System Options under z/OS |
Default: | NOFILEAUTHDEFER |
Valid in: | configuration file, SAS invocation, OPTIONS statement, OPTIONS window |
Category: | File Control: EXTFILES, File Control SASFILES |
PROC OPTIONS GROUP= | EXTFILES and SASFILES |
z/OS specifics: | all |
Syntax | |
Details |
Syntax |
FILEAUTHDEFER | NOFILEAUTHDEFER |
specifies that SAS will not attempt to perform file authorization checking for z/OS data sets before invoking z/OS system services such as OPEN. FILEAUTHDEFER enables the site's authorization system to record failed access attempts in its audit log.
specifies that SAS will not attempt to open a z/OS data set without first verifying that the user is authorized to access the file in the manner requested. NOFILEAUTHDEFER prevents security system messages (such as ICH408I) and S913 abends from being issued.
Details |
If the user ID under which the session or server is running is not authorized to access a z/OS data set in the manner requested (either read or update), SAS, by default, produces an explanatory message in the SAS log. SAS does not attempt to open the data set if the user ID does not have the proper authorization. However, the auditing requirements for some installations cause unauthorized access attempts to be sent to the log for that site's authorization facility. An attempt to open the data set must actually occur before a message is sent to the log of the authorization facility. Specify FILEAUTHDEFER for unauthorized access attempts to be logged with the authorization facility at your site.
The FILEAUTHDEFER option controls the checking of file authorization for external files and SAS libraries. However, it only applies to files or libraries that reside in z/OS data sets. FILEAUTHDEFER does not apply to the processing of UFS files.
FILEAUTHDEFER does not control the authorization checking for z/OS data sets that a SAS server accesses on behalf of a client. Such third-party authorization checking is performed regardless of the FILEAUTHDEFER setting, and access failures are intercepted by SAS rather than resulting in abends or system errors. Nonetheless, FILEAUTHDEFER governs attempts by a SAS server to access a data set in a manner not authorized for the ID under which the server is running. However, the unauthorized access is logged as having been attempted by the server ID, not the client ID.
Copyright © 2009 by SAS Institute Inc., Cary, NC, USA. All rights reserved.