File Protection |
How the Level of Protection Differs from SAS Views |
The levels of protection for SAS views and stored programs differ slightly from other types of SAS files. Passwords affect the actual SAS view definition or view descriptor as well as the underlying data. Unless otherwise noted, the term "view" can refer to any type of SAS view. Also, the term "underlying data" refers to the data that is accessed by the SAS view:
In most DATA and PROC steps, the way you use password-protected views is consistent with the way you use other types of password-protected SAS files. For example, the following PROC PRINT prints a read-protected view:
proc print data=mylib.grade(read=green); run;
Note: You might experience unexpected results when you place protection on a SAS view if some type of protection has already been placed on the underlying data set.
PROC SQL Views |
Typically, when you create a PROC SQL view from a password-protected SAS data set, you specify the password in the FROM clause in the CREATE VIEW statement using a data set option. In this way, when you use the view later, you can access the underlying data without re-specifying the password. For example, the following statements create a PROC SQL view from a read-protected SAS data set, and drop a sensitive variable:
proc sql; create view mylib.emp as select * from mylib.employee(pw=orange drop=salary); quit;
Note: If you create a PROC SQL view from password-protected SAS data sets without specifying their passwords, when you try to use the view you are prompted for the passwords of the SAS data sets named in the FROM clause. If you are running SAS in batch or noninteractive mode, you receive an error message.
SAS/ACCESS Views |
SAS/ACCESS software enables you to edit view descriptors and, in some interfaces, the underlying data. To prevent someone from editing or reading (browsing) the view descriptor, assign alter protection to the view. To prevent someone from updating the underlying data, assign write protection to the view. For more information, see the SAS/ACCESS documentation for your DBMS.
DATA Step Views |
When you create a DATA step view using a password-protected SAS data set, specify the password in the view definition. In this way, when you use the view, you can access the underlying data without respecifying the password.
The following statements create a DATA step view using a password-protected SAS data set, and drop a sensitive variable:
data mylib.emp / view=mylib.emp; set mylib.employee(pw=orange drop=salary); run;
Note that you can use the SAS view without a password, but access to the underlying data requires a password. This is one way to protect a particular column of data. In the above example, proc print data=mylib.emp; will execute, but proc print data=mylib.employee; will fail without the password.
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.