As with any other security-related decision, a decision
about whether to use metadata-bound libraries involves weighing the
benefits of enhanced protection against increased administrative effort
and complexity. This topic is intended to help you make a decision
that is appropriate for your resources, environment, and security
goals.
If all of the following
circumstances exist, it makes sense to consider using metadata-bound
libraries:
-
You have SAS data sets that require
a high level of security, with access distinctions at the user or
group level.
-
You are running (or planning to
run) a SAS Metadata Server in which your users are registered.
-
You have not already met your security
requirements through a combination of physical layer (operating system)
separation and customized configuration of your SAS servers.
The following prerequisite
knowledge is essential for successful use of metadata-bound libraries:
-
You have a basic understanding
of the SAS metadata environment, including its authorization system.
-
You know how to create folders
and set permissions in SAS Management Console.
-
You have read and understood at
least the first two chapters of this document.
The following additional
factors should be considered in a decision about whether to use metadata-bound
libraries:
-
If your metadata promotion strategy
does not maintain a separate set of physical data for each deployment
level (for example, development, test, and production), significant
additional administrative complexity is involved (compared to using
secured libraries against a single set of physical data).
-
Recovering from actions that inadvertently
disrupt coordination between the physical data and its corresponding
metadata objects can be complex.
-
Any batch processing against metadata-bound data requires that the
metadata server is available and that the requesting user can connect to it.
Note: In working with metadata-bound
libraries, it is also useful to know how to write and submit SAS code.