Recovers security information (in physical data) or secured library and table objects (in metadata).
Requirement: | The AUTHLIB REPAIR statement requires a connection to the target metadata server. For more requirements, see Requirements for Using the AUTHLIB Statements. |
Tip: | Each password and encryption key option must be coded on a separate line to ensure that they are properly blotted in the log. |
one of these actions must be specified.
clarifies whether the action is to apply to the physical security information in the file system, to the metadata objects in the SAS Metadata Server, or to both.
specifies a single password for a metadata-bound library.
assigns, changes, or removes an Alter password from the secured library object and from the data sets in the physical library.
assigns, changes, or removes a Read password from the secured library object and from the data sets in the physical library.
assigns, changes, or removes a Write password from the secured library object and from the data sets in the physical library.
specifies a key value for AES encryption.
Requirement | ENCRYPTKEY= data set option is required if the library or a data file has AES encryption and if the key is not recorded in the library metadata. |
Note | The encryption key value for all the data sets in a library can be stored in a metadata-bound library so that an authorized user does not have to supply the encryption key value every time a data set is opened. See Considerations for Data File Encryption. |
Tip | The ENCRYPTKEY= value is a passphrase that can be up to 64 characters long from which the actual AES encryption key is later derived, but it is referred to as the encryption key in most SAS documentation. |
See | ENCRYPTKEY= Data Set Option in SAS Data Set Options: Reference |
name of the physical library where the security information is stored.
If the LIBRARY= option is not specified, then the physical library from the PROC AUTHLIB statement is used.
Alias | LIB=, DDNAME=, DD= |
Restriction | The physical library specified cannot be a concatenated library, temporary library, or accessed through a SAS/SHARE server and must be processed by an engine that supports metadata-bound libraries. |
names the secured library object in the SAS Metadata Server.
Alias | SECLIB= |
Restriction | The total length of the secured library object pathname including the fully qualified secured folder path cannot exceed 256 characters. |
name of the metadata
folder within a /System/Secured Libraries
folder
tree where the secured library is repaired or re-created.
Alias | SECFLDR= |
Restriction | The total length of the secured library object pathname including the fully qualified secured folder path cannot exceed 256 characters. |
specifies whether the REPAIR statement action is applied at the library level or just to the tables. If TABLESONLY=NO, then the action is applied to the library and the tables. If TABLESONLY=YES, then the action is applied only to the tables. This is especially important for REPAIR because it gives the administrator a way to delete specific secured table objects without deleting the secured library and all secured tables.
Default | NO |
libname klmno "SAS-library-2"; proc authlib lib=klmno; create securedfolder="Department XYZZY" securedlibrary="KLMNOEmps" pw=password; run; quit; libname abcde "SAS-library" AUTHADMIN=yes AUTHPW=password; proc copy in=abcde out=klmno ;run;
88 proc copy in=abcde out=klmno ;run; NOTE: Copying ABCDE.EMPINFO to KLMNO.EMPINFO (memtype=DATA). NOTE: Data set ABCDE.EMPINFO.DATA has secured table object location information, but the secured library object location information that it contains: SecuredFolder: /System/Secured Libraries/Department XYZZY SecuredLibrary: ABCDEEmps SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E is different from the registered location for the library ABCDE: SecuredFolder: SecuredLibrary: SecuredLibraryGUID: The data set might have been copied to this directory with a host copy utility. NOTE: Permissions are obtained from the secured table and the secured library objects that are referenced in the header of the metadata-bound table. NOTE: Metadata-bound library permissions are used for KLMNO.EMPINFO.DATA. NOTE: Successfully added new secured table object "EMPINFO.DATA" to the secured library object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set KLMNO.EMPINFO.DATA. NOTE: There were 5 observations read from the data set ABCDE.EMPINFO. NOTE: The data set KLMNO.EMPINFO has 5 observations and 6 variables. NOTE: Copying ABCDE.EMPLOYEES to KLMNO.EMPLOYEES (memtype=DATA). NOTE: Data set ABCDE.EMPLOYEES.DATA has secured table object location information, but the secured library object location information that it contains: SecuredFolder: /System/Secured Libraries/Department XYZZY SecuredLibrary: ABCDEEmps SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E is different from the registered location for the library ABCDE: SecuredFolder: SecuredLibrary: SecuredLibraryGUID: The data set might have been copied to this directory with a host copy utility. NOTE: Permissions are obtained from the secured table and the secured library objects that are referenced in the header of the metadata-bound table. NOTE: Metadata-bound library permissions are used for KLMNO.EMPLOYEES.DATA. NOTE: Successfully added new secured table object "EMPLOYEES.DATA" to the secured library object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set KLMNO.EMPLOYEES.DATA.
NOTE: There were 5 observations read from the data set ABCDE.EMPLOYEES. NOTE: The data set KLMNO.EMPLOYEES has 5 observations and 6 variables. NOTE: Copying ABCDE.PRODUCT to KLMNO.PRODUCT (memtype=DATA). NOTE: Data set ABCDE.PRODUCT.DATA has secured table object location information, but the secured library object location information that it contains: SecuredFolder: /System/Secured Libraries/Department XYZZY SecuredLibrary: ABCDEEmps SecuredLibraryGUID: 38C24AF4-9CF5-458B-8389-52092307007E is different from the registered location for the library ABCDE: SecuredFolder: SecuredLibrary: SecuredLibraryGUID: The data set might have been copied to this directory with a host copy utility. NOTE: Permissions are obtained from the secured table and the secured library objects that are referenced in the header of the metadata-bound table. NOTE: Metadata-bound library permissions are used for KLMNO.PRODUCT.DATA. NOTE: Successfully added new secured table object "PRODUCT.DATA" to the secured library object at path "/System/Secured Libraries/Department XYZZY/KLMNOEmps" for data set KLMNO.PRODUCT.DATA. NOTE: There were 5 observations read from the data set ABCDE.PRODUCT. NOTE: The data set KLMNO.PRODUCT has 5 observations and 2 variables. NOTE: PROCEDURE COPY used (Total process time): real time 0.14 seconds cpu time 0.04 seconds