Date: Mon, 8 Mar 1999 13:54:21 -0500
Reply-To: HERMANS1 <HERMANS1@WESTAT.COM>
Sender: "SAS(r) Discussion" <SAS-L@UGA.CC.UGA.EDU>
From: HERMANS1 <HERMANS1@WESTAT.COM>
Subject: Re[2]: Security of a SAS dataset
Content-Type: text/plain; charset=US-ASCII
Bruce Johnson and Bernard Tremblay have pointed you in the right direction.
Robin McEntire and I presented some examples of the use of Non-Informational
Local ID's (NILID's) in a recent presentation at the CDC/ATSDR 7th Biennial
Symposium on Statistical Methods (under the title "Data Privacy by Formal
Design"). You can create a formal view of a database that links identify
fields precisely but minimizes exposures of confidential or proprietary
information. In preparing for the presentation I did not find much in the
literature about securing data fields, but I did find references to formal
design in database security.
Evben if you can mask key fields, that step alone does not necessarily prevent
disclosure of private information. It seems safer to have a private kernel of
identifying keys and a public data source containing only non-informational keys
that link back to the private kernel. Sig
____________________Reply Separator____________________
Subject: Re: Security of a SAS dataset
Author: Portfolio Information Corporation <portfolio.info@SNET.NET>
Date: 3/8/99 9:34 AM
Hi SAS-list,
Does anyone know whether certain fields of a dataset could be restricted
for access (e.g.. read only with a password or hide) while rest of the
dataset is accessible. To explain this further, can we hide or restrict
access to certain sensitive information such as SSN or Mother's maiden name
etc. in a bank dataset, by applying a password access to these fields?
Mahinda Yapa
please reply to: myapa@yahoo.com
