If the user ID under
which the session or server is running is not authorized to access
a
z/OS data set in the manner requested (either read or update), by
default SAS then produces an explanatory message in the SAS log.
SAS does not attempt to open the data set if the user ID does not
have the proper authorization. However, the auditing requirements
for some installations cause unauthorized access attempts to be sent
to the log for that site's authorization facility. An attempt to open
the data set must actually occur before a message is sent to the log
of the authorization facility. Specify FILEAUTHDEFER for unauthorized
access attempts to be logged with the authorization facility at your
site.
The FILEAUTHDEFER option
controls the checking of file authorization for external files and
SAS libraries. However, it only applies to files or libraries which
reside in
z/OS data sets. FILEAUTHDEFER does not apply to the processing
of UFS files.
FILEAUTHDEFER does not
control the authorization checking for
z/OS data sets that a SAS server
accesses on behalf of a client. Such third-party authorization checking
is performed regardless of the FILEAUTHDEFER setting, and access failures
are intercepted by SAS rather than resulting in abends or system errors.
Nonetheless, FILEAUTHDEFER governs attempts by a SAS server to access
a data set in a manner not authorized for the ID under which the server
is running. However, the unauthorized access is logged as having been
attempted by the server ID, not the client ID.