Functionality to upload files onto the SAS server (from 9.2 on) is available using stored processes and an html input type="file". I introduced this topic last year in my blog post using the SAS Stored Process Developer Guide sample. Of course, it is never as easy as the sample is it? Over the past year I have used this functionality several times and believe me I have had my share of troubleshooting these implementations. So if you are still considering using custom forms with web file uploads, here is a list of items to consider during development.
- Access to PIPE
- File level security
- Don't use empty files (0 KB)
One of the requests was to not just use the file for some processing, but to store the actual file on the physical server. My first attempt was to use the filename PIPE functionality. Such as within UNIX, we would use the copy command cp to move a file from the source location (contained in the the automatic macro variable &_WEBIN_FILEREF) to the new location /uploadfiles and maintain the original file name (using the other macro variable &_WEBIN_FILENAME).
filename trans PIPE "cp &_WEBIN_FILEREF /uploadfiles/&_WEBIN_FILENAME"; data _null_; infile trans; run;
However this requires access to pipe. By default, this functionality is disabled because with this type of access you can conceivably run commands that can delete or wreak other unimaginable havoc on a machine that is not locked down appropriately on the physical side.
The access to pipe error message looks like this:
ERROR: Insufficient authorization to access PIPE.
ERROR: Error in the FILENAME statement.
Besides enabling access, which in some situations requires an act of congress, there is another way to copy the file from your temporary web location onto the server. Use the RC = function RENAME to move the file over. (Another good reason to keep an eye out for SASCommunity.org Tips of the Day.)
data _null_; location=pathname("&&_WEBIN_FILEREF"); filename="c:\uploadfiles\"||strip("&_WEBIN_FILENAME"); rc = rename(strip(location), strip(filename),'file'); run;
Once you have the rename function setup (or access to pipe enabled), there is still a small issue around file level security. If the physical folder is locked down, no one can write to it. So what level of security is required? Since this functionality is only available to the stored process server the SASSRV account must have write access to the location.
The tricky thing is that no errors will be produced for the user in the SAS Stored Process window with the RENAME function, its just no file will be written into the target folder location (in this case c:\uploadfiles). So just grant sassrv RW (read and write) access to the folder structure and retest.
One final issue was that during my testing, I was using an empty text file on my desktop. It had a name but 0 content. And guess what? It just doesn't work. Of course, I thought it was my custom form or something with the stored process. But after finally trying another file, I realized that when the file is just empty the &_WEBIN_FILENAME and &_WEBIN_FILEREF macros are not generated.
Have any of you started using the file upload capabilities in stored processes? Any other tips & tricks out there?