Understanding Native Engines and the Metadata LIBNAME Engine

As mentioned previously, when you access the data in a data library, you can use the native engine stored in the metadata definition of the library, the definition in a configuration file, or you can use the metadata engine. As shown in the following figure, the metadata engine invokes the Base SAS engine that is identified in the metadata.
Metadata Engine Invocation of the Base SAS Engine
Metadata Engine Invocation of the Base SAS Engine
SAS metadata provides a metadata authorization layer that enables you to control which users can access which metadata objects, such as SASLibrary, PhysicalTable, and LogicalServer. You manage the access to metadata by granting ReadMetadata and WriteMetadata permissions on the object or on the repository.
As depicted in the previous figure, when a user accesses a library that uses the metadata engine, the engine sends a request to the SAS Metadata Server to determine the user’s metadata permissions on the tables in the library. The tables for which the user has ReadMetadata access are returned and are available to the user. If the user then performs an action, such as opening a table, the metadata engine queries the metadata server for the user’s metadata permission on the table. If the user has Read access to the table, directly or through group membership, the metadata engine then calls upon the engine specified in metadata to handle the request. The table is then opened into the client application for reading.
In contrast, when a user accesses a library that uses a native engine, the client application contacts the metadata server and requests access to the metadata object as the user. The metadata server then queries the metadata authorization layer to determine whether the user has ReadMetadata access on the tables in the library. In contrast to the metadata engine, there is no query to check for Read access on the table. When a library uses a native engine, the data-level authorizations of Read, Write, Create, and Delete are not checked.
If you want to use the metadata authorization layer to control Read, Write, Create, and Delete permissions, then pre-assign the library. Follow the steps described in Pre-assigning a Library . When you use the Pre-assignment Type menu, select By metadata library engine.
One drawback to using the metadata engine is that it does not automatically create, update, or delete metadata when changes are made to the tables.
Copyright © SAS Institute Inc. All rights reserved.