ACL Security Overview
SPD Server uses Access Control Lists (ACLs) and SPD Server user IDs to secure domain
resources. You obtain your user ID and password from your SPD Server administrator.
SPD Server also supports ACL groups, which are similar to UNIX groups. SPD Server
administrators can associate an SPD Server user as many as five ACL groups.
ACL file security is turned on by default when an administrator brings up SPD Server.
ACL permissions affect all SPD Server resources, including domains, tables, table
columns, catalogs, catalog entries, and utility files. When ACL file security is enabled,
SPD Server only grants access rights to the owner (creator) of an SPD Server resource.
Resource owners can use PROC SPDO to grant ACL permissions to a specific group (called
an ACL group) or to all SPD Server users.
The resource owner can use the following properties to grant ACL permissions to all SPD
Server users:
READ
universal READ access to the resource (read or query).
WRITE
universal WRITE access to the resource (append to or update).
ALTER
universal ALTER access to the resource (add, rename, delete, or replace a resource and
add, delete indexes associated with a table).
The resource owner can use the following properties to grant ACL permissions to a named
ACL group:
GROUPREAD
group READ access to the resource (read or query).
GROUPWRITE
group WRITE access to the resource (append to or update).
GROUPALTER
group ALTER access to the resource (rename, delete, or replace a resource and add,
delete indexes associated with a table).
SPD Server ACL Security Model
Overview of the ACL Security Model
SPD Server provides an Access Control List (ACL) based security system. The ACL-based
security is enabled by default. You are encouraged to run SPD Server using ACLs. ACLs
add little overhead to SPD Server in terms of execution speed and disk space consumption.
ACLs keep files private to individual users and within groups.
Only disable ACLs if your computing environment requires free access of any user to any
other user's files. Migrating from a non-ACL environment to an ACL-based environment
is not simple, so use ACLs if you foresee needing security controls at a future time. Files
created by SPD Server running ACLs only should be accessed by SPD Servers running
150
Chapter 14 • ACL Security Overview
Summary of Contents for Scalable Performance Data Server 4.5
Page 1: ...SAS Scalable Performance Data Server 4 5 Administrator s Guide...
Page 7: ...Part 1 Product Notes Chapter 1 SPD Server 4 5 Product Notes 3 1...
Page 8: ...2...
Page 12: ...6...
Page 63: ...Part 3 Migration Chapter 5 SPD Server 3 x to SPD Server 4 5 Conversion Utility 59 57...
Page 64: ...58...
Page 70: ...64 Chapter 5 SPD Server 3 x to SPD Server 4 5 Conversion Utility...
Page 72: ...66...
Page 76: ...70 Chapter 6 Using the SPD Server Name Server to Manage Resources...
Page 94: ...88 Chapter 7 Administering and Configuring SPD Server Using the SAS Management Console...
Page 98: ...92 Chapter 8 SPD Server SQL Query Rewrite Facility...
Page 116: ...110 Chapter 10 Configuring Disk Storage for SPD Server...
Page 128: ...122 Chapter 11 Setting Up SPD Server Parameter Files...
Page 154: ...148...
Page 198: ...192 Chapter 14 ACL Security Overview...
Page 212: ...206 Chapter 15 Managing SPD Server Passwords Users and Table ACLs...
Page 214: ...208...
Page 224: ...218 Chapter 16 SPD Server Operator Interface Procedure PROC SPDO...
Page 236: ...230 Chapter 18 SPD Server Table List Utility Spdsls...
Page 256: ...250 Chapter 19 SPD Server Backup and Restore Utilities...
Page 264: ...258 Chapter 20 SPD Server Directory Cleanup Utility...
Page 270: ......