SAS Business Intelligence FAQ's - part 2

1) What can you do to protect data set and data base passwords?

Ans : To protect data set and data base passwords, you can do the following:

·         Do not specify passwords in program code; interactively prompt for them instead

·         Include passwords in compiled DATA steps

·         Interactively prompt for database connection.

2) Does Foundation SAS provide authorization and authentication capabilities itself?

Ans : Foundation SAS does not provide authorization and authentication capabilities itself. You must use host or network utilities to enforce security for SAS files based on user identity.

3) What are the approaches to minimize security risks to your data?

Ans : You can use the following general approaches to minimize security risks to your data:

·         Restrict access – limiting access to files only to those who are authorized to access it

·         Enforce confidentiality – make data uninterruptable for users who can access the data

4) True or false: The ENCRYPT= option can be used to selectively encrypt only specified variables in a data set.

Ans : False. You must use the DATA step and SAS functions to manually encrypt individual fields.

5) What is the difference between Foundation SAS and SAS platform in terms of security?

Ans : Both of these provide password protection but following are the differences.

Foundation SAS:

·         Does not provide security based on identity – anyone who has the password can access a SAS file, regardless of who they are.

·         Requires host security to restrict access based on identity

SAS Platform:

·         Can use SAS Management Console to provide security based on identity

·         Uses host security to provide additional access control

6) What is the difference between data “at rest” and data “in transit”?

Ans :

·         Data “at rest” is data on storage media – for example, data on disk or tape.

·         Data “in transit” refers to data that is being moved between machines.

7) Can you use options in Foundation SAS to restrict access to SAS files based on user identity?

Ans : NO – You must use host or network utilities to restrict access to SAS files based on user identity.

8) What are the strategies you can use to restrict access to SAS files in Foundation SAS?

Ans : You can restrict access to SAS files in Foundation SAS by using one or both of these strategies:

·         Use SAS options to assign passwords to SAS files

·         Use host or network security to restrict access to files and directories only to authorized users

9) True or false: You can use encryption to restrict access to your data to authorized persons.

Ans : False. Encryption does not prevent access to data, but makes it unreadable if it is accessed.

10) What are the limitations of using SAS passwords?

Ans :

·         SAS passwords can be used to protect SAS data sets and some other types of SAS files. However, they cannot be used to protect SAS source code (including macros) in text files.

·         Even if you have no need to protect SAS programs themselves, SAS source code files may contain passwords for SAS data sets and connection information for external databases.

11) What can you do to protect SAS source code?

Ans : To protect SAS source code, you can do one or more of the following:

·         Use host security to restrict access to source code

·         Compile DATA steps in your source programs and assign SAS passwords to the compiled DATA steps

·         Store SAS code in compiled macros and encrypt the macros

Using host security is the best approach, as there are still potential limitations associated with the other two methods.

12) What are the approaches you can use to restrict access to SAS data and files?

Ans : There are two general approaches you can use to restrict Access to SAS data and files:

·         Assigning passwords to individual files, using SAS options

·         Controlling access based on the identity of the user

(Also known as authorization and authentication)I presume that you know what the difference between authorization and authentication.

13) True or false: You must also assign a password to a data set when you encrypt it.

Ans : True

14) What are the type of SAS files that can be protected with passwords?

Ans : SAS files that can be protected with passwords include:

·         SAS data sets

·         DATA step and SQL views

·         SAS/ACCESS descriptors

·         Stored compiled DATA step programs

15) Explain the difference between restricting access to data and encryption.

Ans : SAS passwords restrict access to SAS data files within SAS, but SAS passwords cannot prevent SAS data files from being viewed at the operating environment system level or from being read by an external program. Encryption provides security for your SAS data outside of SAS by storing the SAS data in encrypted form on disk. The data is decrypted as it is read from the disk.