BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
MSMM
SAS Employee

Dear all

 

Is there any way to create a dataset with a list of SAS metadata roles and associated capabilities?

like a matrix in 5.1

1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee

@MSMM ,

 

Here you go:

 

/*  Create lists of Metadata Roles and their Assigned Product Capabilities   */

%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/*  Create Table of all Roles    */

data Role;
      length type $32 
      id Roleid $17 RoleName  Role_obj Role_Uri  Role_desc $ 256 ;
	    call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
 	    Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
  	  Roles=metadata_resolve(Role_obj,type,id);
  	  *put Roles= id=;
      if (Roles >0) then do n = 1 to Roles;
    	   nobj=metadata_getnobj(Role_obj,n,Role_Uri);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
		     *put rc= RoleName=;
       	 rc= metadata_getattr(Role_Uri, "Id", RoleId);
       	 rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
       	 *Put RoleId= RoleName= Role_desc=;
       	 output;
      end;	
	run;
	
/*  Create table of Capabilities and Associated Roles  */
data AceExe;
   length type $32 id AceId PTreeId ApActId RoleId TreeId  SCid AceName $17   
     Ace_obj Ace_Uri  ApAct_desc  ApActuri RoleName Capability Role_Uri 
     Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
     ApActIdent $32 ProductName $60;
     lable ApAct_desc="Capability Description"
           RoleName="Role Name"
           catName="Category Name"
           ProductName="Product Name";
  
     call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
                  ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
                  ProductName, SoftComp_Uri,SCid,
                  ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
                  PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);

     Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
                 "[Permissions/Permission[@Name='Execute']]",
                 " and [Objects/ApplicationAction]");

    Aces=metadata_resolve(Ace_obj,type,id);
    *put Aces= id=;
    if (Aces >0) then do n = 1 to Aces;
    	nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
    	rc= metadata_getattr(Ace_Uri, "Name", AceName);
    	rc= metadata_getattr(Ace_Uri, "Id", AceId);
    	*Put AceId= AceName= ;
    	ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
	    rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
	    rc=metadata_getattr(ApActuri, "Id", ApActId);
      rc= metadata_getattr(ApActuri, "Name", Capability);
      rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
      *put AceId= ApActIdent= ApAct_desc=;
      trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
      if (trees >0) then do j=1 to 1;
  	      call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId, 
  	                   PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName  );
          tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
		     rc=metadata_getattr(Tree_Uri, "Id", TreeId);
    	   rc= metadata_getattr(Tree_Uri, "Name", TreeName);
    	   rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
    	   ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
    	   rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
    	   rc=metadata_getattr(PTree_Uri, "Id", PtreeId); 
    	   SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
    	   if SoftComps=1 then do;
    	     rc=metadata_getattr(SoftComp_Uri, "Id", SCId); 
   	       rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);   
   	       	   put j= TreeId=  TreeName=  TreeDesc= ProductName=;
         end;
         else put TreeId=  TreeName= SoftComp= PTreeDesc=;
     	end;
      assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
      if (assocroles >0) then do j=1 to assocroles;
         assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
		     rc=metadata_getattr(Role_Uri, "Id", RoleId);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
    	   *put j= ApActIdent=  RoleId= RoleName= ;
    	   output;
		     call missing(Role_Uri,RoleId, RoleName);
    	end;
      else output;
      call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
		                Capability,ApActIdent);
    	end;	
    	j=0;
	run;

	ods listing close;
	filename htmout "&htmout";

ods html body=htmout (no_bottom_matter) style=barrettsblue;
  %let now=%sysfunc(datetime(),datetime32.);
  proc sql noprint;
  
  create view rolecapable as
  select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
     order by RoleName, ProductName, TreeName, capability;
     quit;
  run;
options nobyline;
  Title " &now -  Roles and their assigned Product Capabilities";
  title2 'for #byval(RoleName)';  

proc report data=rolecapable headline nowd headskip;
	by rolename;
 	column Rolename  ProductName TreeName  capability ApAct_desc ;
 	define RoleName / order format=$45.   ;
 	define ProductName / order format=$45.   ;
 	define TreeName / order format=$40.   ;
 	define ApAct_desc /display   style(column)=[cellwidth=3in];
 	/* define Treedesc /order   style(column)=[cellwidth=3in]; */
 	define capability / display ;
 	break after Rolename / ol
                         summarize
                         skip;
  compute after RoleName;
   line ' ';
   endcomp;                                  
run;
ods html close;
filename htmout "&htmout" mod;

filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description" 
   from role where RoleId not in (select RoleId from Aceexe);
quit;

ods html close;

View solution in original post

4 REPLIES 4
andreas_lds
Jade | Level 19

Yes it is possible. I have done this before using metadata-functions, unfortunately i don't have access to the code right know.

MSMM
SAS Employee

Could you please try to share it with me , urgent

alexal
SAS Employee

@MSMM ,

 

Here you go:

 

/*  Create lists of Metadata Roles and their Assigned Product Capabilities   */

%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/*  Create Table of all Roles    */

data Role;
      length type $32 
      id Roleid $17 RoleName  Role_obj Role_Uri  Role_desc $ 256 ;
	    call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
 	    Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
  	  Roles=metadata_resolve(Role_obj,type,id);
  	  *put Roles= id=;
      if (Roles >0) then do n = 1 to Roles;
    	   nobj=metadata_getnobj(Role_obj,n,Role_Uri);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
		     *put rc= RoleName=;
       	 rc= metadata_getattr(Role_Uri, "Id", RoleId);
       	 rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
       	 *Put RoleId= RoleName= Role_desc=;
       	 output;
      end;	
	run;
	
/*  Create table of Capabilities and Associated Roles  */
data AceExe;
   length type $32 id AceId PTreeId ApActId RoleId TreeId  SCid AceName $17   
     Ace_obj Ace_Uri  ApAct_desc  ApActuri RoleName Capability Role_Uri 
     Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
     ApActIdent $32 ProductName $60;
     lable ApAct_desc="Capability Description"
           RoleName="Role Name"
           catName="Category Name"
           ProductName="Product Name";
  
     call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
                  ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
                  ProductName, SoftComp_Uri,SCid,
                  ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
                  PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);

     Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
                 "[Permissions/Permission[@Name='Execute']]",
                 " and [Objects/ApplicationAction]");

    Aces=metadata_resolve(Ace_obj,type,id);
    *put Aces= id=;
    if (Aces >0) then do n = 1 to Aces;
    	nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
    	rc= metadata_getattr(Ace_Uri, "Name", AceName);
    	rc= metadata_getattr(Ace_Uri, "Id", AceId);
    	*Put AceId= AceName= ;
    	ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
	    rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
	    rc=metadata_getattr(ApActuri, "Id", ApActId);
      rc= metadata_getattr(ApActuri, "Name", Capability);
      rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
      *put AceId= ApActIdent= ApAct_desc=;
      trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
      if (trees >0) then do j=1 to 1;
  	      call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId, 
  	                   PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName  );
          tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
		     rc=metadata_getattr(Tree_Uri, "Id", TreeId);
    	   rc= metadata_getattr(Tree_Uri, "Name", TreeName);
    	   rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
    	   ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
    	   rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
    	   rc=metadata_getattr(PTree_Uri, "Id", PtreeId); 
    	   SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
    	   if SoftComps=1 then do;
    	     rc=metadata_getattr(SoftComp_Uri, "Id", SCId); 
   	       rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);   
   	       	   put j= TreeId=  TreeName=  TreeDesc= ProductName=;
         end;
         else put TreeId=  TreeName= SoftComp= PTreeDesc=;
     	end;
      assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
      if (assocroles >0) then do j=1 to assocroles;
         assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
		     rc=metadata_getattr(Role_Uri, "Id", RoleId);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
    	   *put j= ApActIdent=  RoleId= RoleName= ;
    	   output;
		     call missing(Role_Uri,RoleId, RoleName);
    	end;
      else output;
      call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
		                Capability,ApActIdent);
    	end;	
    	j=0;
	run;

	ods listing close;
	filename htmout "&htmout";

ods html body=htmout (no_bottom_matter) style=barrettsblue;
  %let now=%sysfunc(datetime(),datetime32.);
  proc sql noprint;
  
  create view rolecapable as
  select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
     order by RoleName, ProductName, TreeName, capability;
     quit;
  run;
options nobyline;
  Title " &now -  Roles and their assigned Product Capabilities";
  title2 'for #byval(RoleName)';  

proc report data=rolecapable headline nowd headskip;
	by rolename;
 	column Rolename  ProductName TreeName  capability ApAct_desc ;
 	define RoleName / order format=$45.   ;
 	define ProductName / order format=$45.   ;
 	define TreeName / order format=$40.   ;
 	define ApAct_desc /display   style(column)=[cellwidth=3in];
 	/* define Treedesc /order   style(column)=[cellwidth=3in]; */
 	define capability / display ;
 	break after Rolename / ol
                         summarize
                         skip;
  compute after RoleName;
   line ' ';
   endcomp;                                  
run;
ods html close;
filename htmout "&htmout" mod;

filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description" 
   from role where RoleId not in (select RoleId from Aceexe);
quit;

ods html close;
MSMM
SAS Employee
appreciate your support, many thanks I will check it

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 2932 views
  • 4 likes
  • 3 in conversation