SAS/IntrNet 9.2: Application Dispatcher |
The AUTHLIB data set enables you to permit or restrict access to SAS library entities. The default name for the AUTHLIB data set is SASHELP.AUTHLIB. It contains INCLUDE and EXCLUDE rules that declare which data is available and which data is unavailable to an Application Dispatcher program. The enforcement of these rules is not automatic. An Application Dispatcher program must call the AUTHLIB functions in order to participate in this access control scheme. It is the responsibility of the programmer to incorporate the AUTHLIB functions into a program.
The AUTHLIB data set has a specific structure:
Column Name | Type | Length | Description |
---|---|---|---|
Rule | character | 7 | The access rule for this record. Valid values are "INCLUDE" and "EXCLUDE". |
Libname | character | 8 | The library name of the entity to which this rule applies. |
Memname | character | 32 | The member name of the entity to which this rule applies. |
Memtype | character | 8 | The member type of the entity to which this rule applies. |
Objname | character | 32 | The catalog entry name of the entity to which this rule applies. |
Objtype | character | 8 | The catalog entry type of the entity to which this rule applies. |
Comment | character | 128 | An optional comment explaining this rule. |
And here is a sample AUTHLIB data set:
Rule | Libname | Memname | Memtype | Objname | Objtype | Comment |
---|---|---|---|---|---|---|
INCLUDE | SASHELP | * | DATA | * | * | |
INCLUDE | SASHELP | * | VIEW | * | * | |
INCLUDE | SASHELP | * | MDDB | * | * | |
INCLUDE | SAMPDAT | * | * | * | * | |
EXCLUDE | SAMPDAT | MYCAT | CATALOG | * | * |
To customize the access control for your Application Server, you can modify the SASHELP.AUTHLIB data set that is shipped with SAS/IntrNet software, or you can copy this data set to a new name and modify that copy. If you use a data set name other than SASHELP.AUTHLIB for your set of access rules, you must use the APPSRV_AUTHDS function to set the new name.
Here is how the AUTHLIB data set is interpreted. An entity is any SAS library, member, or catalog entry.
Here are a few additional guidelines:
Rule | Libname | Memname | Memtype | Objname | Objtype | Comment |
---|---|---|---|---|---|---|
EXCLUDE | * | * | CATALOG | * | SCL | Exclude all SCL entries. |
Rule | Libname | Memname | Memtype | Objname | Objtype | Comment |
---|---|---|---|---|---|---|
INCLUDE | * | * | * | * | * | Now all entities are included by default. |
Rule | Libname | Memname | Memtype | Objname | Objtype | Comment |
---|---|---|---|---|---|---|
EXCLUDE | * | * | * | * | * | Turn off all access to SAS library data. |
The following functions enable you to use the AUTHLIB data set in your Application Dispatcher programs.
It is a good idea to verify all changes you make to the AUTHLIB data set. Fortunately, the APPSRV_AUTHCLS function makes this task easy. By using this function, you can generate lists of included and excluded entities that you can review for correctness. The following program produces a verification report for the AUTHLIB data set.
/*generate the different authlib WHERE clauses and store them as macro variables*/ data _null_; length clause $ 32767; clause = appsrv_authcls('LIBRARY'); call symput('LIBCLS',clause); clause = appsrv_authcls('MEMBER'); call symput('MEMCLS',clause); clause = appsrv_authcls('CATALOGENTRY'); call symput('ENTRYCLS',clause); run; /*create a view of included libraries*/ proc sql; create view work.inclib as select * from sashelp.vslib where &libcls; quit; /*create a view of the excluded libraries*/ proc sql; create view work.exclib as select * from sashelp.vslib where not &libcls; quit; /*create a view of the included members*/ proc sql; create view work.incmem as select * from sashelp.vmember where &memcls; quit; /*create a view of the excluded members*/ proc sql; create view work.excmem as select * from sashelp.vmember where not &memcls; quit;
/*NOTE: THE CATALOG ENTRY VIEWS CAN TAKE A LONG TIME TO RUN YOU MAY WANT TO SUBSET BY ADDING SOMETHING TO THE WHERE CLAUSE TO SPEED IT UP SUCH AS and libname ne 'SASHELP' THIS WILL PREVENT YOU FROM OPENING EVERY CATALOG IN EVERY LIBRARY.*/ /*create a view of the included entries from selected catalogs*/ proc sql; create view work.incentry as select * from sashelp.vcatalg where &entrycls; quit; /*create a view of the excluded entries from selected catalogs*/ proc sql; create view work.excentry as select * from sashelp.vcatalg where not &entrycls; quit; /*Now print out the results of the SQL steps*/ proc print data=work.inclib; proc print data=work.exclib; proc print data=work.incmem; proc print data=work.excmem; proc print data=work.incentry; proc print data=work.excentry; run;
Copyright © 2007 by SAS Institute Inc., Cary, NC, USA. All rights reserved.