Contents SAS/IntrNet 9.1: Application Dispatcher Previous Next

Controlling Access to Data Sources with the AUTHLIB Data Set


The AUTHLIB data set enables you to permit or restrict access to SAS library entities.  The default name for the AUTHLIB data set is SASHELP.AUTHLIB.  It contains INCLUDE and EXCLUDE rules that declare which data is available and which data is unavailable to a Dispatcher program.  The enforcement of these rules is not automatic.  A Dispatcher program must call the AUTHLIB functions in order to participate in this access control scheme.  It is the responsibility of the programmer to incorporate the AUTHLIB functions into a program.  The SAS Design-Time Controls are the only SAS/IntrNet components that automatically utilize the AUTHLIB data set in SAS/IntrNet Software.

The AUTHLIB data set has a specific structure:

Column Name Type Length Description
Rule character 7 The access rule for this record.  Valid values are "INCLUDE" and "EXCLUDE".
Libname character 8 The library name of the entity to which this rule applies.
Memname character 32 The member name of the entity to which this rule applies.
Memtype character 8 The member type of the entity to which this rule applies.
Objname character 32 The catalog entry name of the entity to which this rule applies.
Objtype character 8 The catalog entry type of the entity to which this rule applies.
Comment character 128 An optional comment explaining this rule.

And here is a sample AUTHLIB data set:

Rule Libname Memname Memtype Objname Objtype Comment
INCLUDE SASHELP * DATA * *  
INCLUDE SASHELP * VIEW * *  
INCLUDE SASHELP * MDDB * *  
INCLUDE SAMPDAT * * * *  
EXCLUDE SAMPDAT MYCAT CATALOG * *  

To customize the access control for your Application Server, you can modify the SASHELP.AUTHLIB data set that is shipped with SAS/IntrNet software, or you can copy this data set to a new name and modify that copy.  If you use a data set name other than SASHELP.AUTHLIB for your set of access rules, you must use the APPSRV_AUTHDS function to set the new name.

Here is how the AUTHLIB data set is interpreted.  An entity is any SAS library, member, or catalog entry.

Here are a few additional guidelines:

AUTHLIB Functions

The following functions enable you to use the AUTHLIB data set in your Dispatcher programs.

Verifying the AUTHLIB Data Set

It is a good idea to verify all changes you make to the AUTHLIB data set.  Fortunately, the APPSRV_AUTHCLS function makes this task easy.  By using this function, you can generate lists of included and excluded entities that you can review for correctness.  The following program produces a verification report for the AUTHLIB data set.

   /*generate the different authlib WHERE clauses and store them as macro variables*/
   
   data _null_;
      length clause $ 32767;

      clause = appsrv_authcls('LIBRARY');
      call symput('LIBCLS',clause);

      clause = appsrv_authcls('MEMBER');
      call symput('MEMCLS',clause);

      clause = appsrv_authcls('CATALOGENTRY');
      call symput('ENTRYCLS',clause);
   run;


   /*create a view of included libraries*/

   proc sql;
   create view work.inclib as select *
      from sashelp.vslib
      where &libcls;
   quit;

   
   /*create a view of the excluded libraries*/

   proc sql;
   create view work.exclib as select *
      from sashelp.vslib
      where not &libcls;
   quit;


   /*create a view of the included members*/

   proc sql;
   create view work.incmem as select *
      from sashelp.vmember
      where &memcls;
   quit;

  
   /*create a view of the excluded members*/ 

   proc sql;
   create view work.excmem as select *
      from sashelp.vmember
      where not &memcls;
   quit;

   /*NOTE: THE CATALOG ENTRY VIEWS CAN TAKE A LONG TIME TO RUN
   YOU MAY WANT TO SUBSET BY ADDING SOMETHING TO 
   THE WHERE CLAUSE TO SPEED IT UP SUCH AS

   and libname ne 'SASHELP'

   THIS WILL PREVENT YOU FROM OPENING EVERY CATALOG
   IN EVERY LIBRARY.*/

   
   /*create a view of the included entries from selected catalogs*/
 
   proc sql;
   create view work.incentry as select *
      from sashelp.vcatalg
      where &entrycls;
   quit;

   
   /*create a view of the excluded entries from selected catalogs*/

   proc sql;
   create view work.excentry as select *
      from sashelp.vcatalg
      where not &entrycls;
   quit;


   /*Now print out the results of the SQL steps*/

   proc print data=work.inclib;
   proc print data=work.exclib;
   proc print data=work.incmem;
   proc print data=work.excmem;
   proc print data=work.incentry;
   proc print data=work.excentry;
   run;

Contents SAS/IntrNet 9.1: Application Dispatcher Previous Next