 |
|
| Security Features |
Permissions Overview
SAS provides a metadata-based authorization layer that supplements protections from the host environment and other systems. Across authorization layers, protections are cumulative. In order to perform a task, a user must have sufficient access in all applicable layers.
You can use the metadata authorization layer to manage access to the following resources:
-
almost any metadata object (for example, reports, data definitions, information maps, jobs, stored processes, and server definitions)
-
OLAP data
-
relational data (depending on the method by which that data is accessed)
- CAUTION:
- Some clients (such as SAS Data Integration Studio and
SAS Enterprise Guide) enable power users to create and run SAS programs that
access data directly, bypassing metadata-layer controls.
It is important to manage physical layer access in addition to metadata-layer controls. For example, use host operating system protections to limit access to any sensitive SAS data sets. See Host Access to SAS Tables.
![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
- CAUTION:
- Not all permissions are enforced for all
items.
Enforcement of permissions other than ReadMetadata and WriteMetadata varies by item type and (for data) by the method with which a library is assigned.
See Also
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.