There are a couple of options with getting SAS Stored Processes to access Metadata Libraries.
1. Pre-Assignment of Libraries or Connecting as a Single (and therefore Shared) SAS User Account
The pre-assignment of libraries means that when the Object Spawner is initiated, the libraries are made available to the end users. Even if authentication is required, the users are connected with a single user/pwd (defined in SMC library). This is similar to how an autoexec.sas file works for Base SAS.
2. Without Pre-Assignment of Libraries:
Two options are available when pre-assignment of libraries isn't preferred.
A. To connect to libraries where authentication IS NOT required, the autoexec for the stp server is an appropriate location. (Such as C:\SAS\EBIserver\Lev1\SASApp\StoredProcessServer\autoexec_usermods.sas in SAS 9.2)
B. To connect to libraries where authentication IS required, the &_metauser and &_password reserved macro parameters must be passed through the stored process server into a libname statement. Therefore the libname statement must exist within the .sas stored process code itself OR within some macro/%include code that is called within the .sas stored process code. (Another option in SAS 9.2 is to utilize the INIT Options from SAS Management Console. http://support.sas.com/documentation/cdl/en/biasag/61237/HTML/default/stpopts.htm)
NOTE ~ This last option appears to be the ONLY mechanism to effectively pass authentication between the web and the Stored Process. UNLESS you use Integrated Windows Authentication (IWA) in SAS 9.2. That will even pass the credentials in a BASE SAS 9.2 session to a meta libname such as:
libname test odbc dsn="AdventureWorks".