When a user reads or
writes SAS libraries and SAS files, most operating environments and
file systems validate the user's authority to read from or write to
that data.
Because a server is
interposed between a user and the data, checking access permissions,
which is usually performed by the operating environment or the file
system security software, must be performed in the server's session
to protect access to that data through the server. For this reason,
a
SAS/SHARE server calls
the operating environment or the file system to validate a user's
authority whenever an attempt is made to read from or write to a library
through the server.
Providing a validated
user ID and password as arguments in the LIBNAME statement, the ALLOCATE
LIBRARY command in the PROC OPERATE statement, or the Remote SQL Pass-Through
statement preempts earlier SAS methods of supplying a user ID and
password by using a communications access method. Regardless of the
method used for collecting a user ID and password, the server uses
the validated user ID in making the authority check. To permit access
by user IDs that are not validated, you can use the AUTHENTICATE=OPTIONAL
option in the PROC SERVER statement.
For more information
about setting options in the PROC SERVER statement, see The SERVER Procedure. For more information about user IDs and passwords, see LIBNAME Statement, Syntax , or The OPERATE Procedure.
In order to validate
a user ID, most access methods require using an access method-specific
mechanism to provide the user ID and corresponding password for the
server operating environment. The access method encrypts the user
ID and password and transmits them to the server session to be validated.
For information about the mechanisms that control whether an access
method validates connecting users and the mechanisms by which users
can provide their user IDs and passwords, see
Communications Access Methods for SAS/CONNECT and SAS/SHARE.
In most operating environments,
to validate a user ID and to verify access permissions, a
SAS/SHARE server calls the operating environment
or the file system directly.
UNIX Specifics: Under UNIX, the server performs these functions by calling an external
program (that is, not a SAS application) that you can modify.