Assigning Libraries |
The metadata engine is a data access engine that enforces the data-level permissions of Read, Write, Create, and Delete that are set on table objects in the repository. It also enforces the Create and Delete permissions that are set on library objects. The metadata engine acts as a gatekeeper that determines which users can access which metadata-based libraries and tables. Note that this is a level of security implemented in SAS as a supplement to securing the data source. Do not rely on the metadata engine as the single security mechanism.
Note: The METAOUT= option specified in step 3 of the following task is important. For information about the LIBNAME statement for the metadata engine, see SAS Language Interfaces to Metadata.
To register a library that uses the metadata engine, perform the following steps:
Register the library in the SAS Metadata Repository.
Mark the library as pre-assigned.
Construct a LIBNAME statement that uses the same libref specified in the metadata and META as the engine:
LIBNAME ORGOLD LIBRARY='Orion Gold' REPNAME='Foundation' METAOUT=DATA;
Note: The METAOUT=DATA option permits read, create, update, and deleting tables. Another value is METAOUT=DATAREG. This choice permits read, update, and delete of tables registered in metadata as well as creating new tables; however, new tables cannot be read until they are registered in metadata.
Add the metadata LIBNAME statement to an autoexec file. During the configuration process, the SAS Deployment Wizard created a single file named appserver_autoexec_usermods.sas that controls all component servers of the SAS application server and files named autoexec_usermods.sas for each of the component servers of the application server:
appserver_autoexec_usermods.sas
Use this file if you want all the SAS application server components registered to the application server, such as an OLAP server, a workspace server, and so on, to access the library with the metadata engine in the same way.
autoexec_usermods.sas
Use this file to modify one of the SAS application server components, such as the workspace server, to use the metadata engine for accessing a library, but to leave the other server components unchanged. If this is your choice, then note that the autoexec_usermods.sas file is located within a sub-directory, such as C:\SAS\Config\Lev1\SASApp\WorkspaceServer\.
Restart the object spawner and any server processes whose autoexec files have been modified. For information about restarting the servers, see Starting, Stopping, and Pausing Servers the SAS Intelligence Platform: System Administration Guide.
Use SAS Management Console to grant read, write, create, and delete privileges to users or groups as appropriate for your site.
Note: Remember that for libraries using the metadata engine, an administrator must register tables after any create, update, or delete changes in metadata. You can register table metadata by using PROC METALIB or SAS Management Console.
Copyright © 2009 by SAS Institute Inc., Cary, NC, USA. All rights reserved.