AUTHLIB Procedure
- Syntax
- Overview
- Concepts
- Using
- Results
- Examples Binding a Physical Library That Contains Unprotected Data SetsBinding a Physical Library That Contains Password-Protected Data SetsBinding a Library When Existing Data Sets Are Protected with the Same PasswordsBinding a Library When Existing Data Sets Are Protected with Different PasswordsChanging Passwords on Data SetsChanging Metadata-Bound Library PasswordsUsing the REMOVE StatementUsing the REPORT StatementUsing the TABLES StatementBinding a Library When Existing Data Sets Are SAS Proprietary EncryptedBinding a Library When Existing Data Sets Are AES-EncryptedBinding a Library with an Optional Recorded Encryption Key When Existing AES-Encrypted Data Sets Have Different Encryption Keys Binding a Library with Required AES Encryption When Existing Data Sets Are Encrypted with the Same Encryption KeyChanging the Encryption Key on a Metadata-Bound Library That Requires AES EncryptionBinding a Library with Existing Data Sets That Are AES-Encrypted with Different Encryption KeysChanging a Metadata-Bound Library to Require AES Encryption When Existing Data Sets Are Encrypted with Different Encryption KeysUsing the REMOVE Statement on a Metadata-Bound Library with Required AES EncryptionResetting Credentials on Imported SecuredLibrary Objects
Example 16: Changing a Metadata-Bound Library to Require AES Encryption When Existing Data Sets Are Encrypted with Different Encryption Keys
| Features: |
|
Program
proc authlib lib=abcde;
modify seclib="ABCDEEmps"
securedfolder="Department XYZZY"
pw=secret
require_encryption=yes
encrypt=aes
encryptkey=new;
tables employee /
encryptkey=abc;
tables empinfo /
encryptkey=def;
tables deptname ;
run;
quit;
Program Description
Library ABCDE has three data sets: Employees, EmpInfo,
and DeptName. In this library, the Employees
data set has the encryption key value
abc.
The EmpInfo data set has the encryption key value def.
The DeptName data set is not AES-encrypted. proc authlib lib=abcde;
Using the MODIFY statement, enter the name of the metadata
folder and name the secured library object in the SAS Metadata Server.You use the REQUIRE_ENCRYPTION=YES option to require
that all data sets in the metadata-bound library have AES encryption.
Note that the name of the secured library object and the name of the
metadata folder are optional, but can be specified to ensure that
the library is bound to that secured library object before making
the change.
modify seclib="ABCDEEmps"
securedfolder="Department XYZZY"
pw=secret
require_encryption=yes
encrypt=aes
encryptkey=new;Using the TABLES statement, specify the encrypt key for
each data set.TABLES statements are
required for each data set.
tables employee /
encryptkey=abc;
tables empinfo /
encryptkey=def;
tables deptname ;
run;
quit;Results:The library ABCDE
remains bound. The MODIFY statement changed the binding to require
AES encryption. All three data sets are copied-in-place to encrypt
the data sets with the required encrypt key..
Log Examples
Library ABCDE Requiring AES Encryption and Changing the Encryption
Key Values of Each Data Set to a Recorded Encryption Key Value
628 proc authlib lib=abcde;
629 modify seclib="ABCDEEmps"
630 securedfolder="Department XYZZY"
631 pw=XXXXXX
632 require_encryption=yes
633 encrypt=aes
634 encryptkey=XXX;
635 tables employee /
636 encryptkey=XXX;
637 tables empinfo /
638 encryptkey=XXX;
639 tables deptname ;
640 run;
NOTE: Changing library to require encryption.
NOTE: Required encryption will use AES encryption with the recorded key.
NOTE: The passwords on ABCDE.EMPLOYEE.DATA do not require modification.
NOTE: Copying data set ABCDE.EMPLOYEE in place to do required encryption with the library's required encryption key and
passwords.
NOTE: Renaming the data set ABCDE.EMPLOYEE to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPLOYEE.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPLOYEE has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.EMPINFO.DATA do not require modification.
NOTE: Copying data set ABCDE.EMPINFO in place to do required encryption with the library's required encryption key and
passwords.
NOTE: Renaming the data set ABCDE.EMPINFO to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.EMPINFO.
NOTE: There were 5 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.EMPINFO has 5 observations and 6 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords on ABCDE.DEPTNAME.DATA do not require modification.
NOTE: Copying data set ABCDE.DEPTNAME in place to do required encryption with the library's required encryption key and
passwords.
NOTE: Renaming the data set ABCDE.DEPTNAME to ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: Copying the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__ to ABCDE.DEPTNAME.
NOTE: There were 4 observations read from the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The data set ABCDE.DEPTNAME has 4 observations and 2 variables.
NOTE: Deleting the data set ABCDE.__TEMP_ENCRYPT_FILE_NAME__.
NOTE: The passwords and/or encryption options for the secured library object with path "/System/Secured Libraries/Department
XYZZY/ABCDEEmps" were successfully modified."
641 quit;
Copyright © SAS Institute Inc. All rights reserved.