Object Creation, Location, and Inheritance :: SAS(R) 9.4 Guide to Metadata-Bound Libraries, Second Edition

About This Topic

This topic highlights key differences between the following sets of metadata objects:

secured library and table objects
traditional library and table objects

Each set of objects serves a distinct purpose, so each has distinct characteristics.

Object Creation

You create secured library and table objects by binding physical data to metadata. This adds security information to the physical data and creates corresponding metadata objects at the same time. You use either SAS Management Console or the AUTHLIB procedure to perform this task.

You create traditional library and table objects by registering physical data (using SAS Management Console). You can also register traditional tables through SAS code (using the METALIB procedure). Registering data in metadata has no impact on the physical content of the data.

Metadata Location

Traditional library and table objects can be located in any regular metadata folder. For greater security, metadata locations for secured library and table objects are constrained as follows:

These objects can be located only within a /System/Secured Libraries branch in the SAS Folders tree. You can put secured library objects in subfolders within a /System/Secured Libraries branch. You cannot bind physical libraries to secured library objects in other locations.
Each secured library object is located within a secured data folder, which is a special type of metadata folder that exists only under a /System/Secured Libraries branch.
Each secured table object is located within a secured library object.

Access Control Inheritance

For secured library and table objects, metadata-layer access control inheritance is as follows:

Each secured library object inherits from its parent secured data folder.
Each secured table object inherits from its parent secured library.

This inheritance pattern differs from that of traditional library and table objects, which both inherit directly from their parent folders. The difference in inheritance pattern reflects the distinct purpose of each set of objects:

Secured library and table objects serve as bind targets for physical data (providing access control for the data), so their inheritance pattern follows the inheritance pattern of the physical data.
Traditional library and table objects serve as pointers to physical data (enabling clients to locate data through metadata), so their inheritance pattern is folder oriented.

The following figure depicts examples of inheritance for both types of libraries:

Examples of Inheritance for Traditional and Secured Library Objects

inheritance for traditional and secured libraries