AUTHLIB Procedure
- Syntax
- Overview
- Concepts
- Using
- Results
- Examples Binding a Physical Library That Contains Unprotected Data SetsBinding a Physical Library That Contains Password-Protected Data SetsBinding a Library When Existing Data Sets Are Protected with the Same PasswordsBinding a Library When Existing Data Sets Are Protected with Different PasswordsChanging Passwords on Data SetsChanging Metadata-Bound Library PasswordsUsing the REMOVE StatementUsing the REPORT StatementUsing the TABLES StatementBinding a Library When Existing Data Sets Are SAS Proprietary EncryptedBinding a Library When Existing Data Sets Are AES-EncryptedBinding a Library with an Optional Recorded Encryption Key When Existing AES-Encrypted Data Sets Have Different Encryption Keys Binding a Library with Required AES Encryption When Existing Data Sets Are Encrypted with the Same Encryption KeyChanging the Encryption Key on a Metadata-Bound Library That Requires AES EncryptionBinding a Library with Existing Data Sets That Are AES-Encrypted with Different Encryption KeysChanging a Metadata-Bound Library to Require AES Encryption When Existing Data Sets Are Encrypted with Different Encryption KeysUsing the REMOVE Statement on a Metadata-Bound Library with Required AES EncryptionResetting Credentials on Imported SecuredLibrary Objects
Example 15: Binding a Library with Existing Data Sets That Are AES-Encrypted with Different Encryption Keys
| Features: |
|
Program
proc authlib lib=abcde;
create seclib="ABCDEEmps"
securedfolder="Department XYZZY"
pw=secret
require_encryption=yes
encrypt=aes
encryptkey=new ;
tables employee /
encryptkey=abc;
tables empinfo /
encryptkey=def;
tables deptname ;
run;
quit;
Program Description
Library ABCDE has three data sets: Employee, EmpInfo,
and DeptName. The Employee and EmpInfo
data sets are already AES-encrypted with different keys. The DeptName
data set is not encrypted.
proc authlib lib=abcde;
Using the CREATE statement, enter the name of the metadata
folder and name the secured library object in the SAS Metadata Server.REQUIRE_ENCRYPTION=YES specifies that all data sets
in the metadata-bound library are automatically AES-encrypted.
create seclib="ABCDEEmps"
securedfolder="Department XYZZY"
pw=secret
require_encryption=yes
encrypt=aes
encryptkey=new ;Using the TABLES statement, specify the encrypt key for
each data set.TABLES statements are
required for each data set.
tables employee /
encryptkey=abc;
tables empinfo /
encryptkey=def;
tables deptname ;
run;
quit;Results:The library ABCDE
is bound. All data sets in the metadata-bound library ABCDE have been
copied-in-place to be encrypted with the required key.
Log Examples
Library ABCDE Requiring AES Encryption When Each Data Set Has
Different Encryption Key Values
554 proc authlib lib=abcde;
555 create seclib="ABCDEEmps"
556 securedfolder="Department XYZZY"
557 pw=XXXXXX
558 require_encryption=yes
559 encrypt=aes
560 encryptkey=XXX ;
561 tables employee /
562 encryptkey=XXX;
563 tables empinfo /
564 encryptkey=XXX;
565 tables deptname ;
566 run;
NOTE: Setting library to require encryption.
NOTE: Required encryption will use AES encryption with the recorded key.
NOTE: Successfully created a secured library object for the physical library ABCDE and recorded its location as:
SecuredFolder: /System/Secured Libraries/Department XYZZY
SecuredLibrary: ABCDEEmps
SecuredLibraryGUID: 097E9A84-D6E8-488E-B779-1E2AB0670036
NOTE: Copying data set ABCDE.EMPLOYEE in place to do required encryption with the library's required encryption key and
passwords.
NOTE: Renaming the data set ABCDE.EMPLOYEE to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPLOYEE.
NOTE: Metadata-bound library permissions are used for ABCDE.EMPLOYEE.DATA.
NOTE: Successfully added new secured table object "EMPLOYEE.DATA" to the secured library object at path "/System/Secured
Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.EMPLOYEE.DATA.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPLOYEE has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.EMPLOYEE.DATA were successfully modified.
NOTE: Copying data set ABCDE.EMPINFO in place to do required encryption with the library's required encryption key and
passwords.
NOTE: Renaming the data set ABCDE.EMPINFO to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPINFO.
NOTE: Metadata-bound library permissions are used for ABCDE.EMPINFO.DATA.
NOTE: Successfully added new secured table object "EMPINFO.DATA" to the secured library object at path "/System/Secured
Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.EMPINFO.DATA.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPINFO has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.EMPINFO.DATA were successfully modified.
NOTE: Copying data set ABCDE.DEPTNAME in place to do required encryption with the library's required encryption key and
passwords.
NOTE: Renaming the data set ABCDE.DEPTNAME to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.DEPTNAME.
NOTE: Metadata-bound library permissions are used for ABCDE.DEPTNAME.DATA.
NOTE: Successfully added new secured table object "DEPTNAME.DATA" to the secured library object at path "/System/Secured
Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.DEPTNAME.DATA.
NOTE: There were 4 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.DEPTNAME has 4 observations and 2 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.DEPTNAME.DATA were successfully modified.
567 quit;
Copyright © SAS Institute Inc. All rights reserved.