SAS Data File Encryption

SAS passwords restrict access to SAS data files within SAS, but SAS passwords cannot prevent SAS data files from being viewed at the operating environment system level or from being read by an external program.

Encryption provides security of your SAS data outside of SAS by writing to disk the encrypted data that represents the SAS data. The data is decrypted as it is read from the disk.

Encryption does not affect file access. However, SAS honors all host security mechanisms that control file access. You can use encryption and host security mechanisms together.

Encryption is implemented with the ENCRYPT= data set option. You can use the ENCRYPT= data set option only when you are creating a SAS data file. You must also assign a password when encrypting a file. At a minimum, you must specify the READ= or the PW= data set option at the same time you specify ENCRYPT=YES. Because passwords are used in the encryption method, you cannot change any password on an encrypted data set without re-creating the data set.

The following rules apply to data file encryption:

• To copy an encrypted SAS data file, the output engine must support encryption. Otherwise, the data file is not copied .

• Previous releases of SAS cannot use an encrypted SAS data file. Encrypted files work only in Release 6.11 or in later releases of SAS.

• You cannot encrypt SAS data views, because they contain no data.

• If the data file is encrypted, all associated indexes are also encrypted.

• Encryption requires roughly the same amount of CPU resources as compression.

• You cannot use PROC CPORT on encrypted SAS data files.

 data salary(encrypt=yes read=green);     input name $ yrsal bonuspct;     datalines;  Muriel    34567  3.2  Bjorn     74644  2.5  Freda     38755  4.1  Benny     29855  3.5  Agnetha   70998  4.1  ; 

 proc print data=salary(read=green);  run;