Permission
|
Abbreviation
|
Actions Affected
|
---|---|---|
Delete
|
D
|
Delete rows in a physical table. For example, in order to use SAS to delete data from
a metadata-bound table, you need the Delete permission on the corresponding secured table object. You also need the Select permission on that object.
|
Insert
|
I
|
Add rows to a physical table. For example, in order to use SAS to add data to a metadata-bound
table, you need the Insert permission on the corresponding secured table object.
|
Update
|
U
|
Update rows in a physical table. For example, in order to use SAS to update data in
a metadata-bound table, you need the Update permission on the corresponding secured
table object. You also need the Select permission on that object.
|
Select
|
S
|
Read rows within a physical table. For example, in order to use SAS to read data from
a metadata-bound table, you need the Select permission on the corresponding secured
table object.
|
Create Table
|
CT
|
Create a new physical table. For example, in order to use SAS to add a table to a
metadata-bound library, you need the Create Table permission on the corresponding secured library object.
Rename a physical table (if that action creates a new table, rather than overwriting
a preexisting table). For example, if you rename TableA to TableB in a metadata-bound
library that does not already contain a TableB, you need the Create Table permission
on the
corresponding secured library object. You also need the Alter Table permission on
TableA’s corresponding secured table object.
|
Drop Table
|
DT
|
Delete a physical table. For example, in order to use SAS to delete a metadata-bound
table, you need the Drop Table permission on the corresponding secured table object.1
|
Alter Table
|
AT
|
Replace a physical table. For example, in order to use SAS to replace a metadata-bound
table, you need the Alter Table permission on the corresponding secured table object.
Rename a physical table. For example, in order to use SAS to rename a metadata-bound
table, you need the Alter Table permission on the corresponding secured table object.
You also need the Create Table permission on the corresponding secured library object.
Perform other administrative updates on a physical table, such as modifying variable
names and labels. For example, in order to use SAS to change labels in a metadata-bound
table, you need the Alter Table permission on the corresponding secured table object.
|
1A user who has Write access in the host layer can delete physical tables using operating system commands, regardless of whether the user has a grant of DT in the metadata layer. Any table replacements are detected through audit log entries. See Auditing for Metadata-Bound Libraries. |
Task
|
Effective Grants
(on the secured table object)
|
---|---|
View data in a metadata-bound table
|
Select
|
Add rows to a metadata-bound table
|
Insert
|
Update rows in a metadata-bound table
|
Select, Update
|
Delete rows from a metadata-bound table
|
Select, Delete
|
Replace a metadata-bound table with a new version of data
|
Alter Table
|
Rename a metadata-bound table (for example, using PROC DATASETS with CHANGE)
|
Alter Table, Create
Table1
|
Modify variable names or labels in a metadata-bound table (for example, using PROC
DATASETS with MODIFY)
|
Alter Table
|
Copy a metadata-bound table out of a metadata-bound library (for example, using PROC
COPY)
|
Select
|
Move a metadata-bound table out of a metadata-bound library (for example, using PROC
COPY with MOVE)
|
Select, Drop Table
|
Delete a metadata-bound table from the file system (for example, using PROC DATASETS
with DELETE)
|
Drop Table
|
1The Create Table permission is required on any target secured table object that will be overwritten. If there is no such object, then the Create Table permission is required on the parent library. |
Task
|
Secured Data Folder
|
Secured Library Object
|
Secured Table Object
|
---|---|---|---|
Bind a library to metadata1
|
WriteMemberMetadata
|
-
|
-
|
Unbind a metadata-bound library
|
WriteMemberMetadata
|
WriteMetadata
|
-
|
Add tables to a metadata-bound library (for example, using the COPY procedure)
|
-
|
Create Table
|
Alter Table2
|
1If the metadata identity that is used to bind a physical library to metadata doesn’t have effective metadata-layer grants of the data permissions, explicit grants are added to the new secured library object when it is created. | |||
2Alter Table is required on any target table object that is overwritten. If there is no such table object, then Create Table is required on the parent library object. |