Managing Passwords in the SAS System Allen Malone Senior Analyst/Programmer Kaiser Permanente.

Slides:

Advertisements

Similar presentations

Why is that LOV in the screen not returning me desired value?

Advertisements

1.

Copyright © 2008 SAS Institute Inc. All rights reserved. SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks.

Stored procedures and views You can see definitions for stored procedures and views in the demo databases but you can’t change them. For views, expand.

Advanced Programming 15 Feb The “OI” Programming Process Reading the problem statement Thinking Coding + Compiling Testing + Debugging Finalizing.

Multiprocessing with SAS ® Software Now Bill Fehlner, Kathleen Wong, Kifah Mansour SAS Toronto.

Chapter 11: Creating and Using Macro Programs 1 STAT 541 ©Spring 2012 Imelda Go, John Grego, Jennifer Lasecki and the University of South Carolina.

Guide to extract/download multiple databases from Mainframe Tapes to PC using SAS PC Fereydoun J. Foroudian Blue Cross of California SAS is a registered.

Active Directory: Final Solution to Enterprise System Integration

1 SAS Formats and SAS Macro Language HRP223 – 2011 November 9 th, 2011 Copyright © Leland Stanford Junior University. All rights reserved. Warning:

CS Lecture 03 Outline Sed and awk from previous lecture Writing simple bash script Assignment 1 discussion 1CS 311 Operating SystemsLecture 03.

© OCS Biometric Support 1 Updating an MS SQL database from SAS Jim Groeneveld, OCS Biometric Support, ‘s Hertogenbosch, Netherlands. PhUSE 2010 – CC04.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.

“SAS macros are just text substitution!” “ARRRRGGHHH!!!”

I OWA S TATE U NIVERSITY Department of Animal Science Writing Flexible Codes with the SAS Macro Facility (Chapter in the 7 Little SAS Book) Animal Science.

1 Chapter 3: Macro Definitions 3.1 Defining and Calling a Macro 3.2 Macro Parameters 3.3 Macro Storage (Self-Study)

Copyright © 2006, SAS Institute Inc. All rights reserved. Enterprise Guide 4.2 : A Primer SHRUG : Spring 2010 Presented by: Josée Ranger-Lacroix SAS Institute.

Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:

SAS Macros ® 101 How I learned to stop worrying and love macros Alex Chaplin BCS USA Section.

IMS 4212: Application Architecture and Intro to Stored Procedures 1 Dr. Lawrence West, Management Dept., University of Central Florida

MARC 10.5 Update John Harvey. MARC 10.5 Changes  Backup Scripts restructured  Added a script to generate scripts outside of MARC  Generate Scripts.

1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

ADO.NET A2 Teacher Up skilling LECTURE 3. What’s to come today? ADO.NET What is ADO.NET? ADO.NET Objects SqlConnection SqlCommand SqlDataReader DataSet.

SAS Macro: Some Tips for Debugging Stat St. Paul’s Hospital April 2, 2007.

INTRODUCTION TO SAS MACRO PROCESSING James R. Bence, Ph.D., Co-Director Quantitative Fisheries Center Professor Department of Fisheries and Wildlife March.

Batch processing and sysparm A step towards scheduling.

1 Back Up with Each Submit One approach for keeping a dynamic back up copy of your current work.

5/30/2010 SAS Macro Language Group 6 Pradnya Nimkar, Li Lin, Linsong Zhang & Loc Tran.

Macro Overview Mihaela Simion. Macro Facility Overview Definition : The SAS Macro Facility is a tool within base SAS software that contains the essential.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 12 Understanding database managers on z/OS.

June 12, 2009 Toronto Area SAS Society 1 What’s new in BASE SAS 9.2 Checkpoint/Restart Rupinder Dhillon Dhillon Consulting Inc.

® IBM Software Group Appendix C - Code Reuse - Program Templates - Code Snippets - Code Templates.

Stored Procedure. Objective At the end of the session you will be able to know :  What are Stored Procedures?  Create a Stored Procedure  Execute a.

Creating PHPs to Insert, Update, and Delete Data CS 320.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP & MySQL.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting MySQL – Inserting Data.

Copyright © 2004, SAS Institute Inc. All rights reserved. SAS Stored Processes An analyst’s perspective Sylvain Tremblay SAS Canada 24 February 2006.

1 Data Manipulation (with SQL) HRP223 – 2010 October 13, 2010 Copyright © Leland Stanford Junior University. All rights reserved. Warning: This.

Sofia, Bulgaria | 9-10 October The Query Governor Richard Campbell Stephen Forte Richard Campbell Stephen Forte.

Macro Variable Resolution Enio Presutto York University, Toronto, Canada.

Introduction to SAS Macros Center for Statistical Consulting Short Course April 15, 2004.

BMTRY 789 Lecture 10: SAS MACRO Facility Annie N. Simpson, MSc.

WizSource and PowerBuilder Source Control By Victor Reinhart 7/14/2011.

Doug Haigh, SAS Institute Inc.

Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

Database Access Control IST2101. Why Implementing User Authentication? Remove a lot of redundancies in duplicate inputs of database information – Your.

Chapter 7: Macros in SAS  Macros provide for more flexible programming in SAS  Macros make SAS more “object-oriented”, like R 1 © Fall 2011 John Grego.

While You Were Sleeping… SAS Is Hard At Work Andrea Wainwright- Zimmerman.

1 Data Manipulation (with SQL) HRP223 – 2009 October 12, 2009 Copyright © Leland Stanford Junior University. All rights reserved. Warning: This.

CS 440 Database Management Systems Stored procedures & OR mapping 1.

SAS ® Global Forum 2014 March Washington, DC.

Fix: Windows 10 Error Code 0x in Mail App u/6/b/ /alexwaston14/reimage-system-repair/ /pages/Reimage-Repair-Tool/

PHP and SQL Server: Connection IST 210: Organization of Data IST2101.

Better Metadata Through SAS® II: %SYSFUNC, PROC DATASETS, and Dictionary Tables.

Hints and Tips SAUSAG Q SORTING – NOUNIQUEKEY The NOUNIQUEKEY option on PROC SORT is a useful way in 9.3 to easily retain only those records with.

Chapter 10: Accessing Relational Databases (Self-Study)

Introduction To Repetition The for loop

3 Macro Storage.

Conditional Processing

Fall 2017 Questions and Answers (Q&A)

Defining and Calling a Macro

Good Testing Practices

Exploring the Power of EPDM Tasks Working with and Developing Tasks in SolidWorks Enterprise PDM (EPDM) By: Marc Young xLM Solutions

Detecting Runtime Errors and Exiting from Nested Macros Gracefully

Automating SAS through the Power of VB Script

Trigger %macro check_trigger_run;

Making Remote Processing Less Remote

Tips and Tricks for Using Macros to Automate SAS Reporting.

Presentation transcript:

Managing Passwords in the SAS System Allen Malone Senior Analyst/Programmer Kaiser Permanente

How do you Manage Passwords? Hard Code? Macro variables? Manual entry? Something Else?

Data Security Is Important Survey by Ponemon Institute: 19% people ended relationship with business when notified of data security breach. Lawsuits and settlements. Lose Customers. No bonus 

What is a Good Approach? Easy to use Simple to Understand Easy to manage, (add, update) Passwords Programmers need to buy into it. p.s. The solution does not have to be a perfect.

Easy to Use Same method works with in all SAS code – Data Step – Proc Step – SAS/CONNECT – SCL – SQL Pass Thru Does not interfere with program logic

Simple to Understand One file to add or update password information. Easy to Manage No Complex Logic

Does not have to be Perfect Most data security laws require reasonable security precautions, not impenetrable methods. Too complex and Difficult … No one will used it!

How Does it Work? LIBNAME HTP odbc dsn='HealthTRAC_Prod' user=B password=%pw(htrac); DATA patients(pw=%pw(dspw) encrypt=YES); SET HTP.members;... RUN;

How Does it Work? (cont.) PROC SQL; CONNECT TO teradata AS tera (user=B pw=%pw(clar) db=massiveDB tdpid=prod); EXECUTE ( DIAGNOSTIC NOPRODJOIN ON FOR SESSION ) BY TERA; CREATE TABLE new_visits AS SELECT * from connection to tera ( SELECT PE.PAT_ID FROM HCCLCO.PAT_ENC PE WHERE PE.ENC_CLOSE_DATE > DATE&SYM_BEG AND PE.ENC_TYPE_C IN (9, 59, 519,109,991222,999408) ); DISCONNECT FROM TERA; QUIT;

SAS Macro -- Basic Implementation %MACRO pw( sys_code ); %LOCAL CLAR DB2 HTRAC DSPW; %LET CLAR=secret1; /* clarity password */ %LET DB2=secret2; /* db2 password */ %LET HTRAC=secret3; /* healthTRAC Password*/ %LET DSPW=secret4; /* data set password */ &&&sys_code %MEND;

Vulnerabilities of The Basic Implementation Macro Debugging options Macro Code Accessibility Trace Command – SAS/CONNECT

Macro Debugging Options SYMBOLGEN MLOGIC MPRINT MACROGEN

Managing Macro Debugging Options %MACRO pw( sys_code ); %IF %sysfunc(getoption(SYMBOLGEN))= SYMBOLGEN OR %sysfunc(getoption(MLOGIC)) = MLOGIC OR %sysfunc(getoption(MPRINT)) = MPRINT OR %sysfunc(getoption(MACROGEN)) = MACROGEN %THEN %DO; %PUT ERROR: PW.SAS failed! Turn off Macro Debug Options; %GOTO quit; %END; %LOCAL CLAR DB2 HTRAC DSPW; %LET TSO=secret1; /* Z/OS password */ %LET DB2=secret2; /* db2 password */ %LET HTRAC=secret3; /* SQL Server Password*/ %LET DSPW=secret4; /* data set password */ &&&sys_code %quit: %MEND;

Managing Macro Code Accessability Do not store the userid with the password Store files in a secure directory Use Macro Autocall Library /* Setting up Autocall Macros in your SAS code. */ /* Macro names must match the file name in which */ /* they are stored for autocalls to work! */ FILENAME mymacs ‘c:\SAS code\My Macro Directory‘; OPTIONS MAUTOSOURCE SASAUTOS=(sasautos mymacs);

Advanced Password Management Topics Using %pw() with SAS/CONNECT Programmatically turning Debugging Options off and on. Userid/Password Pooling

SAS/Connect SAS/CONNECT connect scripts are macro enabled. Use double quotes around macro. /* A snippet of a SAS/CONNECT signon Script using %pw() */... /* MVS LOGON */ /* input 'Userid?'; */ /* type ENTER; */ type ‘AMALONE' ENTER; /* input nodisplay 'Password?'; */ /* type ENTER; */ type "%pw(TSO)" ENTER; waitfor 20 seconds; type "&TSOTYP" ENTER;...

Programmatically Turning Off Macro Debug Options Can’t turn off Macro Debug Options inside %pw() code. Must use separate macros to turn options off and on. Macros must be invoked outside the data step and PROC step code. OPTIONS SYMBOLGEN; %optsOff; /* Check Macro options; Turn off if necessary */ DATA work.secure_patient_recs2( pw=%pw(DSPW)); SET work.secure_patient_recs( pw=%pw(DSPW)); RUN; %optsOn; /* If previously turned on, then turn options back on */

Userid/Password Pooling Used for simultaneous, multiple connections to IBM mainframe. Userid and Passwords pairs stored in dataset. Suite of macros control/manage pairs in dataset. When program uses a userid, set inUseFlag to “yes”. Set back to “no” when Mainframe connection is finished. *No sample code available for this topic.

Conclusion Looked at simple implementation Reviewed vulnerabilities Addressed vulnerabilities Discussed advanced ways to use this concept. Questions or Comments?