The following command
invokes SPD Server with ACL support enabled and configures it with
the specified LIBNAME domain definitions.
spdssrv -ACL -acldir
InstallDir/site -nameserver samson
-LIBNAMEfile libnames.parm
The libnames.parm file
contains:
LIBNAME=public pathname=/disk1/public;
LIBNAME=qadata pathname=/disk2/qadata
owner=qamgr;
LIBNAME=marketing pathname=/disk3/marketing
owner=mktmgr;
LIBNAME=clinical pathname=/disk4/clinical
owner=drzeuss;
SPD Server is invoked
connecting to the name server running on machine 'samson'. The password
file listing all valid system users resides in directory 'InstallDir/site'.
LIBNAME domains 'public' 'qadata', 'marketing' and 'clinical' are
registered with the name server. The
/disk1/public
,
/disk2/qadata
,
/disk3/marketing
, and
/disk4/clinical
directories
must exist and the user ID that invokes
spdssrv must have read and write access to them.
The following LIBNAME
statements connect SAS clients to the data areas:
LIBNAME open sasspds 'public'
host='samson'
user='employee'
prompt=yes;
LIBNAME pres sasspds 'clinical'
host='samson'
user='ceo'
prompt=yes;
LIBNAME report sasspds 'marketing'
host='samson'
user='ceo'
aclgrp='mrktng'
prompt=yes;
LIBNAME efficacy sasspds 'clinical'
host='samson'
user='drfda'
prompt=yes;
Additionally, ACLs can
be created on the LIBNAME domains themselves and the resources that
are created within them. The simplest way to do this is using PROC
SPDO. The following example demonstrates this:
LIBNAME clin sasspds 'clinical'
host='samson'
user='drzeuss'
prompt=yes;
PROC SPDO lib=clin;
set acluser;
add ACL /
LIBNAME groupread;
modify ACL /
LIBNAME drfgood=(y,y,,y);
quit;
The owner of the LIBNAME
domain 'clinical' has granted permission to other members of his or
her ACL group to the LIBNAME domain to have READ access to the domain.
This permits these users to perform SAS LIBNAME assignments to the
domain. Users not belonging to the owner's ACL group will not even
be permitted to make LIBNAME assignments to the 'clinical' domain.
The owner has also granted READ, WRITE, and CONTROL access to the
explicit user 'drfgood'. This enables 'drfgood' to make LIBNAME assignments
and write new files to the 'clinical' domain, and to also alter the
LIBNAME ACL permissions if desired.