Re: Generate Report on User Group Access

ronnynch

Hello Everyone,

I am running on SAS OA 9.4 M8. I would like to know if there's a way for me to generate a report on the user group access. For example, I have 20 user groups, and I want to know which libraries each of the user group have access to.

Thanks.

carl_sommer

Please see the documentation for SAS Help Center: %MDSECDS Security Report Macro .

Note that you likely have granted permissions using groups, so if you really want to report on an individual user, you will probably need to also use SAS Help Center: %MDUEXTR User Import Macro to generate tables of users and group memberships that you can join with the data from %MDSECDS to report at an individual user-level.

Here's an example invocation of %mdsecds to generate tables and a view in the WORK library for all libraries defined to metadata.

%mdsecds(membertypes="Library");

Carl Sommer - SAS Technical Support

ronnynch

Hi @carl_sommer ,

I tried running the %mdsecds(membertypes="Library"); command but hit errors below:

ERROR: Physical file does not exist, H:\SASWork\_TD32436_DCVWAPSASP_\#LN00074.
ERROR: Encountered during XMLInput parsing at or near line 1, column 1.
ERROR: The definition for the "MEMBERS" table is not well-formed or is corrupt.

Any idea?

carl_sommer

This sounds like your WORK library had an issue. This could just be that you are making too-large of a metadata request.

Your original post said you were interested in what access specific groups had. You could filter on both the member type (Library) and the specific group. This is similar to what is shown in Example 3: ReadMetadata Permission for Libraries for a Specified User. Here's the form of this, looking for all libraries where the ETLDevelopers group have WriteMetadata access:

%mdsecds(identitynames="ETLDevelopers", identitytypes="IdentityGroup", membertypes="Library", perms="WriteMetadata");

What do you have for MEMSIZE? Have you verified your work library is OK? Since it shows the H: drive, I suspect it is a network drive. It's best to use a local disk for WORK.

If you continue to have issues, share your SAS log or open a case with SAS Technical Support.

Carl Sommer - SAS Technical Support

Quentin

You might want to look into the (3rd party) security plug-ins from Metacoda. https://www.metacoda.com/en/

They make it super easy to answer questions like "What can this person/group see" and "Who can see this data" etc.

The Boston Area SAS Users Group is hosting free webinars!
Next webinar will be in January 2025. Until then, check out our archives: https://www.basug.org/videos. And be sure to subscribe to our our email list.

MichelleHomes

Thanks @Quentin for mentioning Metacoda Security Plug-ins.

@ronnynch if you'd like to try out the software you can sign up for a free 30 day trial at https://www.metacoda.com/en/evaluation/

The installation is local to where your SAS Management Console is installed and takes less than 5 minutes. You can then explore SAS metadata security from numerous perspectives, as well as produce reports. The plug-ins help SAS admins maintain the security integrity of their SAS platform.

If you have any questions, please feel free to contact us.

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com