Data Encryption And Access Control Using Password Protection

In this time of cyber age every one is looking to secure their data from outsiders.Apart from the security your network and system provides SAS facilitates 2 ways to secure your data.

1. Encrypt the data.

2. Put the access control on your data.

Data Encryption:

Although data in SAS files (What we call it as a SAS datasets) is not simple to access from outside of SAS environment but it can be certainly accessed from few other systems like Ab-Initio, Mainframe etc. And as new technologies being developed every other day it’s safer not to only rely on the default security mechanisms provided by your system.

So the simple way is to Encrypt the data. Using SAS it’s very simple to Encrypt the data. It can done by just using the ENCRYPT= SAS dataset option. Below code demonstrates this.

Data Encryption Using ENCRYPT Option

DATA libname.DatasetName (ENCRYPT = YES)

SET InputDataSetName;

/* More Data Step Statements Here*/

RUN;

Anytime the new Dataset is being created you can get encrypted before saving to the disk using ENCRYPT option. So that no one would be able to recognize it from unwanted environments.

Password Protection of SAS Datasets

Before even starting to talk about SAS password protection; It’s better to know about its limitations and Precautions before use.

Limitation – SAS password don’t provide any restriction over the use of SAS file beyond the file system.

Precaution – Its very much important to keep in mind that If you forget the assigned password its nearly impossible to get it back. So better you remember it for life or note it down somewhere at secret place, isn’t it?

When you want to secure your data from unintended SAS Users better you place an access control over right. SAS has provided three levels of Access controls over the data and is implemented using passwords.

Those access controls are read write and alter.

Read Protected – Users can’t read the data without knowing the password. They can’t write to the data however they can drop the dataset it’self.

Write Protected – Users can’t write to the data to the data set without knowing the password but they can read the data and drop the dataset it’self.

Alter Protected – Users can’t drop or replace the dataset without knowing the password but they can always read and write to the data.

How to implement this – This can achieved using READ=, WRITE=, ALTER= dataset options in any PROC or DATA STEP. Following code snippet demonstrates it with few examples.

Applying Write Access Control In Data Step

DATA libaname.DatasetName(WRITE=it’s_secret);

SET inputDatasetName;

Run;

/* Now anyone who don’t know the WRITE Access password (i.e. it’s_secret) could not access that data set to write in his program */

Applying Alter Access Control On Already Existing Dataset Using PROC DATASETS

PROC DATASETS lib = libname;

MODIFY datasetName(ALTER=anyPassword);

QUIT;

/* Now anyone who don’t know the password can’t alter or drop or replace the dataset though they can use to read and write purpose */

Applying full controls Using PW= option:

Instead of using all these kind of passwords it’s always handy to have only one password with all levels of access controls. This can be done using PW= option. Once this access control is applied person can’t read, write, alter or drop the dataset without knowing the password.

Following code snippets demonstrates this.

Applying Full Access Control Using PW= Option

DATA libname.DatasetName(PW=anyPassword);

SET inputDatasetName;

RUN;