SPD Server enables ACL
file security by default. Although you should use ACL file security,
an SPD Server administrator can change the default ACL file security
setting. When an SPD Server administrator specifies the NOACL option,
all clients of SPD Server obtain the SPD Server user ID anonymous.
No SPD Server security is in effect. SPD Server tables are secured
only by the UNIX file protections that are currently in place.
When UNIX file security
controls SPD Server file access, it validates on the user ID associated
with SPD Server. The UNIX ID associated with SPD Server is the UNIX
ID of the user that starts the server. Suppose an SPD Server administrator
starts the SPD Server host machine, using his SPD Server administrator's
account named SPDSADMN. When any SAS client connects to this SPD Server
host, the client can read only files that have UNIX Read permissions
set for the SPDSADMN user. As a result, SAS clients that are connected
to this SPD Server host must write all files in a directory created
by SPDSADMIN that also has Write permission set for SPDSADMN. SPDSADMN
owns all files written in this directory.
Security is maintained
as a result of the SPD Server administrator setting up SPD Server
LIBNAME domain directories so that only he has Read and Write access
to those directories.
It is possible for a
site to give different UNIX permissions to a group of users. An SPD
Server administrator must start another SPD Server using a different
UNIX user account. (Starting a different SPD Server affects only new
SPD Server files, not existing SPD Server files.)