Data Security

SAS preserves the data security provided by SYSTEM 2000 and SAS. The DBA controls who has SYSTEM 2000 authorities and who can create SYSTEM 2000 databases. Creators of the databases control who can access the data. Therefore, SAS users can access only SYSTEM 2000 databases that they created or databases for which they have specific password authorities.

To protect data from accidental update or deletion, you can use precautionary measures on both sides of the interface.

In SYSTEM 2000, the DBA gives users secondary passwords that enable only the authority that they must have. For example, Jane needs to create a view descriptor that reads and selects only the personal information about each employee in the database Employee, which is stored in the ENTRY record. To do this, Jane only needs to perform retrievals and where-clause selection on schema items C1 through C16. Use the following commands to assign her authorities:

    valid password is jane;
    assign r,w to c1 through c16 for jane;

John needs to add new employees' names to the database, so he needs all authorities. Use the following commands to assign his authorities:

    valid password is john;
    assign r, u, w to all components for john;

With retrieval, update, and where-clause authorities, John can create a view descriptor that reads the data records for the schema items and can use that view descriptor to add new logical entries to the database.

If SYSTEM 2000 detects a security violation while a SAS procedure or DATA step is running, it issues the return code 45 or 47 and an error message. If rollback is enabled for the database, partial updates are rolled out (canceled).

In SAS, the DBA can do the following: