ENCRYPT= Table Option

Encrypts SPD Server tables on disk.

Valid in: SPD Server
Default: NO
Restriction: A server table cannot be compressed if it is encrypted.
Interaction: Use ENCRYPT= in conjunction with the IOBLOCKSIZE= table option.
Syntax
Required Arguments
Details
Example
See Also

Syntax

ENCRYPT=YES | NO | AES

Required Arguments

YES

encrypts the table using SAS proprietary encryption. The encryption method uses passwords. You must specify the READ= option or the PW= data set option at the same time that you specify an ENCRYPT=YES option setting. For more information about the data set options, see SAS Data Set Options: Reference.

NO

no table encryption is performed. NO is the default setting for the ENCRYPT= option.

AES

specifies AES-256 encryption of data. You must also supply a value for the ENCRYPTKEY= parameter if you choose AES-256 encryption.

Details

Encrypting a server table provides security from users that have system access to dump raw server tables. The section about security in the SAS Scalable Performance Data Server: Administrator’s Guide contains more information about how to control system access to the server tables.
When the ENCRYPT= table option is set to YES, the server encrypts newly created tables by blocks. To control the amount of encryption per block, use the table option IOBLOCKSIZE=. The IOBLOCKSIZE= option specifies the number of rows to be encrypted in each block.
Usage Notes
  1. Depending on your query patterns, increasing or decreasing the block size can affect performance.
  2. When ENCRYPT=YES, the server encrypts only table row data. Table indexes and metadata are not encrypted.
  3. When ENCRYPT=AES, both data and index files are encrypted.
  4. To access an encrypted table, the user must have appropriate ACL permissions to the table and must provide either the password or the encryption key. The password is specified with the READ= option or the PW= data set option. The encryption key is specified with the ENCRYPTKEY= table option.

Example

This code creates encrypted server table EncTable from non-encrypted server table RegTable using implicit pass-through. It specifies the ENCRYPT= table option with the password “Secret”. 
libname tempdata sasspds 'public' server=lax94d01.14545 
user='anonymous' ip=yes;

data tempdata.regtable;x=1;run;

option dbidirectexec=yes;

proc sql;
  create table tempdata.enctable(encrypt=yes pw=secret) as 
  select * from tempdata.regtable;
quit;
To use server table EncTable, specify the password as follows: 
proc contents data=tempdata.enctable(pw=secret); run;
In the output, note that the Encrypted attribute for the table is set to YES.
The PROC CONTENTS output specifies Encrypted YES

See Also

SPD Server table options:
ENCRYPTKEY= Table Option
IOBLOCKSIZE= Table Option
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: February 8, 2017