Problem Note 67908: The setting for the CRED_PATH= LIBNAME and CREDFILE= CASLIB options might be displayed in cleartext in logs
 |  |  |  |  |
One of the ways to authenticate to Google Cloud Platform (GCP) is through a credential file. With SAS/ACCESS® Interface to Google BigQuery, authentication can be done through the CRED_PATH= LIBNAME/CONNECT to statement option or the CREDFILE= CASLIB option. Currently, the option's value is displayed in the SAS and CAS log in cleartext. To prevent someone from being able to use the file to connect to GCP, set the UNIX permission on the JSON file to allow only a particular user access to the file.
If the user does not have Read permission on the file, an error similar to the following occurs:
<filename>: permission denied
ERROR: Error in the LIBNAME statement.
Click the Hot Fix tab in this note to access the hot fix for this issue.
The hot fix is intended to not display the value in cleartext for LIBNAME statements only. The value will still be seen in the following:
- CASLIB statement
- FedSQL procedure using either a LIBNAME or CASLIB
- CASUTIL procedure
- CAS procedure
- SQL procedure CONNECT TO statement
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Data Connector to Google BigQuery | Linux for x64 | V.03.04 | 2021.1.3 | Viya | Viya |
| SAS System | SAS/ACCESS Interface to Google BigQuery (on SAS Viya) | Linux for x64 | V.03.04 | 2021.1.3 | Viya | Viya |
| SAS System | SAS/ACCESS Interface to Google BigQuery | Linux for x64 | 9.4 | 9.43 | 9.4 TS1M6 | 9.4 TS1M8 |