About Information Views

Overview
Visibility Rules
User Privileges
Administrators and System Users
Data Services
DSN
Catalogs and Schemas
Object Privileges
Data Cache
Container and Object Privileges

Overview

Information views are a summary of configuration and security activities for SAS Federation Server that are stored as metadata in the system catalog (SYSCAT) . You can query any view using regular SELECT statements, for example, if you need to know something about data structure or privileges for a specific object. However, you must have privileges to view the data. The visibility rules that apply are outlined below.

Visibility Rules

User Privileges

Data visible in the information views is based on the user object and the privileges associated with the object. Therefore, user privileges determine what records are visible to the user. All users can query views but an empty result set is returned if the user does not have privileges to a specific view. Use the ADMIN DSN to connect to the information views.
A majority of the information views return system-level data that is relevant only to administrators or to technical support staff working with customers. There are information views that return privilege information, since users should be able to see what privileges they are granted on objects for which they have at least a single privilege.

Administrators and System Users

System users and server administrators can view all data in all information views. The following related views are restricted to system users and administrators only:
Administrators and System Users
Views
Visibility
AUTHORIZATION_IDENTIFIERS
OBJECTS
COLUMNS
System user and SAS Federation Server administrators only

Data Services

The following table lists the visibility rules that are associated with information views that are related to data services:
Data Services
Views
Visibility
DATA_SERVICES
CONFIG_DATA_SERVICES
 A data service is visible to a user if:
  • the user has CONNECT, ADMINISTER, or CREATE DSN privileges on the data service, or
  • the user has CONNECT privilege on any data service DSN.

DSN

The following table lists the visibility rules that are associated with information views for data sources names:
DSN
Views
Visibility
DATA SOURCE NAMES
DSN_CONTENT
DSN_LINEAGE
CONFIG_DSNS
A data source name (DSN) is visible to a user if:
  • the user is the owner of the DSN, or
  • has CONNECT privilege on the DSN.

Catalogs and Schemas

SAS Federation Server needs to display catalogs and schemas for the BASE service without connecting to the data service first. This is different from other data services because SAS Federation Server Manager can connect to a data service and query it for an associated list of catalogs and schemas. Non-administrator users must be able to see BASE objects. One example is if the user has CREATE CACHE privilege and needs to be able to cache views from the user interface. Creating views from SAS Federation Server Manager is another example. Results from the catalogs and schemas information views will be filtered depending on the user’s privileges.
Catalogs and Schemas
Views
Visibility
CATALOGS
CONFIG_CATALOGS
SCHEMAS
CONFIG_SCHEMAS
A catalog is visible to a user if:
  • the data service is visible.
A schema is visible to a user if:
  • the data service is visible.

Object Privileges

The following table lists the visibility rules that are associated with information views for object privileges:
Object Privileges
Views
Visibility
DSN_PRIVILEGES
DS_PRIVILEGES
CATALOG_PRIVILEGES
SCHEMA_PRIVILEGES
OBJECT_PRIVILEGES
COLUMN_PRIVILEGES
Privilege rows are visible to a user if:
  • the user is the grantor of the privilege, or
  • the user is the grantee of the privilege, or
  • one of the user’s groups is the grantee of the privilege (including the SASUSERS or PUBLIC group)
AND
  • the user has at least one privilege on the object in the view (DSN/data service/catalog/schema/object/column)

Data Cache

Data cache metadata is distributed between the CACHES, MESSAGES and CONFIG_OBJECTS information views. Users with CREATE CACHE or ALTER CACHE privilege will need to see data from these information views.
Data Cache
Views
Visibility
CACHES
MESSAGES
CONFIG_OBJECTS
Data items are visible to a user if:
  • the item is a data cache item, and
  • the user has CREATE CACHE or ALTER CACHE privilege on the item

Container and Object Privileges

Privileges in the container and object categories pertain to server, data services, catalogs, schemas, objects, and columns.
Container and Object Privileges
Views
Visibility
DSN_PRIVILEGES and EFFECTIVE_DSN_PRIVILEGES
PRIVILEGES and EFFECTIVE_PRIVILEGES
X_COLUMN_PRIVILEGES/ X_EFFECTIVE_COLUMN_PRIVILEGES
Privileges for these items are visible to a user if:
  • the user is the grantee of the privilege.
  • one of the user’s groups is the grantee of the privilege, including the SASUSERS group.
  • the privilege is granted in the PUBLIC group.
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: March 6, 2018