Unbinding a Metadata-Bound Library

About Unbinding a Library

The REMOVE statement of the AUTHLIB procedure deletes both physical and metadata content as follows:
  • The REMOVE statement deletes physical security information from the library directory and table headers.
  • The REMOVE statement deletes corresponding secured library and secured table objects from the SAS metadata.
Tip
Before you use the REMOVE statement, consider running the REPORT statement. The output from the REPORT statement identifies any physical tables that do not have corresponding secured table objects in metadata. In the unusual circumstance in which such physical tables exist, their security location information is unaffected by the REMOVE statement, unless you specify AUTHADMIN=YES on the LIBNAME statement. You should use the AUTHADMIN=YES option on the LIBNAME statement in this circumstance.

Who Uses the REMOVE Statement?

Administrators use the REMOVE statement of the AUTHLIB procedure to remove protection from a metadata-bound library.
In order to use the REMOVE statement, you must meet the following criteria:
  • Your SAS session runs under an account that has host-layer control of the target physical library. To ensure that only users who have host control can unbind a physical library from metadata, your SAS session must run under a privileged host account as follows:
    • On UNIX, the account must be the owner of the directory.
    • On Windows, the account must have Full Control of the directory.
    • On z/OS, for UNIX file system libraries, the account must be the owner of the directory.
    • On z/OS, for direct-access bound libraries, the account must have RACF ALTER access authority to the library data set.
  • Your SAS session connects to the metadata server as an identity that has Read and Write access (the ReadMetadata, WriteMetadata, and WriteMemberMetadata permissions) to the target secured data folder, secured library object, and secured table objects.
  • You know the password (or passwords) for the current metadata-bound library. You must supply the password in the REMOVE statement.

Example

In this example, you use the REMOVE statement to remove the metadata binding from an existing physical library.
libname secdemo 'path';

proc authlib library=secdemo;
   remove pw=secret/;
run;    
Here are some important points about the preceding code:
  • A forward slash (/) is entered at the end of the password. For a password change, the slash separates the current and new passwords. For password removal, the slash indicates the end of the current password that is being removed and is not being replaced with another password).
  • The SECUREDFOLDER and SECUREDLIBRARY parameters are not specified. It is not necessary to use these parameters, because the physical directory of the specified library (secdemo) contains information that references a particular secured folder and secured library object.
  • The preceding code deletes the corresponding secured library object and secured table objects from the metadata.
    Tip
    If those objects are still visible in SAS Management Console, right-click the Secured Libraries folder and select Refresh from the popup menu.
  • Connection information for the metadata server is not explicitly supplied. This example assumes that your SAS session already knows how to connect to the target metadata server.
Note: The REMOVE statement unbinds only those physical tables that are located within the specified library (directory). If a table is host-copied from a metadata-bound library to another location, that table’s security location information will be unaffected by subsequent REMOVE statements against the metadata-bound library. In order to reestablish access to the table, corrective action against the table is necessary.