ACLs. Likewise, areas created without ACLs should be accessed only by SPD Servers
using -NOACL.
SPD Server comes bundled with the SAS Management Console (SMC). The SAS
Management Console is a GUI utility that an SPD Server administrator can use to manage
passwords and ACLs. The SAS Management Console manages passwords using the same
capabilities that the
psmgr
utility provides, and the SAS Management Console also
manages ACLs using the same capabilities provided by PROC SPDO.
Enabling ACL Security
Overview of Enabling ACL Security
You enable SPD Server security with the -ACL option on the spdsserv command.
Numerous security features are in effect with ACLs enabled.
UNIX File-Level Protection with ACL Security
Each session of SPD Server is attached to a user with some UNIX or Windows user ID. If
SPD Server runs on UNIX, all files created by the software are protected according to the
UNIX file creation permissions associated with that UNIX user's ID. The SPD Server only
can read or write files that have the appropriate file and directory access permissions to the
SPD Server's user's ID. Use the UNIX 'unmask' command to restrict the desired creation
permissions.
User/Password Validation
SAS users must issue a user ID and password with the LIBNAME statement in order to
connect to SPD Server. The user ID and password are verified against an SPD Server user
ID table set up by the system administrator. Password expiration can be enforced by the
system administrator via the psmgr administration tool for the user ID table or through the
SAS Management Console, if it is installed and configured for SPD Server. In either of the
two environments, the system administrator can prevent logins under the anonymous user
ID by placing user 'anonymou' in the user ID table with a password unknown to the SAS
users.
Control of LIBNAME Domains by the System Administrator with ACL
Security
The system administrator defines the valid LIBNAME domains with entries in the libname
parameter file for each SPD Server. The PATHNAME= specification defines the file
system for the LIBNAME. LIBNAME= specifications provide the access route to the file
system. Restricting knowledge of the LIBNAME= specification information restricts
access to the corresponding file systems.
User Ownership of LIBNAME Domains
In the LIBNAME parameter file, the system administrator can attach the OWNER=
specification to any defined LIBNAME domain. Only the system user whose user ID
matches the OWNER= specification can create tables in this domain. (However, that user
can grant other users read or write access rights through ACLs that were issued from the
SAS LIBNAME statement.)
User Ownership of Tables
Each table created is tagged with the SPD user ID (referred to as the owner) who created
it. Only the owner or ACLSPECIAL users can access a table. (However, the owner can
grant access to other users through ACLs by adding a LIBNAME ACL with PROC SPDO.)
Enabling ACL Security
151
Summary of Contents for Scalable Performance Data Server 4.5
Page 1: ...SAS Scalable Performance Data Server 4 5 Administrator s Guide...
Page 7: ...Part 1 Product Notes Chapter 1 SPD Server 4 5 Product Notes 3 1...
Page 8: ...2...
Page 12: ...6...
Page 63: ...Part 3 Migration Chapter 5 SPD Server 3 x to SPD Server 4 5 Conversion Utility 59 57...
Page 64: ...58...
Page 70: ...64 Chapter 5 SPD Server 3 x to SPD Server 4 5 Conversion Utility...
Page 72: ...66...
Page 76: ...70 Chapter 6 Using the SPD Server Name Server to Manage Resources...
Page 94: ...88 Chapter 7 Administering and Configuring SPD Server Using the SAS Management Console...
Page 98: ...92 Chapter 8 SPD Server SQL Query Rewrite Facility...
Page 116: ...110 Chapter 10 Configuring Disk Storage for SPD Server...
Page 128: ...122 Chapter 11 Setting Up SPD Server Parameter Files...
Page 154: ...148...
Page 198: ...192 Chapter 14 ACL Security Overview...
Page 212: ...206 Chapter 15 Managing SPD Server Passwords Users and Table ACLs...
Page 214: ...208...
Page 224: ...218 Chapter 16 SPD Server Operator Interface Procedure PROC SPDO...
Page 236: ...230 Chapter 18 SPD Server Table List Utility Spdsls...
Page 256: ...250 Chapter 19 SPD Server Backup and Restore Utilities...
Page 264: ...258 Chapter 20 SPD Server Directory Cleanup Utility...
Page 270: ......