title
'mary reading anonymous_table' ;
run ;
/* Mary can't write to anonymous_table */
data mary.anonymous_table ;
do i = 1 to 100 ;
output ;
end ;
run ;
Read Only Tables
A common security measure in SPD Server assigns an SPD Server ID to act as the owner
of a domain and to provide control over it.
Typically, one or two user IDs administer table loads and refreshes . These user IDs can
perform all the jobs that are required to create, load, refresh, update, and administer SPD
Server security. Using one or two user IDs centralizes the data administration on the server.
More than one ID for data administration spreads responsibility and still provides backup.
The following example demonstrates how to allow different groups access to the domain,
tables, and how different groups can control resources in the domain.
LIBNAME d1 sasspds 'd1'
server=zztop.5162
user='admin1'
password='spds123'
IP=YES ;
PROC SPDO library=d1 ;
/* assign who owns the ACLs */
set acluser admin1 ;
/* add a LIBNAME ACL to d1 */
add ACL / LIBNAME ;
The MODIFY statement in the code below enables the following actions:
• Any user in same group as admin can read, write, or alter tables and modify the
LIBNAME access to the domain.
• Users in group1 and group2 receive read access to the domain.
• Users in group3 and group4 receive read and write access to the domain.
modify ACL / LIBNAME
admingrp=(y,y,y,y)
group1=(y,n,n,n)
group2=(y,n,n,n)
group3=(y,y,n,n)
group4=(y,y,n,n) ;
list ACL _all_;
quit ;
174 Chapter 14 • ACL Security Overview
