SAS/EIS Software: Administrator's Guide

Customizing the Access Control Environment

Setting Up Multiple Access Control Environments

If you support different sets of SAS/EIS applications with different sets of users, you can set up multiple access control environments.

The information entered in the Access Control Setup window and the Access Audit Setup window is stored in and retrieved from the SASHELP.AC catalog.

Follow these steps:

After typing the access control setup information for one environment, make a copy of the SASHELP.AC catalog.
Type different access control setup information, and make another copy of the SASHELP.AC catalog.
Make sure the correct copies of the AC catalog are distributed into the correct users' SASHELP images.

Querying Access Control Settings

To find out about your access control settings, you can open the Access Control Setup window to view the current values in the Environment Settings list box and select [User/Group Management] or [Access Control List Definition] to view the current values in the Access Control Settings list box.

To query the access control settings programmatically, refer to Creating Access Control Definitions Programmatically.

Changing the Administrator's Password

You should rarely need to change the administrator's password. The steps below describe how to change the password when necessary.

Before you begin

Make sure you have write access to your SASHELP.MB catalog.

Then, follow these steps:

Change the password to the new values on all data sets that were created by using the current administrator's password. If access control is activated, these are the files in your ACL root path.
If you have activated access auditing, you also need to change the password on the LOG data set in the Audit File path. Use PROC DATASETS or menu-driven SAS facilities to change the password on these data sets.

Use the following method call to change the administrator's password in the SASHELP.MB catalog:

CALL METHOD ('SASHELP.MB.APWUTIL','CREAAPWM', flag, pw-value, rc);

where

flag is 0 or 1. 0 indicates to not use a control key; 1 indicates to use a control key.

pw-value is the value of the new control key. If flag is 0, this value is ignored

rc is 0 if the update was successful; 1 if it was not successful.

Creating Access Control Definitions Programmatically

In addition to defining access control definitions interactively by using the User/Group Management and Access Control Definition windows, you can also create user and group data sets and access control list data sets by using

data management tools, for example, the SAS DATA step
the SCL methods provided in the access control administration (ACLADMIN) class.

Refer to online Help for the SASHELP.MB.ACLADMIN.CLASS for details on how to create Access Control data sets using SCL methods.

Overriding the Default Behavior of Access Control

Your site might have special access control requirements that are not met by the default set of functionality available in the SAS/EIS access control facility.

Refer to online Help for the Access Control Server class, SASHELP.MB.ACLSERV.CLASS, for details on how to change the structure and format of access control files or for specifics on dealing with non-standard client/server configurations.

Refer to online Help for the Access Control Query class, SASHELP.MB.ACLMAIN.CLASS, for details on how to change the way that the access control information is retrieved and returned.

Specify your access control subclasses in the Access Control Classes window. To open the Access Control Classes window, open the Access Control Setup window and select [Classes].

[IMAGE]

Chapter Contents
Previous
Next
Top of Page

flag	is 0 or 1. 0 indicates to not use a control key; 1 indicates to use a control key.
pw-value	is the value of the new control key. If flag is 0, this value is ignored
rc	is 0 if the update was successful; 1 if it was not successful.