Dear all
Is there any way to create a dataset with a list of SAS metadata roles and associated capabilities?
like a matrix in 5.1
@MSMM ,
Here you go:
/* Create lists of Metadata Roles and their Assigned Product Capabilities */
%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/* Create Table of all Roles */
data Role;
length type $32
id Roleid $17 RoleName Role_obj Role_Uri Role_desc $ 256 ;
call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
Roles=metadata_resolve(Role_obj,type,id);
*put Roles= id=;
if (Roles >0) then do n = 1 to Roles;
nobj=metadata_getnobj(Role_obj,n,Role_Uri);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put rc= RoleName=;
rc= metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
*Put RoleId= RoleName= Role_desc=;
output;
end;
run;
/* Create table of Capabilities and Associated Roles */
data AceExe;
length type $32 id AceId PTreeId ApActId RoleId TreeId SCid AceName $17
Ace_obj Ace_Uri ApAct_desc ApActuri RoleName Capability Role_Uri
Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
ApActIdent $32 ProductName $60;
lable ApAct_desc="Capability Description"
RoleName="Role Name"
catName="Category Name"
ProductName="Product Name";
call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
ProductName, SoftComp_Uri,SCid,
ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);
Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
"[Permissions/Permission[@Name='Execute']]",
" and [Objects/ApplicationAction]");
Aces=metadata_resolve(Ace_obj,type,id);
*put Aces= id=;
if (Aces >0) then do n = 1 to Aces;
nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
rc= metadata_getattr(Ace_Uri, "Name", AceName);
rc= metadata_getattr(Ace_Uri, "Id", AceId);
*Put AceId= AceName= ;
ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
rc=metadata_getattr(ApActuri, "Id", ApActId);
rc= metadata_getattr(ApActuri, "Name", Capability);
rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
*put AceId= ApActIdent= ApAct_desc=;
trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
if (trees >0) then do j=1 to 1;
call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId,
PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName );
tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
rc=metadata_getattr(Tree_Uri, "Id", TreeId);
rc= metadata_getattr(Tree_Uri, "Name", TreeName);
rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
rc=metadata_getattr(PTree_Uri, "Id", PtreeId);
SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
if SoftComps=1 then do;
rc=metadata_getattr(SoftComp_Uri, "Id", SCId);
rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);
put j= TreeId= TreeName= TreeDesc= ProductName=;
end;
else put TreeId= TreeName= SoftComp= PTreeDesc=;
end;
assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
if (assocroles >0) then do j=1 to assocroles;
assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
rc=metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put j= ApActIdent= RoleId= RoleName= ;
output;
call missing(Role_Uri,RoleId, RoleName);
end;
else output;
call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
Capability,ApActIdent);
end;
j=0;
run;
ods listing close;
filename htmout "&htmout";
ods html body=htmout (no_bottom_matter) style=barrettsblue;
%let now=%sysfunc(datetime(),datetime32.);
proc sql noprint;
create view rolecapable as
select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
order by RoleName, ProductName, TreeName, capability;
quit;
run;
options nobyline;
Title " &now - Roles and their assigned Product Capabilities";
title2 'for #byval(RoleName)';
proc report data=rolecapable headline nowd headskip;
by rolename;
column Rolename ProductName TreeName capability ApAct_desc ;
define RoleName / order format=$45. ;
define ProductName / order format=$45. ;
define TreeName / order format=$40. ;
define ApAct_desc /display style(column)=[cellwidth=3in];
/* define Treedesc /order style(column)=[cellwidth=3in]; */
define capability / display ;
break after Rolename / ol
summarize
skip;
compute after RoleName;
line ' ';
endcomp;
run;
ods html close;
filename htmout "&htmout" mod;
filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description"
from role where RoleId not in (select RoleId from Aceexe);
quit;
ods html close;
Yes it is possible. I have done this before using metadata-functions, unfortunately i don't have access to the code right know.
Could you please try to share it with me , urgent
@MSMM ,
Here you go:
/* Create lists of Metadata Roles and their Assigned Product Capabilities */
%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/* Create Table of all Roles */
data Role;
length type $32
id Roleid $17 RoleName Role_obj Role_Uri Role_desc $ 256 ;
call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
Roles=metadata_resolve(Role_obj,type,id);
*put Roles= id=;
if (Roles >0) then do n = 1 to Roles;
nobj=metadata_getnobj(Role_obj,n,Role_Uri);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put rc= RoleName=;
rc= metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
*Put RoleId= RoleName= Role_desc=;
output;
end;
run;
/* Create table of Capabilities and Associated Roles */
data AceExe;
length type $32 id AceId PTreeId ApActId RoleId TreeId SCid AceName $17
Ace_obj Ace_Uri ApAct_desc ApActuri RoleName Capability Role_Uri
Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
ApActIdent $32 ProductName $60;
lable ApAct_desc="Capability Description"
RoleName="Role Name"
catName="Category Name"
ProductName="Product Name";
call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
ProductName, SoftComp_Uri,SCid,
ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);
Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
"[Permissions/Permission[@Name='Execute']]",
" and [Objects/ApplicationAction]");
Aces=metadata_resolve(Ace_obj,type,id);
*put Aces= id=;
if (Aces >0) then do n = 1 to Aces;
nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
rc= metadata_getattr(Ace_Uri, "Name", AceName);
rc= metadata_getattr(Ace_Uri, "Id", AceId);
*Put AceId= AceName= ;
ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
rc=metadata_getattr(ApActuri, "Id", ApActId);
rc= metadata_getattr(ApActuri, "Name", Capability);
rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
*put AceId= ApActIdent= ApAct_desc=;
trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
if (trees >0) then do j=1 to 1;
call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId,
PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName );
tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
rc=metadata_getattr(Tree_Uri, "Id", TreeId);
rc= metadata_getattr(Tree_Uri, "Name", TreeName);
rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
rc=metadata_getattr(PTree_Uri, "Id", PtreeId);
SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
if SoftComps=1 then do;
rc=metadata_getattr(SoftComp_Uri, "Id", SCId);
rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);
put j= TreeId= TreeName= TreeDesc= ProductName=;
end;
else put TreeId= TreeName= SoftComp= PTreeDesc=;
end;
assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
if (assocroles >0) then do j=1 to assocroles;
assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
rc=metadata_getattr(Role_Uri, "Id", RoleId);
rc= metadata_getattr(Role_Uri, "Name", RoleName);
*put j= ApActIdent= RoleId= RoleName= ;
output;
call missing(Role_Uri,RoleId, RoleName);
end;
else output;
call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
Capability,ApActIdent);
end;
j=0;
run;
ods listing close;
filename htmout "&htmout";
ods html body=htmout (no_bottom_matter) style=barrettsblue;
%let now=%sysfunc(datetime(),datetime32.);
proc sql noprint;
create view rolecapable as
select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
order by RoleName, ProductName, TreeName, capability;
quit;
run;
options nobyline;
Title " &now - Roles and their assigned Product Capabilities";
title2 'for #byval(RoleName)';
proc report data=rolecapable headline nowd headskip;
by rolename;
column Rolename ProductName TreeName capability ApAct_desc ;
define RoleName / order format=$45. ;
define ProductName / order format=$45. ;
define TreeName / order format=$40. ;
define ApAct_desc /display style(column)=[cellwidth=3in];
/* define Treedesc /order style(column)=[cellwidth=3in]; */
define capability / display ;
break after Rolename / ol
summarize
skip;
compute after RoleName;
line ' ';
endcomp;
run;
ods html close;
filename htmout "&htmout" mod;
filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description"
from role where RoleId not in (select RoleId from Aceexe);
quit;
ods html close;
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.
Find more tutorials on the SAS Users YouTube channel.