Dear all
Is there any way to create a dataset with a list of SAS metadata roles and associated capabilities?
like a matrix in 5.1
@MSMM ,
Here you go:
/* Create lists of Metadata Roles and their Assigned Product Capabilities */
%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/* Create Table of all Roles */
data Role;
length type $32
id Roleid $17 RoleName Role_obj Role_Uri Role_desc $ 256 ;
call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
Roles=metadata_resolve(Role_obj,type,id);
*put Roles= id=;
if (Roles >0) then do n = 1 to Roles;
nobj=metadata_getnobj(Role_obj,n,Role_Uri);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put rc= RoleName=;
rc= metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
*Put RoleId= RoleName= Role_desc=;
output;
end;
run;
/* Create table of Capabilities and Associated Roles */
data AceExe;
length type $32 id AceId PTreeId ApActId RoleId TreeId SCid AceName $17
Ace_obj Ace_Uri ApAct_desc ApActuri RoleName Capability Role_Uri
Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
ApActIdent $32 ProductName $60;
lable ApAct_desc="Capability Description"
RoleName="Role Name"
catName="Category Name"
ProductName="Product Name";
call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
ProductName, SoftComp_Uri,SCid,
ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);
Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
"[Permissions/Permission[@Name='Execute']]",
" and [Objects/ApplicationAction]");
Aces=metadata_resolve(Ace_obj,type,id);
*put Aces= id=;
if (Aces >0) then do n = 1 to Aces;
nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
rc= metadata_getattr(Ace_Uri, "Name", AceName);
rc= metadata_getattr(Ace_Uri, "Id", AceId);
*Put AceId= AceName= ;
ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
rc=metadata_getattr(ApActuri, "Id", ApActId);
rc= metadata_getattr(ApActuri, "Name", Capability);
rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
*put AceId= ApActIdent= ApAct_desc=;
trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
if (trees >0) then do j=1 to 1;
call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId,
PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName );
tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
rc=metadata_getattr(Tree_Uri, "Id", TreeId);
rc= metadata_getattr(Tree_Uri, "Name", TreeName);
rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
rc=metadata_getattr(PTree_Uri, "Id", PtreeId);
SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
if SoftComps=1 then do;
rc=metadata_getattr(SoftComp_Uri, "Id", SCId);
rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);
put j= TreeId= TreeName= TreeDesc= ProductName=;
end;
else put TreeId= TreeName= SoftComp= PTreeDesc=;
end;
assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
if (assocroles >0) then do j=1 to assocroles;
assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
rc=metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put j= ApActIdent= RoleId= RoleName= ;
output;
call missing(Role_Uri,RoleId, RoleName);
end;
else output;
call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
Capability,ApActIdent);
end;
j=0;
run;
ods listing close;
filename htmout "&htmout";
ods html body=htmout (no_bottom_matter) style=barrettsblue;
%let now=%sysfunc(datetime(),datetime32.);
proc sql noprint;
create view rolecapable as
select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
order by RoleName, ProductName, TreeName, capability;
quit;
run;
options nobyline;
Title " &now - Roles and their assigned Product Capabilities";
title2 'for #byval(RoleName)';
proc report data=rolecapable headline nowd headskip;
by rolename;
column Rolename ProductName TreeName capability ApAct_desc ;
define RoleName / order format=$45. ;
define ProductName / order format=$45. ;
define TreeName / order format=$40. ;
define ApAct_desc /display style(column)=[cellwidth=3in];
/* define Treedesc /order style(column)=[cellwidth=3in]; */
define capability / display ;
break after Rolename / ol
summarize
skip;
compute after RoleName;
line ' ';
endcomp;
run;
ods html close;
filename htmout "&htmout" mod;
filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description"
from role where RoleId not in (select RoleId from Aceexe);
quit;
ods html close;
Yes it is possible. I have done this before using metadata-functions, unfortunately i don't have access to the code right know.
Could you please try to share it with me , urgent
@MSMM ,
Here you go:
/* Create lists of Metadata Roles and their Assigned Product Capabilities */
%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/* Create Table of all Roles */
data Role;
length type $32
id Roleid $17 RoleName Role_obj Role_Uri Role_desc $ 256 ;
call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
Roles=metadata_resolve(Role_obj,type,id);
*put Roles= id=;
if (Roles >0) then do n = 1 to Roles;
nobj=metadata_getnobj(Role_obj,n,Role_Uri);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put rc= RoleName=;
rc= metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
*Put RoleId= RoleName= Role_desc=;
output;
end;
run;
/* Create table of Capabilities and Associated Roles */
data AceExe;
length type $32 id AceId PTreeId ApActId RoleId TreeId SCid AceName $17
Ace_obj Ace_Uri ApAct_desc ApActuri RoleName Capability Role_Uri
Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
ApActIdent $32 ProductName $60;
lable ApAct_desc="Capability Description"
RoleName="Role Name"
catName="Category Name"
ProductName="Product Name";
call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
ProductName, SoftComp_Uri,SCid,
ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);
Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
"[Permissions/Permission[@Name='Execute']]",
" and [Objects/ApplicationAction]");
Aces=metadata_resolve(Ace_obj,type,id);
*put Aces= id=;
if (Aces >0) then do n = 1 to Aces;
nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
rc= metadata_getattr(Ace_Uri, "Name", AceName);
rc= metadata_getattr(Ace_Uri, "Id", AceId);
*Put AceId= AceName= ;
ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
rc=metadata_getattr(ApActuri, "Id", ApActId);
rc= metadata_getattr(ApActuri, "Name", Capability);
rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
*put AceId= ApActIdent= ApAct_desc=;
trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
if (trees >0) then do j=1 to 1;
call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId,
PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName );
tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
rc=metadata_getattr(Tree_Uri, "Id", TreeId);
rc= metadata_getattr(Tree_Uri, "Name", TreeName);
rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
rc=metadata_getattr(PTree_Uri, "Id", PtreeId);
SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
if SoftComps=1 then do;
rc=metadata_getattr(SoftComp_Uri, "Id", SCId);
rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);
put j= TreeId= TreeName= TreeDesc= ProductName=;
end;
else put TreeId= TreeName= SoftComp= PTreeDesc=;
end;
assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
if (assocroles >0) then do j=1 to assocroles;
assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
rc=metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put j= ApActIdent= RoleId= RoleName= ;
output;
call missing(Role_Uri,RoleId, RoleName);
end;
else output;
call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
Capability,ApActIdent);
end;
j=0;
run;
ods listing close;
filename htmout "&htmout";
ods html body=htmout (no_bottom_matter) style=barrettsblue;
%let now=%sysfunc(datetime(),datetime32.);
proc sql noprint;
create view rolecapable as
select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
order by RoleName, ProductName, TreeName, capability;
quit;
run;
options nobyline;
Title " &now - Roles and their assigned Product Capabilities";
title2 'for #byval(RoleName)';
proc report data=rolecapable headline nowd headskip;
by rolename;
column Rolename ProductName TreeName capability ApAct_desc ;
define RoleName / order format=$45. ;
define ProductName / order format=$45. ;
define TreeName / order format=$40. ;
define ApAct_desc /display style(column)=[cellwidth=3in];
/* define Treedesc /order style(column)=[cellwidth=3in]; */
define capability / display ;
break after Rolename / ol
summarize
skip;
compute after RoleName;
line ' ';
endcomp;
run;
ods html close;
filename htmout "&htmout" mod;
filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description"
from role where RoleId not in (select RoleId from Aceexe);
quit;
ods html close;
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.