AUTHLIB Procedure

Example 15: Binding a Library with Existing Data Sets That Are AES-Encrypted with Different Encryption Keys

Features:
PROC AUTHLIB statement options:
CREATE statement options:
ENCRYPT=
ENCRYPTKEY=
PW=
REQUIRE_ENCRYPTION
SECUREDLIBRARY=
SECUREDFOLDER=
TABLES statement option:
ENCRYPTKEY=

Details

This example demonstrates how to change all data sets in the metadata-bound library that contain different encryption keys to have the required AES encryption and have the same encryption key. None of the data sets have passwords.

Program

proc authlib lib=abcde;
    create  seclib="ABCDEEmps"
        securedfolder="Department XYZZY"
        pw=secret 
        require_encryption=yes
        encrypt=aes 
        encryptkey=new ;
    tables employee / 
        encryptkey=abc;
    tables empinfo / 
        encryptkey=def;
    tables deptname ;
run;
quit;
 

Program Description

Library ABCDE has three data sets: Employee, EmpInfo, and DeptName. The Employee and EmpInfo data sets are already AES-encrypted with different keys. The DeptName data set is not encrypted.
proc authlib lib=abcde;
Using the CREATE statement, enter the name of the metadata folder and name the secured library object in the SAS Metadata Server.REQUIRE_ENCRYPTION=YES specifies that all data sets in the metadata-bound library are automatically AES-encrypted.
    create  seclib="ABCDEEmps"
        securedfolder="Department XYZZY"
        pw=secret 
        require_encryption=yes
        encrypt=aes 
        encryptkey=new ;
Using the TABLES statement, specify the encrypt key for each data set.TABLES statements are required for each data set.
    tables employee / 
        encryptkey=abc;
    tables empinfo / 
        encryptkey=def;
    tables deptname ;
run;
quit;
Results:The library ABCDE is bound. All data sets in the metadata-bound library ABCDE have been copied-in-place to be encrypted with the required key.
 

Log Examples

Library ABCDE Requiring AES Encryption When Each Data Set Has Different Encryption Key Values
554  proc authlib lib=abcde;
555  create seclib="ABCDEEmps"
556  securedfolder="Department XYZZY"
557  pw=XXXXXX
558  require_encryption=yes
559  encrypt=aes
560  encryptkey=XXX ;
561  tables employee /
562  encryptkey=XXX;
563  tables empinfo /
564  encryptkey=XXX;
565  tables deptname ;
566  run;

NOTE: Setting library to require encryption.
NOTE: Required encryption will use AES encryption with the recorded key.


NOTE: Successfully created a secured library object for the physical library ABCDE and recorded its location as:
           SecuredFolder:      /System/Secured Libraries/Department XYZZY
           SecuredLibrary:     ABCDEEmps
           SecuredLibraryGUID: 097E9A84-D6E8-488E-B779-1E2AB0670036
NOTE: Copying data set ABCDE.EMPLOYEE in place to do required encryption with the library's required encryption key and
      passwords.
NOTE: Renaming the data set ABCDE.EMPLOYEE to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPLOYEE.
NOTE: Metadata-bound library permissions are used for ABCDE.EMPLOYEE.DATA.
NOTE: Successfully added new secured table object "EMPLOYEE.DATA" to the secured library object at path "/System/Secured
      Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.EMPLOYEE.DATA.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPLOYEE has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.EMPLOYEE.DATA were successfully modified.
NOTE: Copying data set ABCDE.EMPINFO in place to do required encryption with the library's required encryption key and
      passwords.
NOTE: Renaming the data set ABCDE.EMPINFO to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPINFO.
NOTE: Metadata-bound library permissions are used for ABCDE.EMPINFO.DATA.
NOTE: Successfully added new secured table object "EMPINFO.DATA" to the secured library object at path "/System/Secured
      Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.EMPINFO.DATA.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPINFO has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.EMPINFO.DATA were successfully modified.
NOTE: Copying data set ABCDE.DEPTNAME in place to do required encryption with the library's required encryption key and
      passwords.
NOTE: Renaming the data set ABCDE.DEPTNAME to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.DEPTNAME.
NOTE: Metadata-bound library permissions are used for ABCDE.DEPTNAME.DATA.
NOTE: Successfully added new secured table object "DEPTNAME.DATA" to the secured library object at path "/System/Secured
      Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.DEPTNAME.DATA.
NOTE: There were 4 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.DEPTNAME has 4 observations and 2 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.DEPTNAME.DATA were successfully modified.
567  quit;