AUTHLIB Procedure

(Preproduction) REPAIR Statement

Recovers security information (in physical data) or secured library and table objects (in metadata).
Requirement: A connection to the target metadata server. For more requirements, see Requirements to Use PROC AUTHLIB Statements.
Note: The REPAIR statement is a preproduction feature. For more information, see Details.

Syntax

Required Arguments

ADD | UPDATE | DELETE
one of these actions must be specified.
LOCATION | METADATA
clarifies whether the action is to apply to the physical security information in the file system, to the metadata objects in the SAS Metadata Server, or to both.
PW=all-password
specifies a single password for a metadata-bound library.
ALTER=alter-password
assigns, changes, or removes an Alter password from the secured library object and from the data sets in the physical library.
READ=read-password
assigns, changes, or removes a Read password from the secured library object and from the data sets in the physical library.
WRITE=write-password
assigns, changes, or removes a Write password from the secured library object and from the data sets in the physical library.

Optional Arguments

LIBRARY=libref
name of the physical library where the security information is stored.
If the LIBRARY= option is not specified, the physical library from the PROC AUTHLIB statement is used.
Alias:LIB=, DDNAME=, DD=
Restriction:The physical library specified cannot be a concatenated library or temporary library and must be processed by an engine that supports metadata-bound libraries.
SECUREDLIBRARY='secured-library-name'
names the secured library object in the SAS Metadata Server.
Alias:SECLIB=
Restriction:The total length of the secured library object pathname including the fully qualified secured folder path cannot exceed 256 characters.
SECUREDFOLDER='secured-folder-path'
name of the metadata folder within a /System/Secured Libraries folder tree where the secured library will be repaired or re-created.
Alias:SECFLDR=
Restriction:The total length of the secured library object pathname including the fully qualified secured folder path cannot exceed 256 characters.
SECUREDLIBRARYGUID=secured-library-guid
external identity assigned to the secured library object and stored as part of the security information in the physical library.
Note: The secured library GUID can be found in the REPORT statement output. The GUID that is stored as an external ID in the metadata is not reported, but it matches when correctly configured.
TABLESONLY=YES | NO
specifies whether the REPAIR statement action is applied at the library level or just to the tables. If TABLESONLY=NO, the action is applied to the library and the tables. If TABLESONLY=YES, the action is applied only to the tables. This is especially important for REPAIR because it gives the administrator a way to delete specific secured table objects without deleting the secured library and all secured tables.
Default:NO

Details

CAUTION:
Repairing a metadata-bound library is an advanced task.
Make sure you have a current backup (of both metadata and physical data) before you use this statement.
The REPAIR statement is a preproduction feature, which means it is a preliminary release of software that has not completed full development and testing. Because it has not been fully tested, preproduction software should be used with care. After final testing is completed, preproduction software is likely to be offered in a future release as a production-quality component or product.
Use the REPAIR statement to restore metadata-bound library security information or metadata objects that are inadvertently deleted. The administrator can carefully use the REPAIR statement to make some repairs to inconsistencies reported by the REPORT statement. If there are a significant number of groupings in the REPORT listing, it might be more advisable to do the following:
  1. Create a new operating system directory and metadata-bound library, and then use SAS Management Console to set appropriate default library permissions for the new secured library object.
  2. Access the current library with the AUTHADMIN=YES, AUTHPW= or AUTHALTER=, AUTHWRITE=, and AUTHREAD= options in the LIBNAME statement.
  3. Use the SAS COPY procedure to copy the SAS data sets to the new library. Use CONSTRAINT=YES if any data sets have referential integrity constraints. Use SAS Management Console to set any permissions on the secured table objects that differ from those inherited from the secured library object. The following is an example of using the COPY procedure.
Metadata-bound library ABCDE also has data sets EMPLOYEES, EMPINFO, and PRODUCT. The REPORT statement has shown some inconsistencies between the physical library contents and the corresponding metadata objects. This is an example of a way to resolve these differences.
libname klmno "c:\lib2";

proc authlib lib=klmno;
 create securedfolder="Department XYZZY"    
        securedlibrary="KLMNOEmps"  
        pw=password;
run;    
quit;

libname abcde "c:\mylib" 
   AUTHADMIN=yes 
   AUTHPW=password;

proc copy in=abcde out=klmno ;run;
Using PROC COPY to Resolve Differences
88   proc copy in=abcde out=klmno ;run;

NOTE: Copying ABCDE.EMPINFO to KLMNO.EMPINFO (memtype=DATA).
NOTE: Data set ABCDE.EMPINFO.DATA has secured table object location information, but the
      secured library object location information that it contains:
           SecuredFolder:      /System/Secured Libraries/Department XYZZY
           SecuredLibrary:     ABCDEEmps
           SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E
      is different from the registered location for the library ABCDE:
           SecuredFolder:
           SecuredLibrary:
           SecuredLibraryGUID:
      The data set might have been copied to this directory with a host copy utility.
NOTE: Permissions are obtained from the secured table and the secured library objects that are
      referenced in the header of the metadata-bound table.
NOTE: Metadata-bound library permissions are used for KLMNO.EMPINFO.DATA.
NOTE: Successfully added new secured table object "EMPINFO.DATA" to the secured library object
      at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set
      KLMNO.EMPINFO.DATA.
NOTE: There were 5 observations read from the data set ABCDE.EMPINFO.
NOTE: The data set KLMNO.EMPINFO has 5 observations and 6 variables.
NOTE: Copying ABCDE.EMPLOYEES to KLMNO.EMPLOYEES (memtype=DATA).
NOTE: Data set ABCDE.EMPLOYEES.DATA has secured table object location information, but the
      secured library object location information that it contains:
           SecuredFolder:      /System/Secured Libraries/Department XYZZY
           SecuredLibrary:     ABCDEEmps
           SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E
      is different from the registered location for the library ABCDE:
           SecuredFolder:
           SecuredLibrary:
           SecuredLibraryGUID:
      The data set might have been copied to this directory with a host copy utility.
NOTE: Permissions are obtained from the secured table and the secured library objects that are
      referenced in the header of the metadata-bound table.
NOTE: Metadata-bound library permissions are used for KLMNO.EMPLOYEES.DATA.
NOTE: Successfully added new secured table object "EMPLOYEES.DATA" to the secured library
      object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set
      KLMNO.EMPLOYEES.DATA.
NOTE: There were 5 observations read from the data set ABCDE.EMPLOYEES.
NOTE: The data set KLMNO.EMPLOYEES has 5 observations and 6 variables.
NOTE: Copying ABCDE.PRODUCT to KLMNO.PRODUCT (memtype=DATA).
NOTE: Data set ABCDE.PRODUCT.DATA has secured table object location information, but the
      secured library object location information that it contains:
           SecuredFolder:      /System/Secured Libraries/Department XYZZY
           SecuredLibrary:     ABCDEEmps
           SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E
      is different from the registered location for the library ABCDE:
           SecuredFolder:
           SecuredLibrary:
           SecuredLibraryGUID:
      The data set might have been copied to this directory with a host copy utility.
NOTE: Permissions are obtained from the secured table and the secured library objects that are
      referenced in the header of the metadata-bound table.
NOTE: Metadata-bound library permissions are used for KLMNO.PRODUCT.DATA.
NOTE: Successfully added new secured table object "PRODUCT.DATA" to the secured library object
      at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set
      KLMNO.PRODUCT.DATA.
NOTE: There were 5 observations read from the data set ABCDE.PRODUCT.
NOTE: The data set KLMNO.PRODUCT has 5 observations and 2 variables.
NOTE: PROCEDURE COPY used (Total process time):
      real time           0.14 seconds
      cpu time            0.04 seconds
When using the REPAIR statement, one of the ADD, UPDATE, or DELETE actions must be specified. LOCATION, METADATA, or both are used to clarify if the action is to apply to the metadata security information in the file system, to the metadata objects in the SAS Metadata Server, or to both.
One or more TABLES statements can follow the REPAIR statement to perform the same action on the specified data sets. An implicit Tables _ALL_ is used if no TABLES statement follows the REPAIR statement.
Inconsistencies between the metadata security information stored in the operating system files and the secured library object in the SAS Metadata Server that need repair can prevent the assignment of a LIBNAME statement to the physical library. The administrator that owns the physical library and knows the metadata-bound library passwords can perform a library assignment and repair the data by adding the AUTHADMIN=YES option to the LIBNAME statement. Best practice is to use the AUTHADMIN=YES option when performing any REPAIR actions.
CAUTION:
If you lose the password (or passwords) for a metadata-bound library, you cannot unbind the library or change its passwords.
Be sure to keep track of passwords that you assign in the CREATE and MODIFY statements.