Date: Tue, 3 Feb 2004 19:14:19 -0500
Reply-To: Don Stanley <don_stanley@PARADISE.NET.NZ>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: Don Stanley <don_stanley@PARADISE.NET.NZ>
Subject: Re: SAS access to Oracle tables - method to avoid having id's
andpasswords embedded in code???
This sounds useful. Assumably for a scheduled batch job it would run under
some trusted signon "owned" by the scheduler, so the scheduler would just
need appropriate access to Oracle.
However, I wonder how/if it would work under SAS/CONNECT. Eg, at my site we
submit everything from Windows. So I'm signed onto Windows, but somewhere
along the way, when I rsubmit to the other box, I've still got to tell that
box who I am.
On Tue, 3 Feb 2004 16:58:09 -0700, Kenneth Moody
>It's not available in all operating system environments, but on our
>Tru64 Unix we use a method called operating system authentication.
>Quoting from the O'Reilly book Oracle SQL*Plus, "Oracle authenticates
>you based on your operating system username, trusting that the operating
>system has properly authenticated you." It's a wonderful solution to
>both of your concerns.
>>>> "Skinner, Deborah" <Deborah.Skinner@US.FORTIS.COM> 02/03/04 12:38PM
>We are implementing SAS 8.2 in a Windows Server environment and have
>licensed the SAS/Access to Oracle product. The vast majority of our
>code will be accessing this Oracle data.
>But the first major bump in the road is that our DBA's and IT admins
>very concerned about having the Oracle ID's and passwords embedded all
>over the place in SAS code. The first issue is the obvious security
>issue. The second is that ultimately many of these programs will be
>by a scheduler and once code is automated, nobody wants to have to go
>back in and maintain the passwords.
>I am certain that this must be a common problem and I'm wondering how
>other sites have approached this.