, if so, the kind of access the user has to the database (Get, Insert, Replace, Delete, or All).

In addition to controlling access to a database, the PSB can also control access to specific segments and fields in the database. To control access to a specific database, the DBA can create several view descriptors that describe the same data in the database, and assign each view descriptor a different PSB. Each PSB should define a different type of access to the database. For example, one PSB would enable a user to insert data in the database and another PSB would enable a user only to read the data in that same database. This enables the DBA to provide each user with a PSB that defines the type of database access the DBA wants to let that user have. Each segment in a view descriptor must be specified in the PSB that is referenced in the view.

SAS Security

To secure data from accidental update or deletion, you can do the following on the SAS side of the interface:

Set up all SAS/ACCESS access descriptors yourself, dropping items that contain sensitive data so they cannot be referenced in view descriptors. Give users either read-only or no access to the SAS library where you store the access descriptors. Read-only access prevents users from editing access descriptors and enables them to see only the items selected for each view descriptor.
Set the IMSDLUPD= or IMSBPUPD= SAS system options to N to disable all updates from SAS for a particular region type.
Assign SAS passwords (READ, WRITE, ALTER, or PW) to a view descriptor, access descriptor, PROC SQL view, DATA step view, or data file.

Using passwords adds an extra measure of security if you use view descriptors that include sensitive or confidential data in a shared environment (that is, where SAS/SHARE software is in use). For more information about assigning passwords, see SAS Passwords for SAS/ACCESS Descriptors.

Top of Page