|
| How the Level of Protection Differs from SAS Views |
The levels of protection for views and stored programs
differ slightly from other types of SAS files. Passwords affect the actual
view definition or view descriptor as well as the underlying data. Unless
otherwise noted, the term "view" can refer to any type of view.
Also, the term "underlying data" refers to the data accessed by
the view:
| read |
- protects against reading the view's underlying
data.
- allows source statements to be written to the
SAS log, using DESCRIBE.
- allows replacement of the view.
|
| write |
does not protect underlying data
associated with a view. |
| alter |
- protects against reading the view's underlying
data.
- protects against source statements being written
to the SAS log, using DESCRIBE.
- protects against replacement of the view.
|
A key difference between views
and other types of SAS files is
that you need alter access to read (browse) an alter-protected view. For example,
to use an alter-protected PROC SQL view in a DESCRIBE VIEW statement, you
must specify the alter password.
In most DATA and PROC steps, the way you use password-protected
views is consistent with the way you use other types of password-protected
SAS files. For example, the following PROC PRINT step prints a read-protected
view:
proc print data=mylibname.grade(read=green);
run;
Typically, when you create a PROC SQL view from a password-protected
SAS data set, you specify the password in the FROM clause in the CREATE VIEW
statement using a data set option. In this way, when you use the view later,
you can access the underlying data without re-specifying the password. For
example, the following statements create a PROC SQL view from a read-protected
SAS data set, and drop a sensitive variable:
proc sql;
create view mylibname.emp as
select * from mylibname.employee(pw=orange drop=salary);
quit;
Note: If you create a PROC SQL view from
password-protected SAS data sets without specifying their passwords, when
you try to use the view you are prompted for the passwords of the SAS data
sets named in the FROM clause. If you are running SAS in batch or noninteractive
mode, you receive an error message. ![[cautionend]](../common/images/cautend.gif)
SAS/ACCESS software enables you to edit Version 6 view
descriptors and, in some interfaces, the underlying data. To prevent someone
from editing or reading (browsing) the view descriptor, assign alter protection
to the view. To prevent someone from updating the underlying data, assign
write protection to the view. For more information, see the SAS/ACCESS documentation
for your DBMS.
When you create a DATA step view using a password-protected
SAS data set, specify the password in the view definition. In this way, when
you use the view, you can access the underlying data without respecifying
the password.
The following statements create a DATA step view using
a password-protected SAS data set, and drop a sensitive variable:
data mylibname.emp / view=mylibname.emp;
set mylibname.employee(pw=orange drop=salary);
run;
Note that you can use the view without a password, but
access to the underlying data requires a password. This is one way to protect
a particular column of data. In the above example,
proc print
data=mylibname.emp; will execute, but
proc print data=mylibname.employee; will fail without the password.
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.
