add ACL / libname ;
modify ACL /
LIBNAME prodgrp=(y,y,y,y)
group1=(y,y,n,n)
group2=(y,n,n,n)
group3=(y,n,n,n) ;
/* Give spedific users access to */
/* the domain */
modify ACL /
LIBNAME user7=(y,n,n,n)
admin1=(y,n,n,n) ;
list ACL _all_ ;
quit ;
The ID 'prod2' is in the group which has permissions to control the LIBNAME ACL. Any
ID in that group can modify the LIBNAME ACL.
Because the ACL was created by user 'prod1', the user 'prod2' must use the user ID 'prod1'
in order to modify the LIBNAME ACL. This is allowed because the group was given
control. User 'prod1' still remains the owner of the LIBNAME ACL.
LIBNAME prod2d2 sasspds 'd2'
server=zztop.5162
user='prod1'
password='spds123'
IP=YES ;
PROC SPDO library=prod2d2 ;
/* Set user ID as 'user1', who owns */
/* the ACL to be modified */
set acluser prod1 ;
modify ACL /
LIBNAME group1=(n,n,n,n)
group4=(y,n,n,n) ;
list ACL _all_ ;
quit ;
The second way that the LIBNAME ACL can be changed is by using a user ID that has
ACL Special privileges. In the example below, the user 'admin1' uses the ACLSPECIAL=
statement to modify the LIBNAME ACL. As in the previous example, the user 'admin1'
must use the user ID of 'prod1'.
LIBNAME admin1d2 sasspds 'd2'
server=zztop.5162
user='admin1'
password='spds123'
ACLSPECIAL=YES
IP=YES ;
PROC SPDO library=admin1d2 ;
ACL Security Examples 169
