SAS Language Reference for Metadata-Bound Libraries

About This Topic

Administrators who use the SAS code method to set up and maintain metadata-bound libraries need to know the SAS language reference information for metadata-bound libraries.
Note: For data consumers, interaction with metadata-bound libraries is mostly transparent: each access request succeeds or fails based on the requesting user’s permissions. However, a connection to the metadata server is required in order to access metadata-bound data, so users who make direct requests (for example, through a LIBNAME statement) do have to facilitate that connection.

Metadata Server Connection Options

An administrator connects from a SAS session to a target metadata server in order to set up or maintain metadata-bound data using SAS code.
Metadata server connection information can be provided in the following ways:
  • Specify options in a configuration file. For example, you might add the following lines to a configuration file:
    -METAPORT  8561
    -METAREPOSITORY "foundation"
    -METASERVER "a123.us.company.com"
    -METAUSER  "myuserid"
    -METAPASS  "Pwd1"
  • Specify options in an OPTIONS statement. For example, you might add the following OPTIONS statement to your SAS program or autoexec.sas file:
    options
         metaport=8561
         metarepository="foundation"
         metaserver="a123.us.company.com"
         metauser="myuserid"
         metapass="Pwd1";
  • Reference a stored connection profile (using the METACONNECT= and METAPROFILE options).
  • Provide connection information interactively. If sufficient information is not otherwise available, you can be prompted for connection information.
Tip
If a port is not specified, the default metadata server port (8561) is used. If a repository is not specified, the foundation repository is used. If Integrated Windows authentication (IWA) is configured, you don’t have to supply a user ID or password.
For additional information, see Connection Options in SAS Language Interfaces to Metadata.

LIBNAME Statement Options

AUTHADMIN

An administrator specifies the AUTHADMIN=YES option in a LIBNAME statement in order to access a metadata-bound library for which corresponding metadata is corrupted, misconfigured, or missing. If the administrator specifies AUTHADMIN=YES in a LIBNAME statement, the administrator must somehow supply the metadata-bound library password (or passwords) in order to access the files. In this specialized context, metadata-layer permissions are not used to determine access.
Note: Since some access requests do not have a way to specify passwords, the administrator can use the AUTHPW option (or related options) in the LIBNAME statement to provide the metadata-bound library password (or passwords). See AUTHPW (and Related Options).
Note: The AUTHADMIN=YES option is accepted only if the account under which your SAS session runs has host-layer control of the target physical library. This ensures that only users who have host control for a particular directory can use this option against that directory. The host-specific details for this requirement are the same as for the AUTHLIB procedure statements (except the REPORT statement). See Requirements.
We recommend that you use AUTHADMIN=YES when you are repairing any inconsistencies between physical data and its corresponding secured library and secured table objects in metadata. We do not recommend that you use AUTHADMIN=YES in other circumstances. The purpose of this option is to enable an administrator to establish a libref for a library that is in need of repair.
We also recommend that you reassign the library (without AUTHADMIN=YES) after the repairs are made.
Note: In the current release, the REPAIR DELETE LOCATION statement is a production feature. Other actions in the REPAIR statement are preproduction features.
For additional information, see LIBNAME Statement in SAS Statements: Reference.

AUTHPW (and Related Options)

An administrator can choose to specify AUTHPW=password-value in a LIBNAME statement as an alternate method for making the metadata-bound library password available to later requests.
A password that is supplied by the AUTHPW option is used only if both of the following circumstances exist:
  • AUTHADMIN=YES is specified in the LIBNAME statement.
    Note: Use of AUTHADMIN=YES does not necessitate use of AUTHPW. You are not required to specify metadata-bound library passwords in a LIBNAME statement. However, you should not specify metadata-bound library passwords in a LIBNAME statement that doesn’t also specify AUTHADMIN=YES.
  • The correct password for the target metadata-bound library is not otherwise available (either no password is supplied or the supplied password is invalid).
In such requests, the value from the AUTHPW option is validated against the password within the physical table. An error is returned if the passwords do not match.
Requests to access metadata-bound tables within a library that was assigned with AUTHADMIN=YES must meet at least one of the following criteria:
  • The request comes from the AUTHLIB procedure, which has a supplied password.
  • The request explicitly supplies the password.
  • The library was also assigned with the AUTHPW option, which supplies the password.
  • The request is interactive and the user can supply the password when prompted.
Note: For conciseness, the preceding discussion assumes that there is only one password for the target metadata-bound library. For a metadata-bound library that has two or three distinct passwords, you must specify each password (using the AUTHREAD, AUTHWRITE, and AUTHALTER options as appropriate) instead of using the AUTHPW option on its own.
For additional information, see LIBNAME Statement in SAS Statements: Reference.

AUTHLIB Procedure

An administrator can use the AUTHLIB procedure to set up and maintain metadata-bound libraries. The AUTHLIB procedure is documented in the Base SAS Procedures Guide. As a convenience for the reader, documentation for the AUTHLIB procedure is also reproduced in this document. (See Appendix 2.)