Managing passwords in the sas system
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Managing Passwords in the SAS System PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

Managing Passwords in the SAS System. Allen Malone Senior Analyst/Programmer Kaiser Permanente. How do you Manage Passwords?. Hard Code? Macro variables? Manual entry? Something Else?. Data Security Is Important.

Download Presentation

Managing Passwords in the SAS System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Managing passwords in the sas system

Managing Passwords in the SAS System

Allen Malone

Senior Analyst/ProgrammerKaiser Permanente


How do you manage passwords

How do you Manage Passwords?

  • Hard Code?

  • Macro variables?

  • Manual entry?

  • Something Else?


Data security is important

Data Security Is Important

  • Survey by Ponemon Institute: 19% people ended relationship with business when notified of data security breach.

  • Lawsuits and settlements.

  • Lose Customers.

  • No bonus


What is a good approach

What is a Good Approach?

  • Easy to use

  • Simple to Understand

  • Easy to manage, (add, update) Passwords

  • Programmers need to buy into it.

    p.s. The solution does not have to be a perfect.


Easy to use

Easy to Use

  • Same method works with in all SAS code

    • Data Step

    • Proc Step

    • SAS/CONNECT

    • SCL

    • SQL Pass Thru

  • Does not interfere with program logic


Simple to understand

Simple to Understand

Easy to Manage

  • One file to add or update password information.

  • No Complex Logic


Does not have to be perfect

Does not have to be Perfect

  • Most data security laws require reasonable security precautions, not impenetrable methods.

  • Too complex and Difficult…

    No one will used it!


How does it work

HowDoes it Work?

LIBNAME HTP odbc dsn='HealthTRAC_Prod'

user=B468357 password=%pw(htrac);

DATA patients(pw=%pw(dspw) encrypt=YES);

SET HTP.members;

...

RUN;


How does it work cont

How Does it Work? (cont.)

PROC SQL;

CONNECT TO teradata AS tera (user=B468357 pw=%pw(clar) db=massiveDB tdpid=prod);

EXECUTE ( DIAGNOSTIC NOPRODJOIN ON FOR SESSION ) BY TERA;

CREATE TABLE new_visits AS

SELECT *

from connection to tera

( SELECT PE.PAT_ID

FROM HCCLCO.PAT_ENC PE

WHERE PE.ENC_CLOSE_DATE > DATE&SYM_BEG

AND PE.ENC_TYPE_C IN

(9, 59, 519,109,991222,999408)

);

DISCONNECT FROM TERA;

QUIT;


Sas macro basic implementation

SAS Macro -- Basic Implementation

%MACRO pw( sys_code );

%LOCAL CLAR DB2 HTRAC DSPW;

%LET CLAR=secret1; /* clarity password */

%LET DB2=secret2; /* db2 password */

%LET HTRAC=secret3; /* healthTRAC Password*/

%LET DSPW=secret4; /* data set password */

&&&sys_code

%MEND;


Vulnerabilities of the basic implementation

Vulnerabilities of The Basic Implementation

  • Macro Debugging options

  • Macro Code Accessibility

  • Trace Command – SAS/CONNECT


Macro debugging options

Macro Debugging Options

  • SYMBOLGEN

  • MLOGIC

  • MPRINT

  • MACROGEN


Managing macro debugging options

Managing Macro Debugging Options

%MACRO pw( sys_code );

%IF %sysfunc(getoption(SYMBOLGEN))= SYMBOLGEN OR

%sysfunc(getoption(MLOGIC)) = MLOGIC OR

%sysfunc(getoption(MPRINT)) = MPRINT OR

%sysfunc(getoption(MACROGEN)) = MACROGEN %THEN %DO;

%PUT ERROR: PW.SAS failed! Turn off Macro Debug Options;

%GOTO quit;

%END;

%LOCAL CLAR DB2 HTRAC DSPW;

%LET TSO=secret1; /* Z/OS password */

%LET DB2=secret2; /* db2 password */

%LET HTRAC=secret3; /* SQL Server Password*/

%LET DSPW=secret4; /* data set password */

&&&sys_code

%quit:

%MEND;


Managing macro code accessability

Managing Macro Code Accessability

  • Do not store the userid with the password

  • Store files in a secure directory

  • Use Macro Autocall Library

/* Setting up Autocall Macros in your SAS code. */

/* Macro names must match the file name in which */

/* they are stored for autocalls to work! */

FILENAME mymacs ‘c:\SAS code\My Macro Directory‘;

OPTIONS MAUTOSOURCE SASAUTOS=(sasautos mymacs);


Advanced password management topics

Advanced Password Management Topics

  • Using %pw() with SAS/CONNECT

  • Programmatically turning Debugging Options off and on.

  • Userid/Password Pooling


Sas connect

SAS/Connect

  • SAS/CONNECT connect scripts are macro enabled.

  • Use double quotes around macro.

/* A snippet of a SAS/CONNECT signon Script using %pw() */

...

/*------------------MVS LOGON-----------------------*/

/* input 'Userid?'; */

/* type ENTER; */

type ‘AMALONE' ENTER;

/* input nodisplay 'Password?'; */

/* type ENTER; */

type "%pw(TSO)" ENTER;

waitfor 20 seconds;

type "&TSOTYP" ENTER;

...


Programmatically turning off macro debug options

Programmatically Turning Off Macro Debug Options

  • Can’t turn off Macro Debug Options inside %pw() code.

  • Must use separate macros to turn options off and on.

  • Macros must be invoked outside the data step and PROC step code.

OPTIONS SYMBOLGEN;

%optsOff; /* Check Macro options; Turn off if necessary */

DATA work.secure_patient_recs2( pw=%pw(DSPW));

SET work.secure_patient_recs( pw=%pw(DSPW));

RUN;

%optsOn; /* If previously turned on, then turn options back on */


Userid password pooling

Userid/Password Pooling

  • Used for simultaneous, multiple connections to IBM mainframe.

  • Userid and Passwords pairs stored in dataset.

  • Suite of macros control/manage pairs in dataset.

  • When program uses a userid, set inUseFlag to “yes”.

  • Set back to “no” when Mainframe connection is finished.

    *No sample code available for this topic.


Conclusion

Conclusion

  • Looked at simple implementation

  • Reviewed vulnerabilities

  • Addressed vulnerabilities

  • Discussed advanced ways to use this concept.

  • Questions or Comments?


  • Login