A SERVICE OF

logo

Open as PDF
next previous
22 Triggers Chapter 3
Triggers
If your DBMS supports triggers, you can use them to enforce security authorizations
or business-specific security considerations. When and how triggers are executed is
determined by when the SQL statement is executed and how often the trigger is
executed. Triggers can be executed before an SQL statement is executed, after an SQL
statement is executed, or for each row of an SQL statement. Also, triggers can be
defined for DELETE, INSERT, and UPDATE statement execution.
Enabling triggers can provide more specific security for delete, insert, and update
operations. SAS/ACCESS abides by all constraints and actions that are specified by a
trigger. For more information, see the documentation for your DBMS.
SAS Security
SAS preserves the data security provided by your DBMS and operating
system; SAS/ACCESS does not override the security of your DBMS. To secure DBMS
data from accidental update or deletion, you can take steps on the SAS side of the
interface such as the following:
specifying the SAS/ACCESS LIBNAME option DBPROMPT= to avoid saving
connection information in your code
creating SQL views and protecting them from unauthorized access by applying
passwords.
These and other approaches are discussed in detail in the following sections.
Assigning SAS Passwords
By using SAS passwords, you can protect SQL views, SAS data sets, and descriptor
files from unauthorized access. The following table summarizes the levels of protection
that SAS passwords provide. Note that you can assign multiple levels of protection.
Table 3.1 Password Protection Levels and Their Effects
File Type READ= WRITE= ALTER=
PROC SQL
view of
DBMS data
Protects the underlying
data from being read or
updated through the
view; does not protect
against replacement of
the view
Protects the underlying
data from being updated
through the view; does not
protect against
replacement of the view
Protects the view from
being modified, deleted, or
replaced
Access
descriptor
No effect on descriptor No effect on descriptor Protects the descriptor
from being read or edited
View
descriptor
Protects the underlying
data from being read or
updated through the
view
Protects the underlying
data from being updated
through the view
Protects the descriptor
from being read or edited
You can use the following methods to assign, change, or delete a SAS password:
the global SETPASSWORD command, which opens a dialog box