An
administrator uses a product like SAS Management Console to set authorization.
This security model is a metadata-based authorization layer that supplements
security from the host environment and other systems. The metadata
engine enforces the authorizations that are set in metadata, but it
does not create or update any authorization. For more information,
see the
SAS Intelligence Platform: Security Administration Guide.
The administrator can
use authorization in the following ways for member-level and column-level
security:
-
The administrator can associate
authorizations to any metadata resource in a repository. The metadata
engine enforces effective permissions (which is a calculation of the
net effect of all applicable metadata layer permission settings) for
libraries and tables.
-
The administrator can associate
different authorizations to individual libraries and tables. For example,
suppose a library has 20 tables defined in the repository. The administrator
restricts access to five of the tables, because the five tables contain
sensitive information. Only a few users can access all 20 tables.
Most users can access only 15 tables.
The metadata authorizations
that are enforced by the metadata engine control the actions that
users can perform on data that is accessed with the engine; the engine
does not prevent other SAS programs from accessing the data.