About Author

Chris Hemedinger

Senior Manager, SAS Online Communities

+Chris Hemedinger is the manager of SAS Online Communities. Since 1993, Chris has worked for SAS as an author, a software developer, an R&D manager and a consultant. Inexplicably, Chris is still coasting on the limited fame he earned as an author of SAS For Dummies.  He also hosts the SAS Tech Talk webcasts each year from SAS Global Forum, connecting viewers with smart people from SAS R&D and the impressive work that they do.

4 Comments

  1. do not forget to read the manual on metadatabound libraries (RTFM).
    As just the existence of a feature can be abused in design questions.

    http://support.sas.com/documentation/cdl/en/seclibag/66930/HTML/default/viewer.htm#p0f9aq5vtdli0qn1tyv9ja703xeg.htm

    Who Should Use Metadata-Bound Libraries?
    As with any other security-related decision, a decision about whether to use metadata-bound libraries involves weighing the benefits of enhanced protection against increased administrative effort and complexity. This topic is intended to help you make a decision that is appropriate for your resources, environment, and security goals.

    If all of the following circumstances exist, it makes sense to consider using metadata-bound libraries:
    •You have SAS data sets that require a high level of security, with access distinctions at the user or group level.
    •You are running (or planning to run) a SAS Metadata Server in which your users are registered.
    •You have not already met your security requirements through a combination of physical layer (operating system) separation and customized configuration of your SAS servers.

    The following prerequisite knowledge is essential for successful use of metadata-bound libraries:
    •You have a basic understanding of the SAS metadata environment, including its authorization system.
    •You know how to create folders and set permissions in SAS Management Console.
    •You have read and understood at least the first two chapters of this document.

    The following additional factors should be considered in a decision about whether to use metadata-bound libraries:

    •If your metadata promotion strategy does not maintain a separate set of physical data for each deployment level (for example, development, test, and production), significant additional administrative complexity is involved (compared to using secured libraries against a single set of physical data).
    •Recovering from actions that inadvertently disrupt coordination between the physical data and its corresponding metadata objects can be complex.
    •Any batch processing against metadata-bound data requires that the metadata server is available and that the requesting user can connect to it.

    Note: In working with metadata-bound libraries, it is also useful to know how to write and submit SAS code.

    The introduction of children seeking the easiest way to achieve a goal is a good one.
    Think like a possible hacker or person wanting to abuse critical information is the start of real information risk management.

    Where are the reasoning about:
    - the need and the implementation on backup/restore, retention policy and D/R
    - the connection to using the often mandatory tools at OS level for backup (Eg TSM)
    - What about all those people (admins or not) accessing the system with eg SSH?
    How would it be that SAS is overruling the system OS (hardened) integrity?

    • Chris Hemedinger
      Chris Hemedinger on

      Jaap, it is important to think critically about any data design/implementation where security is an important goal. Metadata-bound libraries offer one option -- another arrow in the quiver of the SAS admin. OS security and DBMS management are other options. And these can all be used together to achieve the ultimate goals of user service and data security.

  2. Pingback: Fencing in your SAS users with LOCKDOWN - The SAS Dummy

  3. Pingback: New superpowers for SAS administrators - SAS Users Groups

Leave A Reply

Back to Top