The limitations
of metadata-bound libraries are as follows:
-
Only
Base SAS data—SAS tables (data sets) and SAS views—can be bound to metadata. In the current
release, you can create metadata-bound libraries for only data that is processed by
the BASE engine.
-
Concatenated libraries or temporary
libraries cannot be bound to metadata. However, metadata-bound libraries
can participate in a library concatenation.
-
Binding data to metadata does not
prevent the use of operating system commands against files and directories.
For example, a user who has Write access to an operating system directory
(in order to create physical tables) can use host commands to delete
and replace files within that directory. Such commands operate independently
of any metadata binding. However, replacement of files through operating
system commands is detected and audited.
See Auditing for Metadata-Bound Libraries.
-
In the current release, metadata-bound
libraries don’t support column-level permissions. However,
you can create views that subset data by columns or rows, and then
set permissions to specify who can access each view. Dynamic row-level
filtering based on each requesting user’s authenticated user
ID is supported.
See Providing Fine-Grained Access Using Views.
-
Advanced tasks (repairing a
metadata-bound library or performing actions on only certain tables within a metadata-bound library) are
not supported in SAS Management Console. You can use SAS code to perform these tasks.
-
Clients that use metadata to locate data can’t use secured library objects or secured
table objects for that purpose. To support access from such clients, each metadata-bound
library must also be registered in metadata as a traditional library object.
Note: The metadata objects that
serve as bind targets for physical data are distinct from and independent
of the metadata objects that are used to register physical data. For
example, a physical library can be bound to a secured library object
without also being registered as a traditional library object. Similarly,
tables that are within a metadata-bound library (and bound to corresponding
secured table objects) might or might not also be registered as traditional
table objects. There are no associations in metadata between secured
library objects and traditional library objects.
See Object Creation, Location, and Inheritance.
Note: In the SAS metadata, a secured library object is functional
only if it exists within the /System/Secured Libraries branch
of a repository. You can’t bind physical libraries to secured
library objects that are in other metadata locations. You can create
subfolders within a /System/Secured Libraries branch.
In the SAS metadata, a secured table object can exist only within
a secured library object.
The following additional
limitations affect the availability of metadata-bound data:
-
Access to metadata-bound tables
is not supported in any release prior to the second maintenance release
of SAS 9.3.
z/OS Specifics: For
a z/OS direct-access bound library that is bound to metadata, this
constraint is slightly broader: neither the library nor any of its
members can be accessed by earlier releases of SAS.
Note: An exception is that access
to metadata-bound tables through a SAS/SHARE server is available to
earlier clients, if SQL statements are passed to the server and the
server is in the second maintenance release of SAS 9.3 (or later).
-
For the SAS OLE DB Local Data Provider,
access to metadata-bound tables is not supported. The SAS OLE DB Local
Data Provider uses a specialized stand-alone engine that provides
access to data sets from external programs without running SAS.
-
For the SAS/SHARE Data Provider,
access to metadata-bound tables through a SAS/SHARE server is available
only if SQL statements are passed to the server. The SAS/SHARE Data
Provider is one of the SAS Providers for OLE DB.
-
For the SAS/IntrNet Application
Dispatcher, access to metadata-bound tables is supported only if the
application server runs with AUTH=HOST.