What’s New in Metadata-Bound Libraries in SAS 9.4
Overview
The following new features
and enhancements affect metadata-bound libraries in SAS 9.4:
-
New SAS Management Console features
simplify administration.
-
A new automatic process simplifies
certain administrative interactions with encrypted tables.
-
Effective with the first maintenance release for SAS 9.4, you can require the tables
in a library to be encrypted. You can also store the AES
encryption key for a library’s data sets in the library’s metadata.
-
The REPAIR
statement’s DELETE LOCATION action is now a production feature.
-
Effective with the third maintenance release for SAS 9.4, replaced
metadata-bound library passwords and encryption keys are retained in metadata until all tables are successfully
modified or the administrator
explicitly purges them.
SAS Management Console
The following new features
reduce the need to write SAS code to administer metadata-bound libraries.
From within a
/System/Secured Libraries branch
on the
Folders tab in SAS Management Console,
you can perform the following tasks:
-
bind a physical library and its
contents to metadata
-
change the password of a metadata-bound library
-
unbind a metadata-bound library and delete the corresponding metadata objects
-
require that the tables in a library
be encrypted (available in the first maintenance release for SAS 9.4)
-
validate a library to identify
any discrepancies related to metadata bindings (for example, missing
or mismatched physical tables, security location information, or metadata
objects)
-
store
or modify an AES encryption key in a library’s metadata (available in the first maintenance
release for SAS 9.4)
-
specify permission conditions that
give users access to some but not all of the data within a physical
table (available in the first maintenance release for SAS 9.4)
-
specify whether a library’s passwords and encryption keys are to be retained in metadata
or automatically purged if all tables in the
library are successfully modified to use the newer credentials (available in the
third maintenance release for SAS 9.4)
Note: Unlike most actions in SAS
Management Console, the actions that are described in the first four
items in the preceding list affect not only metadata, but also the
corresponding physical data. All of the actions build SAS code and
execute it in a workspace server.
Encryption
-
-
-
Effective with the first maintenance release for SAS 9.4, you can force encryption
by specifying REQUIRE_ENCRYPTION=YES when you create or modify a metadata-bound library.
By requiring some form of encryption for all tables within a metadata-bound library,
you increase security. See CREATE Statement and MODIFY Statement.
-
Effective with the first maintenance release for SAS 9.4, you can use ENCRYPTKEY=
to store an AES encryption key in metadata when you create or modify a metadata-bound
library. The stored key is used to attempt to open the library’s AES-encrypted tables
when
no key is supplied by the user. The stored key is used to encrypt data sets in the
following cases: when encryption is required, and when AES encryption is specified
in SAS code but no key is supplied.
REPAIR Statement
-
The REPAIR statement of the AUTHLIB procedure no longer supports password modification.
See REPAIR Statement.
-
The REPAIR DELETE LOCATION action of the AUTHLIB procedure is now a production feature.
See REPAIR Statement.
PURGE Statement and PURGE= Option
In the third maintenance release for SAS 9.4, a new statement and a new option for
the MODIFY statement were added to the AUTHLIB procedure.
-
The PURGE statement removes any retained metadata-bound library credentials older
than a given date of replacement.
-
The MODIFY statement has a PURGE= option that automatically removes all retained metadata-bound
library credentials if all tables in the library are successfully modified to use
the newer
credentials.
Copyright © SAS Institute Inc. All rights reserved.