SPD Server enables ACL
file security by default. While ACL file security is strongly recommended,
the default can be changed. Only an SPD Server administrator can change
the default ACL file security setting. When an SPD Server administrator
specifies the NOACL option, all clients of SPD Server obtain the SPD
Server user ID anonymous. There is no SPD Server security in effect.
SPD Server tables are secured only by the UNIX file protections that
are currently in place.
When UNIX file security
controls SPD Server file access, it validates on the user ID associated
with SPD Server. The UNIX ID associated with SPD Server is the UNIX
ID of the user that starts the server. Suppose an SPD Server administrator
starts the SPD Server host machine, using his SPD Server administrator's
account named SPDSADMN. When any SAS client connects to this SPD Server
host, they are able to read only files that have UNIX Read permissions
set for the SPDSADMN user. As a result, SAS clients that are connected
to this SPD Server host must write all files in a directory created
by SPDSADMIN that also has Write permission set for SPDSADMN. SPDSADMN
owns all files written in this directory.
Security is maintained
as a result of the SPD Server administrator setting up SPD Server
LIBNAME domain directories so that only he has Read and Write access
to those directories.
It is possible for a
site to give different UNIX permissions to a group of users. An SPD
Server administrator must start another SPD Server using a different
UNIX user account. (Starting a different SPD Server affects only the
new SPD Server files created, not existing SPD Server files.)