AUTHLIB Procedure
- Syntax
- Overview
- Concepts
- Using
- Results
- Examples Binding a Physical Library That Contains Unprotected Data SetsBinding a Physical Library That Contains Password-Protected Data SetsBinding a Library When Existing Data Sets Are Protected with the Same PasswordsBinding a Library When Existing Data Sets Are Protected with Different PasswordsChanging Passwords on Data SetsChanging Metadata-Bound Library PasswordsUsing the REMOVE StatementUsing the REPORT StatementUsing the TABLES StatementBinding a Library When Existing Data Sets Are SAS Proprietary EncryptedBinding a Library When Existing Data Sets Are AES-EncryptedBinding a Library with an Optional Recorded Encryption Key When Existing AES-Encrypted Data Sets Have Different Encryption Keys Binding a Library with Required AES Encryption When Existing Data Sets Are Encrypted with the Same Encryption KeyChanging the Encryption Key on a Metadata-Bound Library That Requires AES EncryptionBinding a Library with Existing Data Sets That Are AES-Encrypted with Different Encryption KeysChanging a Metadata-Bound Library to Require AES Encryption When Existing Data Sets Are Encrypted with Different Encryption KeysUsing the REMOVE Statement on a Metadata-Bound Library with Required AES EncryptionResetting Credentials on Imported SecuredLibrary Objects
Example 12: Binding a Library with an Optional Recorded Encryption Key When Existing AES-Encrypted Data Sets Have Different Encryption Keys
| Features: |
|
Details
This example demonstrates how to bind a library with an optional recorded encryption
key. None of the data sets have passwords.
Since some SAS code existed that created and references the EmpInfo data set with
ENCRYPTKEY=DEF and since the recorded library key is not required, the specification
of the ENCRYPTKEY=DEF should be removed from the code. Any code that re-creates the
data must keep the ENCRYPT=AES option so that the optional recorded key is used when
the data set is re-created.
Program
proc authlib lib=abcde;
create securedlibrary="ABCDEEmps"
securedfolder="Department XYZZY"
pw=secret
encrypt=aes
encryptkey=optionalkey;
tables employee;
tables empinfo /
encryptkey=def/optionalkey
encrypt=aes;
tables deptname;
run;
quit;
Program Description
Library ABCDE has Employees, EmpInfo, and DeptName data
sets. In this library, the EmpInfo data
set is AES-encrypted and has the ENCRYPTKEY= value
def.proc authlib lib=abcde;
Using the CREATE statement, enter the name of the metadata
folder and name the secured library object in the SAS Metadata Server.The optional encrypt key is specified for the metadata-bound
library.
create securedlibrary="ABCDEEmps"
securedfolder="Department XYZZY"
pw=secret
encrypt=aes
encryptkey=optionalkey;
A TABLES statement is required for each data set.
tables employee;
tables empinfo /
encryptkey=def/optionalkey
encrypt=aes;
tables deptname;
run;
quit;Results:The ABCDE library
is bound and the optional encrypt key is stored. When the statements
are executed, the following happens to the three data sets. The Employee
data set is updated with the new metadata-bound library password but
is not encrypted. The DeptName data set is updated with the metadata-bound
library password but is not encrypted. The EmpInfo data set is copied
to re-encrypt with the optional recorded key and gets the new metadata-bound
library password. Note that it is necessary to supply both the current
and new optional key in the TABLES statement for EmpInfo in the following
program. Without the new key specification, the data set would remain
encrypted with the
def key.Log Examples
Changing an Encryption Key Value to the Recorded Encryption
Key
467 libname abcde "c:\lib1";
NOTE: Libref ABCDE was successfully assigned as follows:
Engine: V9
Physical Name: c:\lib1
468
469 proc authlib lib=abcde;
470 create securedlibrary="ABCDEEmps"
471 securedfolder="Department XYZZY"
472 pw=XXXXXX
473 encrypt=aes
474 encryptkey=XXXXXXXXXXX;
475 tables employee;
476 tables empinfo /
477 encryptkey=XXX/XXXXXXXXXXX
478 encrypt=aes;
479 tables deptname;
480 run;
NOTE: Successfully created a secured library object for the physical library ABCDE and recorded its location as:
SecuredFolder: /System/Secured Libraries/Department XYZZY
SecuredLibrary: ABCDEEmps
SecuredLibraryGUID: 8E683650-B306-4871-A92D-16D481EC6456
NOTE: Successfully added new secured table object "EMPLOYEE.DATA" to the secured library object at path "/System/Secured
Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.EMPLOYEE.DATA.
NOTE: The passwords on ABCDE.EMPLOYEE.DATA were successfully modified.
NOTE: Copying data set ABCDE.EMPINFO in place to encrypt with the new secured library passwords or encryption options.
NOTE: Renaming the data set ABCDE.EMPINFO to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPINFO.
NOTE: Metadata-bound library permissions are used for ABCDE.EMPINFO.DATA.
NOTE: Successfully added new secured table object "EMPINFO.DATA" to the secured library object at path "/System/Secured
Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.EMPINFO.DATA.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPINFO has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.EMPINFO.DATA were successfully modified.
NOTE: Successfully added new secured table object "DEPTNAME.DATA" to the secured library object at path "/System/Secured
Libraries/Department XYZZY/ABCDEEmps" for data set ABCDE.DEPTNAME.DATA.
NOTE: The passwords on ABCDE.DEPTNAME.DATA were successfully modified.
480 quit;
Copyright © SAS Institute Inc. All rights reserved.