Get roles and their capabilities from metadata.

MSMM — Tue, 26 Mar 2019 11:53:07 GMT

Dear all

Is there any way to create a dataset with a list of SAS metadata roles and associated capabilities?

like a matrix in 5.1

Re: Get roles and their capabilities from metadata.

andreas_lds — Tue, 26 Mar 2019 12:50:00 GMT

Yes it is possible. I have done this before using metadata-functions, unfortunately i don't have access to the code right know.

Re: Get roles and their capabilities from metadata.

MSMM — Tue, 26 Mar 2019 12:58:37 GMT

Could you please try to share it with me , urgent

Re: Get roles and their capabilities from metadata.

alexal — Tue, 26 Mar 2019 13:05:41 GMT

@MSMM ,

Here you go:

/*  Create lists of Metadata Roles and their Assigned Product Capabilities   */

%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/*  Create Table of all Roles    */

data Role;
      length type $32 
      id Roleid $17 RoleName  Role_obj Role_Uri  Role_desc $ 256 ;
	    call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
 	    Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
  	  Roles=metadata_resolve(Role_obj,type,id);
  	  *put Roles= id=;
      if (Roles >0) then do n = 1 to Roles;
    	   nobj=metadata_getnobj(Role_obj,n,Role_Uri);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
		     *put rc= RoleName=;
       	 rc= metadata_getattr(Role_Uri, "Id", RoleId);
       	 rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
       	 *Put RoleId= RoleName= Role_desc=;
       	 output;
      end;	
	run;
	
/*  Create table of Capabilities and Associated Roles  */
data AceExe;
   length type $32 id AceId PTreeId ApActId RoleId TreeId  SCid AceName $17   
     Ace_obj Ace_Uri  ApAct_desc  ApActuri RoleName Capability Role_Uri 
     Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
     ApActIdent $32 ProductName $60;
     lable ApAct_desc="Capability Description"
           RoleName="Role Name"
           catName="Category Name"
           ProductName="Product Name";
  
     call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
                  ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
                  ProductName, SoftComp_Uri,SCid,
                  ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
                  PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);

     Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
                 "[Permissions/Permission[@Name='Execute']]",
                 " and [Objects/ApplicationAction]");

    Aces=metadata_resolve(Ace_obj,type,id);
    *put Aces= id=;
    if (Aces >0) then do n = 1 to Aces;
    	nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
    	rc= metadata_getattr(Ace_Uri, "Name", AceName);
    	rc= metadata_getattr(Ace_Uri, "Id", AceId);
    	*Put AceId= AceName= ;
    	ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
	    rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
	    rc=metadata_getattr(ApActuri, "Id", ApActId);
      rc= metadata_getattr(ApActuri, "Name", Capability);
      rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
      *put AceId= ApActIdent= ApAct_desc=;
      trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
      if (trees >0) then do j=1 to 1;
  	      call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId, 
  	                   PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName  );
          tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
		     rc=metadata_getattr(Tree_Uri, "Id", TreeId);
    	   rc= metadata_getattr(Tree_Uri, "Name", TreeName);
    	   rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
    	   ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
    	   rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
    	   rc=metadata_getattr(PTree_Uri, "Id", PtreeId); 
    	   SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
    	   if SoftComps=1 then do;
    	     rc=metadata_getattr(SoftComp_Uri, "Id", SCId); 
   	       rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);   
   	       	   put j= TreeId=  TreeName=  TreeDesc= ProductName=;
         end;
         else put TreeId=  TreeName= SoftComp= PTreeDesc=;
     	end;
      assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
      if (assocroles >0) then do j=1 to assocroles;
         assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
		     rc=metadata_getattr(Role_Uri, "Id", RoleId);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
    	   *put j= ApActIdent=  RoleId= RoleName= ;
    	   output;
		     call missing(Role_Uri,RoleId, RoleName);
    	end;
      else output;
      call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
		                Capability,ApActIdent);
    	end;	
    	j=0;
	run;

	ods listing close;
	filename htmout "&htmout";

ods html body=htmout (no_bottom_matter) style=barrettsblue;
  %let now=%sysfunc(datetime(),datetime32.);
  proc sql noprint;
  
  create view rolecapable as
  select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
     order by RoleName, ProductName, TreeName, capability;
     quit;
  run;
options nobyline;
  Title " &now -  Roles and their assigned Product Capabilities";
  title2 'for #byval(RoleName)';  

proc report data=rolecapable headline nowd headskip;
	by rolename;
 	column Rolename  ProductName TreeName  capability ApAct_desc ;
 	define RoleName / order format=$45.   ;
 	define ProductName / order format=$45.   ;
 	define TreeName / order format=$40.   ;
 	define ApAct_desc /display   style(column)=[cellwidth=3in];
 	/* define Treedesc /order   style(column)=[cellwidth=3in]; */
 	define capability / display ;
 	break after Rolename / ol
                         summarize
                         skip;
  compute after RoleName;
   line ' ';
   endcomp;                                  
run;
ods html close;
filename htmout "&htmout" mod;

filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description" 
   from role where RoleId not in (select RoleId from Aceexe);
quit;

ods html close;

Re: Get roles and their capabilities from metadata.

MSMM — Tue, 26 Mar 2019 13:11:46 GMT

appreciate your support, many thanks I will check it

topic Re: Get roles and their capabilities from metadata. in Administration and Deployment

Get roles and their capabilities from metadata.

Re: Get roles and their capabilities from metadata.

Re: Get roles and their capabilities from metadata.

Re: Get roles and their capabilities from metadata.

Re: Get roles and their capabilities from metadata.