Encoded Passwords
Encoding a password enables you to write SAS programs without having to specify a
password in plain text. The PWENCODE procedure uses encoding to disguise
passwords. With encoding, one character set is translated to another character set
through some form of table lookup. An encoded password is intended to prevent casual,
non-malicious viewing of passwords. You should not depend on encoded passwords for
all your data security needs; a determined and knowledgeable attacker can decode the
encoded passwords.
When an encoded password is used, the syntax parser decodes the password and
accesses the file. The encoded password is never written in plain text to the SAS log.
SAS does not accept passwords longer than eight characters. If an encoded password is
decoded and is longer than eight characters, SAS reads it as an incorrect password and
sends an error message to the SAS log. For more information, see “PWENCODE” in
Base SAS Procedures Guide.
Using Passwords with Views
Levels of Protection
The levels of protection for SAS views and stored programs are similar to the levels of
protection for other types of SAS files. However, with SAS views, passwords affect not
only the underlying data, but also the view’s definition (or source statements).
You can specify three levels of protection for SAS views: Read, Write, and Alter. The
following section describes how these data set options affect the underlying data as well
as the view’s descriptor information. Unless otherwise noted, the term “view” refers to
any type of SAS view and the term “underlying data” refers to the data that is accessed
by the SAS view:
Read
• protects against reading of the SAS view's underlying data
• prevents the display of source statements in the SAS log when using DESCRIBE
• allows replacement of the SAS view
Write
• protects the underlying data associated with a SAS view by insisting that a Write
password is given
• prevents the display of source statements in the SAS log when using DESCRIBE
• allows replacement of the SAS view
Alter
• prevents the display of source statements in the SAS log when using DESCRIBE
• protects against replacement of the SAS view
Like passwords for other SAS files, the Read, Write, and Alter passwords for views are
hierarchical. The Alter password is the most restrictive and the Read password is the
least restrictive. To DESCRIBE a password-protected view, you must specify its
Using Passwords with Views 729