run;
/* Example of every BUT user2 in */
/* group2 being allowed to read */
/* column salary */
PROC SPDO library=user1 ;
/* Assign who owns the ACLs */
set acluser;
/* Clean Up Column ACL */
delete ACL t.salary;
/* Create an ACL on column t.salary*/
/* to only allow members of group2 to */
/* read the column */
add ACL t.salary;
modify ACL t.salary / user2=(y,n,n,n);
/* User permissions have priority over */
/* group permissions. So now deny */
/* user2 access to column salary */
modify ACL t.salary / user2=(n,n,n,n);
quit;
/* Let both users print the table */
/* Only user6 can access column */
/* salary */
proc print data=user2.t;
run;
proc print data=user6.t;
run;
quit;
DICTIONARY.PWDB and DICTIONARY.ACLS
Overview of Dictionaries
In addition to dictionary information for tables and columns, SPD Server provides
information about the users in the password database and the ACL objects available. The
column definitions for DICTIONARY.PWDB and DICTIONARY.ACLS are as follows:
DICTIONARY.PWDB {user char(8) Label = 'User'
auth_lvl char(5) Label = 'Authorization Level'
ip_addr char(16) Label = 'IP Address'
defgrp char(8) Label = 'Default Group'
186 Chapter 14 • ACL Security Overview
