Chapter Contents
Previous
Next
SAS/EIS Software: Administrator's Guide

Setting Up the Access Control Environment Programmatically

In addition to using the access control windows to perform setup and maintenance tasks, the access control facility provides methods to set up the access control environment programmatically.

To change any of the access control settings using SCL, you must have write access to the SASHELP.AC catalog and a SAS/AF Software license to run the BUILD environment.

Setting the ACL Setup Parameters

This method re-creates the entry SASHELP.AC.ACLINIT.SCL. 

CALL METHOD ('SASHELP.EIS.ACLUTIL', 'CREAACLI', rc,  flag, aclroot,
    aclserv,login_window, autouser_enabled, libsec, pw_encrypt);

Where... Is type... And contains...
rc
N a flag that indicates if the update was successful, where 0 indicates that the update was successful and 1 indicates that it was not.
flag
 C a flag that activates or deactivates security. Valid values are Y and N.
aclroot
C the path of a directory that holds the ACL files.
aclserv
 C the name of the remote session or share server for aclroot. If the session is local, this parameter should be blank.
login_window
 C the four-level name of the AF application or APPLSCR application to use for login.
autouser_enabled
C a flag that indicates whether to allow the use of &AUTOUSER at login. Valid values are Y and N.
libsec
 C a flag that indicates when the ACL library is allocated, where
Y indicates that the ACL library is allocated before and deallocated after each access to the ACL files.
N indicates that the ACL library is allocated once at access control server allocation and deallocated at access control server termination.
pw_encrypt
C a flag that indicates whether to encrypt the PASSWORD values, where
Y indicates that the PASSWORD variable values should be encrypted in the PASSWD data set.
N indicated that the user passwords should not be encrypted.

Setting the Administrator's Password

This password is used to create and access ACL files and to enable access to the password support feature. Set the flag to 0 if you do not want to use a password. 

 CALL METHOD('SASHELP.MB.APWUTIL','CREAAPWM',flag, pw-value,rc);

Where... Is type... And contains...
flag
 C a flag that indicates whether to activate the password, where
1 specifies to activate the password.
0 specifies to deactivate the password.
pw-value
C the text of the password. The value for this parameter must follow the current SAS file password syntax conventions.
rc
N a flag that indicates whether the update was successful, where
0 indicates that the update was successful.
1 indicates that the update was not successful.

Setting the Audit Parms

This method re-creates the entry SASHELP.AC.ACLLOG.SCL, which is used to track activities associated with the access control facility. 

CALL METHOD  ('SASHELP.EIS.ACLUTIL','CREALOG', rc, flag, logroot, 
    logserv, logtime, data, appl);

Where... Is type... And contains...
rc
 N a flag that indicates whether the update was successful, where
0 indicates that the update was successful.
1 indicates that the update was not successful.
flag
 C a flag that indicates whether to activate access logging, where
Y activates access logging.
N deactivates access logging.
logroot
C the path of a directory that holds the LOG file.
logserv
 C the name of the remote session or share server for logroot. If the session is local, this parameter should be blank.
logtime
C a flag that indicates whether to log full SAS/EIS access time. Valid values are Y or N.
data
 C a flag that indicates whether to log data source access. Valid values are Y or N.
appl
 C a flag that indicates whether to log application access. Valid values are Y or N.

Querying ACL Setup Values and Password

Use the following job to query the current ACL settings and the current administrator's password: 

length security_enabled $1
       aclroot          $200
       aclserv          $17
       logroot          $200
       logserv          $17
       login_window     $35   
       autouser_enabled $1  
       libsec           $1
       pw_encrypt       $1 
       admin_pw         $16      
       pw_active        8 
       audit_enabled    $1 
       logtime          $1
       logdata          $1   
       logappl          $1

;

init:  
/* Administrator's password */ 
call method('sashelp.mb.aclapwm','aclapw',pw_active,admin_pw);
put pw_active=; 
put admin_pw=;  

/* Security Enabled? */ 
call method('sashelp.ac.aclinit','aclinit',security_enabled);
put security_enabled=;  

/* ACL Root */ 
call method('sashelp.ac.aclinit','aclrt',aclroot,aclserv);
put aclroot=; 
put aclserv=;  

/* Login Window */ 
call method('sashelp.ac.aclinit','acllw',login_window);
put login_window=;  

/* AUTOUSER Enabled? */ 
call method('sashelp.ac.aclinit','aclau',autouser_enabled);
put autouser_enabled=; 

/* Secure Libref? */ 
call method('sashelp.ac.aclinit','libsec',libsec);
put libsec=; 

/* Encrypt User passwords? */ 
call method('sashelp.ac.aclinit','pwencrpt',pw_encrypt);
put pw_encrypt=; 

/* LOG Root */ 
call method('sashelp.ac.acllog','logrt',logroot,logserv);
put logroot=; 
put logserv=;  

/* Log LOGIN/LOGOUT? */ 
call method('sashelp.ac.acllog','logopt',logtime,logdata,logappl);
put logtime=;  

/* Log Data Access? */ 
put logdata=;  

/* Log Application Access*/ 
put logappl=; 
return;


Chapter Contents
Previous
Next
Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.