AUTHLIB Procedure
- Syntax
- Overview
- Concepts
- Results
- Examples Binding a Physical Library That Contains Unprotected Data SetsBinding a Physical Library That Contains Password-Protected Data SetsSecuring a Library When Existing Data Sets Are Protected with the Same PasswordsSecuring a Library When Existing Data Sets Are Protected with Different PasswordsChanging Passwords on Data Sets Changing Metadata-Bound Library PasswordsUsing the REMOVE StatementUsing the REPORT StatementUsing the TABLES Statement
(Preproduction) REPAIR Statement
Recovers security information (in physical data)
or secured library and table objects (in metadata).
| Requirement: | A connection to the target metadata server. For more requirements, see Requirements to Use PROC AUTHLIB Statements. |
| Note: | The REPAIR statement is a preproduction feature. For more information, see Details. |
Syntax
PROC AUTHLIB <option-1
<...option-n>>;
Required Arguments
- LOCATION | METADATA
-
clarifies whether the action is to apply to the physical security information in the file system, to the metadata objects in the SAS Metadata Server, or to both.
- ALTER=alter-password
-
assigns, changes, or removes an Alter password from the secured library object and from the data sets in the physical library.
Optional Arguments
- LIBRARY=libref
-
name of the physical library where the security information is stored.If the LIBRARY= option is not specified, the physical library from the PROC AUTHLIB statement is used.Alias:LIB=, DDNAME=, DD=Restriction:The physical library specified cannot be a concatenated library or temporary library and must be processed by an engine that supports metadata-bound libraries.
- SECUREDLIBRARY='secured-library-name'
-
names the secured library object in the SAS Metadata Server.Alias:SECLIB=Restriction:The total length of the secured library object pathname including the fully qualified secured folder path cannot exceed 256 characters.
- SECUREDFOLDER='secured-folder-path'
-
name of the metadata folder within a
/System/Secured Librariesfolder tree where the secured library will be repaired or re-created.Alias:SECFLDR=Restriction:The total length of the secured library object pathname including the fully qualified secured folder path cannot exceed 256 characters.
- SECUREDLIBRARYGUID=secured-library-guid
-
external identity assigned to the secured library object and stored as part of the security information in the physical library.
- TABLESONLY=YES | NO
-
specifies whether the REPAIR statement action is applied at the library level or just to the tables. If TABLESONLY=NO, the action is applied to the library and the tables. If TABLESONLY=YES, the action is applied only to the tables. This is especially important for REPAIR because it gives the administrator a way to delete specific secured table objects without deleting the secured library and all secured tables.Default:NO
Details
The REPAIR statement
is a preproduction feature, which means it is a preliminary release
of software that has not completed full development and testing. Because
it has not been fully tested, preproduction software should be used
with care. After final testing is completed, preproduction software
is likely to be offered in a future release as a production-quality
component or product.
Use the REPAIR statement
to restore metadata-bound library security information or metadata
objects that are inadvertently deleted. The administrator can carefully
use the REPAIR statement to make some repairs to inconsistencies reported
by the REPORT statement. If there are a significant number of groupings
in the REPORT listing, it might be more advisable to do the following:
-
Create a new operating system directory and metadata-bound library, and then use SAS Management Console to set appropriate default library permissions for the new secured library object.
-
Access the current library with the AUTHADMIN=YES, AUTHPW= or AUTHALTER=, AUTHWRITE=, and AUTHREAD= options in the LIBNAME statement.
-
Use the SAS COPY procedure to copy the SAS data sets to the new library. Use CONSTRAINT=YES if any data sets have referential integrity constraints. Use SAS Management Console to set any permissions on the secured table objects that differ from those inherited from the secured library object. The following is an example of using the COPY procedure.
Metadata-bound library
ABCDE also has data sets EMPLOYEES, EMPINFO, and PRODUCT. The REPORT
statement has shown some inconsistencies between the physical library
contents and the corresponding metadata objects. This is an example
of a way to resolve these differences.
libname klmno "c:\lib2"; proc authlib lib=klmno; create securedfolder="Department XYZZY" securedlibrary="KLMNOEmps" pw=password; run; quit; libname abcde "c:\mylib" AUTHADMIN=yes AUTHPW=password; proc copy in=abcde out=klmno ;run;
Using PROC COPY to Resolve Differences
88 proc copy in=abcde out=klmno ;run; NOTE: Copying ABCDE.EMPINFO to KLMNO.EMPINFO (memtype=DATA). NOTE: Data set ABCDE.EMPINFO.DATA has secured table object location information, but the secured library object location information that it contains: SecuredFolder: /System/Secured Libraries/Department XYZZY SecuredLibrary: ABCDEEmps SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E is different from the registered location for the library ABCDE: SecuredFolder: SecuredLibrary: SecuredLibraryGUID: The data set might have been copied to this directory with a host copy utility. NOTE: Permissions are obtained from the secured table and the secured library objects that are referenced in the header of the metadata-bound table. NOTE: Metadata-bound library permissions are used for KLMNO.EMPINFO.DATA. NOTE: Successfully added new secured table object "EMPINFO.DATA" to the secured library object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set KLMNO.EMPINFO.DATA. NOTE: There were 5 observations read from the data set ABCDE.EMPINFO. NOTE: The data set KLMNO.EMPINFO has 5 observations and 6 variables. NOTE: Copying ABCDE.EMPLOYEES to KLMNO.EMPLOYEES (memtype=DATA). NOTE: Data set ABCDE.EMPLOYEES.DATA has secured table object location information, but the secured library object location information that it contains: SecuredFolder: /System/Secured Libraries/Department XYZZY SecuredLibrary: ABCDEEmps SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E is different from the registered location for the library ABCDE: SecuredFolder: SecuredLibrary: SecuredLibraryGUID: The data set might have been copied to this directory with a host copy utility. NOTE: Permissions are obtained from the secured table and the secured library objects that are referenced in the header of the metadata-bound table. NOTE: Metadata-bound library permissions are used for KLMNO.EMPLOYEES.DATA. NOTE: Successfully added new secured table object "EMPLOYEES.DATA" to the secured library object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set KLMNO.EMPLOYEES.DATA.
NOTE: There were 5 observations read from the data set ABCDE.EMPLOYEES. NOTE: The data set KLMNO.EMPLOYEES has 5 observations and 6 variables. NOTE: Copying ABCDE.PRODUCT to KLMNO.PRODUCT (memtype=DATA). NOTE: Data set ABCDE.PRODUCT.DATA has secured table object location information, but the secured library object location information that it contains: SecuredFolder: /System/Secured Libraries/Department XYZZY SecuredLibrary: ABCDEEmps SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E is different from the registered location for the library ABCDE: SecuredFolder: SecuredLibrary: SecuredLibraryGUID: The data set might have been copied to this directory with a host copy utility. NOTE: Permissions are obtained from the secured table and the secured library objects that are referenced in the header of the metadata-bound table. NOTE: Metadata-bound library permissions are used for KLMNO.PRODUCT.DATA. NOTE: Successfully added new secured table object "PRODUCT.DATA" to the secured library object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set KLMNO.PRODUCT.DATA. NOTE: There were 5 observations read from the data set ABCDE.PRODUCT. NOTE: The data set KLMNO.PRODUCT has 5 observations and 2 variables. NOTE: PROCEDURE COPY used (Total process time): real time 0.14 seconds cpu time 0.04 seconds
When using the REPAIR
statement, one of the ADD, UPDATE, or DELETE actions must be specified.
LOCATION, METADATA, or both are used to clarify if the action is to
apply to the metadata security information in the file system, to
the metadata objects in the SAS Metadata Server, or to both.
One or more TABLES statements
can follow the REPAIR statement to perform the same action on the
specified data sets. An implicit Tables _ALL_ is used if no TABLES
statement follows the REPAIR statement.
Inconsistencies between
the metadata security information stored in the operating system files
and the secured library object in the SAS Metadata Server that need
repair can prevent the assignment of a LIBNAME statement to the physical
library. The administrator that owns the physical library and knows
the metadata-bound library passwords can perform a library assignment
and repair the data by adding the AUTHADMIN=YES option to the LIBNAME
statement. Best practice is to use the AUTHADMIN=YES option when performing
any REPAIR actions.