Using Passwords with Views
How the Level of Protection Differs from SAS Views
The levels of protection for views and stored programs differ slightly from other types of SAS files. Passwords affect the actual view definition or view descriptor as well as the underlying data. Unless otherwise noted, the term 'view' can refer to any type of view. Also, the term 'underlying data' refers to the data that is accessed by the view:
| read | * | protects against reading the view's underlying data. |
| * | allows source statements to be written to the SAS log, using DESCRIBE. | |
| * | allows replacement of the view. | |
| write | * | protects the underlying data associated with a view by insisting that a write password is given. |
| * | allows source statements to be written to the SAS log using DESCRIBE | |
| * | allows replacement of the view | |
| alter | * | protects against source statements being written to the SAS log, using DESCRIBE. |
| * | protects against replacement of the view. |
An important difference between views and other types of SAS files is that you need alter access to DESCRIBE an alter-protected view. For example, to use an alter-protected PROC SQL view in a DESCRIBE VIEW statement, you must specify the alter password.
In most DATA and PROC steps, the way you use password-protected views is consistent with the way you use other types of password-protected SAS files. For example, the following PROC PRINT prints a read-protected view:
proc print data=mylib.grade(read=green); run;
Note: You might experience unexpected results when you place protection on a view if some type of protection has already been placed on the underlying data set.
PROC SQL Views
Typically, when you create a PROC SQL view from a password-protected SAS data set, you specify the password in the FROM clause in the CREATE VIEW statement using a data set option. In this way, when you use the view later, you can access the underlying data without re-specifying the password. For example, the following statements create a PROC SQL view from a read-protected SAS data set, and drop a sensitive variable:
proc sql; create view mylib.emp as select * from mylib.employee(pw=orange drop=salary); quit;
Note: If you create a PROC SQL view from password-protected SAS data sets without specifying their passwords, when you try to use the view you are prompted for the passwords of the SAS data sets named in the FROM clause. If you are running SAS in batch or noninteractive mode, you receive an error message.
SAS/ACCESS Views
SAS/ACCESS software enables you to edit view descriptors and, in some interfaces, the underlying data. To prevent someone from editing or reading (browsing) the view descriptor, assign alter protection to the view. To prevent someone from updating the underlying data, assign write protection to the view. For more information, see the SAS/ACCESS documentation for your DBMS.
DATA Step Views
When you create a DATA step view using a password-protected SAS data set, specify the password in the view definition. In this way, when you use the view, you can access the underlying data without respecifying the password.
The following statements create a DATA step view using a password-protected SAS data set, and drop a sensitive variable:
data mylib.emp / view=mylib.emp; set mylib.employee(pw=orange drop=salary); run;
Note that you can use the view without a password, but access to the underlying data requires a password. This is one way to protect a particular column of data. In the above example, proc print data=mylib.emp; will execute, but proc print data=mylib.employee; will fail without the password.
EAN: 2147483647
Pages: 255