SAS Information Maps: Securing Data based on User ID

Welcome guest blogger Renu Gehring to BI Notes.  Renu’s book SAS Business Intelligence for the Health Care Industry: Practical Applications  is due for publication by SAS Press in early September. Renu has an extensive background in using the SAS EBI with healthcare data and has some tips for securing data with SAS information maps. 

Using SAS BI to Secure Sensitive Data

If you work in healthcare, you know that practically everything is locked down due to the confidential nature of the data.  This includes the front door of your building, its elevators, each floor entrance, and even the bathrooms!  All this before you even get to the data. 

The SAS Business Intelligence tool set allows developers to implement layers of security on sensitive healthcare data.  I want to talk about one of the methods available in SAS Information Map Studio. 

Consider an information map that contains data about work performance of claims representatives of an insurance company.  A claims representative logs on to a SAS BI toolset like SAS Information Delivery Portal or Web Report Studio and views only her data.  How is this possible?

 Two things make this happen.

  • The claims representative’s user information is stored in SAS metadata. 
  • A filter is created in the map. 

Let’s focus on the information stored in SAS metadata, which includes but is not limited to the following data:

  • User ID   This is mandatory data.
  • User Name   This is mandatory data.
  • User Group Value A value for the user’s group is not required but highly recommended.

Now consider your information map which needs to include a table like the one shown below.  Assume that the claims representatives’ identity in SAS metadata is created so that the Name column below matches the user ID. 

sas information map data

Create the Filter in the SAS Information Map

You use filters to implement data access restrictions in information maps.  To create a row based security filter, use the follow the steps outlined below. 

Create a filter based on Name as shown in following figure. 

  1. Data item: Select Name.
  2. Condition: Select Is equal to.
  3. Value(s): Select Derive identity values (for row-level permissions)
  4. Property: Click SAS.PersonName.  This is the user ID.  The idea behind a security-based filter is to compare name to user ID and exclude unmatched row. 
  5. Select the Hide from user checkbox.  This ensures that the filter cannot be seen or removed by users.

sas information map 02

Modify the Information Map Properties  

Apply the filter and the ClaimRep Table to all queries from the map.  This is done by modifying the map’s properties.

  1. Select Edit > Properties.
    sas information map 05
  2. On the General Prefilters tab, move Name filter from Available Filters to Selected Filters.
    sas information map 03
  3. On the Required Tables tab, move ClaimRep to Required Tables
    sas information map 04

 Test the filter.

  1. Log in in with a claims representative named Jason’s credentials.
  2. Click View SQL in the Test the Information Map dialog box to display the View Query window.  The code includes a WHERE clause restricting Name to Jason. 
    sas information map 06

You can now use the map as a data source for Web Report Studio reports and the access restrictions will automatically flow through.  You can also use the map to source indicator data objects in SAS Dashboard.  Your users may use the map directly in SAS Add-in for Microsoft Office or Enterprise Guide.

Order your copy of SAS Business Intelligence for the Health Care Industry: Practical Applications from SAS Press.  

Never miss a BI Notes post!

Click here for free subscription. Once you subscribe you'll be asked to confirm your subscription through your email account. You email address is kept private and you can unsubscribe anytime.