Business Context
The HR department is updating access policies for the 'Salary' column in the employee database. They need to ensure that during the update process (transaction), no other admin can modify the security settings of this specific column, ensuring data integrity before the new policy goes live.
About the Set : accessControl
Management of access rights and data security.
Discover all actions of accessControl Data Preparation
Creation of an employee table with sensitive salary information.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | caslib hr_lib path='/tmp/hr_lib' dataSource={srcType='path'} |
| 4 | SESSION=true; |
| 5 | datastep.runCode / code=' |
| 6 | data hr_lib.employees; |
| 7 | length Name $20 Dept $10; |
| 8 | Name="Alice"; |
| 9 | Dept="IT"; |
| 10 | Salary=80000; |
| 11 | output; |
| 12 | Name="Bob"; |
| 13 | Dept="HR"; |
| 14 | Salary=75000; |
| 15 | output; |
| 16 | |
| 17 | run; |
| 18 | '; |
| 19 | |
| 20 | RUN; |
| 21 |
Étapes de réalisation
1
Start the security transaction to bundle changes.
Copied!
| 1 | PROC CAS; ACCESSCONTROL.startTransaction; RUN; |
2
Exclusively check out the 'Salary' column to prevent concurrent ACL modifications.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | ACCESSCONTROL.checkOutObject / objectSelector={objType='COLUMN', caslib='hr_lib', TABLE='employees', column='Salary'}, checkOutType='EXCLUSIVE'; |
| 4 | |
| 5 | RUN; |
| 6 |
3
Apply the new access control and commit.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | ACCESSCONTROL.updSomeAcs caslib='hr_lib' TABLE='employees' column='Salary' grants={{grant='Read', group='HR_Managers'}}; |
| 4 | ACCESSCONTROL.commitTransaction; |
| 5 | |
| 6 | RUN; |
| 7 |
Expected Result
The 'Salary' column is successfully locked for the session duration. The access control update is applied without interference, and the transaction commits successfully.