The following figure depicts the metadata objects and
physical security information that are generated when you bind a library
to metadata. The "Before" section shows the initial state
and the "After" section shows the security location information,
bindings, and metadata objects that are generated.
Here are some key points
about the "After" section of the preceding figure:
-
The physical data includes references to corresponding objects within a SAS
metadata repository.
-
z/OS Specifics: On
z/OS, the security information for a UNIX file system (UFS) library
is stored as described in the preceding figure. However, the security
information for a z/OS direct-access bound library is instead stored
within the bound library data set itself. For this reason, z/OS sites
that choose to use metadata-bound libraries might prefer the z/OS
direct-access bound library implementation to the UFS library implementation.
z/OS sequential-access bound libraries cannot be bound to metadata.
-
For a physical table, the security information consists of information in the header.
The corresponding metadata object is called a
secured table object. In the figure,
tableA and
tableB are
secured table objects that correspond to the physical metadata-bound
tables
tableA.sas7bdat and
tableB.sas7bdat.
-
Each security binding causes all access from SAS to be subject to the requesting user’s
effective metadata-layer permissions on the relevant corresponding metadata object.
Note: The figure assumes that the
physical data is initially unprotected. If one or more of the physical
tables already had a different password, the presence of that password
would prevent that table from being affected by the bind action.