The SAS Metadata Server uses an authorization facility
to control access to metadata repositories and to specific metadata
in the metadata repositories. Authorization processes are insulated
from metadata-related processes in the SAS Metadata Server. The authorization
facility provides an interface for querying authorization metadata
that is on the metadata server, and returns authorization decisions
based on rules that are stored in the metadata.
The SAS Metadata Server uses the authorization facility to make queries
about ReadMetadata and WriteMetadata permissions on metadata and enforces
the decisions that are returned by the authorization facility. It
is not necessary for SAS Open Metadata Interface clients to enforce
authorization decisions regarding the ReadMetadata and WriteMetadata
permissions.
SAS Open Metadata Interface clients can use the authorization
facility to request authorization decisions on other types of access
(for example, to request authorization decisions on data that is represented
by SAS metadata). For example, other SAS IOM servers define and enforce
Read, Write, Create, and Delete permissions on data that is represented
by metadata. Applications that use the authorization facility to request
authorization decisions on application-defined actions and objects
must enforce the authorization decisions themselves.