'read admin1_table1 by user1' ;
run ;
PROC PRINT data=user1d1.admin1_table2
(obs=10) ;
title
'read admin1_table2 by user1' ;
run ;
/* Test access for a user in group2 */
LIBNAME user2d1 sasspds 'd1'
server=zztop.5162
user='user2'
password='spds123'
IP=YES ;
PROC PRINT data=user2d1.admin1_table1
(obs=10) ;
title
'read admin1_table1 by user2' ;
run ;
PROC PRINT data=user2d1.admin1_table2
(obs=10) ;
title
'read admin1_table2 by user2' ;
run ;
When any ACL is placed on a specific table, that ACL takes precedence over the generic
ACL. The ACL in the code below performs the following:
• Gives read access of admin1_table2 to group1.
• Gives the admingrp read and control of admin1_table2
• Takes precedence over the generic read ACL, which prevents users that are not granted
specific access to admin1_table2 from reading, writing, altering, or controling the table.
PROC SPDO library=d1 ;
/* Assign who owns the ACLs */
set acluser admin1 ;
/* This ACL takes precedence over the */
/* generic ACL for users that try to */
/* access admin1_table2. */
add ACL admin1_table2 ;
modify ACL admin1_table2 /
group1=(y,n,n,n)
admingrp=(y,n,n,y) ;
list ACL _all_;
quit ;
/* Test access for a user in group1 */
176 Chapter 14 • ACL Security Overview
