Security Overview

Each session of SPD Server is attached to a user with a UNIX or Windows user ID. If SPD Server runs on UNIX, all files that the software creates are protected according to the permissions for creating UNIX files that are associated with that UNIX user's ID. SPD Server can read and write only files that have the appropriate file and directory access permissions to the SPD Server user's ID. Use the UNIX UMASK command to restrict the permissions for creating files.

Users must be registered in the password database in order to access SPD Server. Administrators register users in the password database by using the psmgr utility.

When registering users with the psmgr utility, administrators can define authorization levels for users. Users can be assigned an authorization level from 0 to 7. The numbers 0–3 are equivalent: they specify a regular, non-privileged user. The numbers 4–7 are equivalent: they specify special privilege.

Users with special privilege can do the following things that regular users cannot do:

All users connect to SPD Server as regular users, regardless of their authorization level. Users with special privilege must specify the ACLSPECIAL=YES LIBNAME option to invoke their special access in the SAS session. For more information about the psgmr utility, see Password Database Utility.

Users connect to SPD Server by specifying a server domain instead of by specifying the physical location of the server tables. A server domain is a logical name that is mapped to that location. Administrators define the valid server domains in the libnames.parm parameter file on each SPD Server. In effect, server domains isolate users from the file system.

SPD Server provides optional additional security on regular users by supporting creation of Access Control Lists (ACLs) on SPD Server resources. ACLs can be defined on all SPD Server resources, including domains, tables, table columns, catalogs, catalog entries, and utility files. By default, only the owner (creator) of a resource has access to it, unless the owner defines ACLs that grant other users access. Resource owners can grant ACL permissions to specific users, to specific groups of users (called an ACL group), and to all SPD Server users or all groups (universal permissions). For more information, see ACL Security.

Table owners can associate a WHERE clause with their tables so that when users access a table, they can see only the table rows that remain after the WHERE clause filter has been processed. The filtering is applied any time the table is accessed by a DATA step or by an SQL query. When table WHERE constraints are used with symbolic substitutions, table owners can create row-level security that filters table rows based on the values for SPD Server user ID, group name, or special privilege. For more information about table WHERE constraints, see Defining WHERE Constraints on Tables.

SPD Server supports SQL audit logging of submitted SQL queries and proxy auditing of access to SPD Server resources. The auditing functionality is optional. For more information, see Audit File Facility.