Depiction of a Metadata-Bound Library

The following figure depicts the metadata objects and physical security information that are generated when you bind a library to metadata. The "Before" section shows the initial state and the "After" section shows the security location information, bindings, and metadata objects that are generated.

Here are some key points about the "After" section of the preceding figure:

The physical data includes references to corresponding objects within a SAS metadata repository.
- For a physical library, the security information consists of a subdirectory and file. The corresponding metadata object is called a secured library object. In the figure, seclib is the secured library object that corresponds to the physical metadata-bound library called sensitive data.
  
  z/OS Specifics: On z/OS, the security information for a UNIX file system (UFS) library is stored as described in the preceding figure. However, the security information for a z/OS direct-access bound library is instead stored within the bound library data set itself. For this reason, z/OS sites that choose to use metadata-bound libraries might prefer the z/OS direct-access bound library implementation to the UFS library implementation. z/OS sequential-access bound libraries cannot be bound to metadata.
- For a physical table, the security information consists of information in the header. The corresponding metadata object is called a secured table object. In the figure, tableA and tableB are secured table objects that correspond to the physical metadata-bound tables tableA.sas7bdat and tableB.sas7bdat.
Each security binding causes all access from SAS to be subject to the requesting user’s effective metadata-layer permissions on the relevant corresponding metadata object.

Note: The figure assumes that the physical data is initially unprotected. If one or more of the physical tables already had a different password, the presence of that password would prevent that table from being affected by the bind action.