cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
MSMM
SAS Employee MSMM
SAS Employee
Go to Solution.

Get roles and their capabilities from metadata.

Posted 03-26-2019 07:53 AM (2210 views)

Dear all

 

Is there any way to create a dataset with a list of SAS metadata roles and associated capabilities?

like a matrix in 5.1

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
alexal
SAS Employee alexal
SAS Employee

Re: Get roles and their capabilities from metadata.

Posted 03-26-2019 09:05 AM (2187 views)  |   In reply to MSMM

@MSMM ,

 

Here you go:

 

/*  Create lists of Metadata Roles and their Assigned Product Capabilities   */

%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/*  Create Table of all Roles    */

data Role;
      length type $32 
      id Roleid $17 RoleName  Role_obj Role_Uri  Role_desc $ 256 ;
	    call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
 	    Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
  	  Roles=metadata_resolve(Role_obj,type,id);
  	  *put Roles= id=;
      if (Roles >0) then do n = 1 to Roles;
    	   nobj=metadata_getnobj(Role_obj,n,Role_Uri);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
		     *put rc= RoleName=;
       	 rc= metadata_getattr(Role_Uri, "Id", RoleId);
       	 rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
       	 *Put RoleId= RoleName= Role_desc=;
       	 output;
      end;	
	run;
	
/*  Create table of Capabilities and Associated Roles  */
data AceExe;
   length type $32 id AceId PTreeId ApActId RoleId TreeId  SCid AceName $17   
     Ace_obj Ace_Uri  ApAct_desc  ApActuri RoleName Capability Role_Uri 
     Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
     ApActIdent $32 ProductName $60;
     lable ApAct_desc="Capability Description"
           RoleName="Role Name"
           catName="Category Name"
           ProductName="Product Name";
  
     call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
                  ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
                  ProductName, SoftComp_Uri,SCid,
                  ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
                  PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);

     Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
                 "[Permissions/Permission[@Name='Execute']]",
                 " and [Objects/ApplicationAction]");

    Aces=metadata_resolve(Ace_obj,type,id);
    *put Aces= id=;
    if (Aces >0) then do n = 1 to Aces;
    	nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
    	rc= metadata_getattr(Ace_Uri, "Name", AceName);
    	rc= metadata_getattr(Ace_Uri, "Id", AceId);
    	*Put AceId= AceName= ;
    	ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
	    rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
	    rc=metadata_getattr(ApActuri, "Id", ApActId);
      rc= metadata_getattr(ApActuri, "Name", Capability);
      rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
      *put AceId= ApActIdent= ApAct_desc=;
      trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
      if (trees >0) then do j=1 to 1;
  	      call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId, 
  	                   PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName  );
          tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
		     rc=metadata_getattr(Tree_Uri, "Id", TreeId);
    	   rc= metadata_getattr(Tree_Uri, "Name", TreeName);
    	   rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
    	   ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
    	   rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
    	   rc=metadata_getattr(PTree_Uri, "Id", PtreeId); 
    	   SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
    	   if SoftComps=1 then do;
    	     rc=metadata_getattr(SoftComp_Uri, "Id", SCId); 
   	       rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);   
   	       	   put j= TreeId=  TreeName=  TreeDesc= ProductName=;
         end;
         else put TreeId=  TreeName= SoftComp= PTreeDesc=;
     	end;
      assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
      if (assocroles >0) then do j=1 to assocroles;
         assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
		     rc=metadata_getattr(Role_Uri, "Id", RoleId);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
    	   *put j= ApActIdent=  RoleId= RoleName= ;
    	   output;
		     call missing(Role_Uri,RoleId, RoleName);
    	end;
      else output;
      call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
		                Capability,ApActIdent);
    	end;	
    	j=0;
	run;

	ods listing close;
	filename htmout "&htmout";

ods html body=htmout (no_bottom_matter) style=barrettsblue;
  %let now=%sysfunc(datetime(),datetime32.);
  proc sql noprint;
  
  create view rolecapable as
  select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
     order by RoleName, ProductName, TreeName, capability;
     quit;
  run;
options nobyline;
  Title " &now -  Roles and their assigned Product Capabilities";
  title2 'for #byval(RoleName)';  

proc report data=rolecapable headline nowd headskip;
	by rolename;
 	column Rolename  ProductName TreeName  capability ApAct_desc ;
 	define RoleName / order format=$45.   ;
 	define ProductName / order format=$45.   ;
 	define TreeName / order format=$40.   ;
 	define ApAct_desc /display   style(column)=[cellwidth=3in];
 	/* define Treedesc /order   style(column)=[cellwidth=3in]; */
 	define capability / display ;
 	break after Rolename / ol
                         summarize
                         skip;
  compute after RoleName;
   line ' ';
   endcomp;                                  
run;
ods html close;
filename htmout "&htmout" mod;

filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description" 
   from role where RoleId not in (select RoleId from Aceexe);
quit;

ods html close;

View solution in original post

4 REPLIES 4
andreas_lds
PROC Star andreas_lds
PROC Star

Re: Get roles and their capabilities from metadata.

Posted 03-26-2019 08:50 AM (2198 views)  |   In reply to MSMM

Yes it is possible. I have done this before using metadata-functions, unfortunately i don't have access to the code right know.

0 Likes
MSMM
SAS Employee MSMM
SAS Employee

Re: Get roles and their capabilities from metadata.

Posted 03-26-2019 08:58 AM (2194 views)  |   In reply to andreas_lds

Could you please try to share it with me , urgent

0 Likes
alexal
SAS Employee alexal
SAS Employee

Re: Get roles and their capabilities from metadata.

Posted 03-26-2019 09:05 AM (2188 views)  |   In reply to MSMM

@MSMM ,

 

Here you go:

 

/*  Create lists of Metadata Roles and their Assigned Product Capabilities   */

%let htmout= 'Roles_Product_capabilities.html';
filename htmout 'Roles_Procuct_capabilities.html';
/*  Create Table of all Roles    */

data Role;
      length type $32 
      id Roleid $17 RoleName  Role_obj Role_Uri  Role_desc $ 256 ;
	    call missing(type, id, RoleName ,Role_obj, RoleId,Role_desc, Role_Uri);
 	    Role_obj=cat("omsobj:IdentityGroup?IdentityGroup[@GroupType='Role']");
  	  Roles=metadata_resolve(Role_obj,type,id);
  	  *put Roles= id=;
      if (Roles >0) then do n = 1 to Roles;
    	   nobj=metadata_getnobj(Role_obj,n,Role_Uri);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
		     *put rc= RoleName=;
       	 rc= metadata_getattr(Role_Uri, "Id", RoleId);
       	 rc= metadata_getattr(Role_Uri, "Desc", Role_desc);
       	 *Put RoleId= RoleName= Role_desc=;
       	 output;
      end;	
	run;
	
/*  Create table of Capabilities and Associated Roles  */
data AceExe;
   length type $32 id AceId PTreeId ApActId RoleId TreeId  SCid AceName $17   
     Ace_obj Ace_Uri  ApAct_desc  ApActuri RoleName Capability Role_Uri 
     Tree_Uri TreeDesc TreeName SoftComp_Uri PTreeDesc PTree_Uri$256
     ApActIdent $32 ProductName $60;
     lable ApAct_desc="Capability Description"
           RoleName="Role Name"
           catName="Category Name"
           ProductName="Product Name";
  
     call missing(type, id, AceName ,Ace_obj, AceId,ApAct_desc, Ace_Uri,
                  ApActId,Role_Uri, ApActIdent, RoleId, RoleName,
                  ProductName, SoftComp_Uri,SCid,
                  ApActuri,Capability, Tree_Uri, TreeId, TreeName, TreeDesc,
                  PTreeId, PTreeDesc,PTree_Uri, SoftComp_Uri, ProductName);

     Ace_obj=cat("omsobj:AccessControlEntry?AccessControlEntry",
                 "[Permissions/Permission[@Name='Execute']]",
                 " and [Objects/ApplicationAction]");

    Aces=metadata_resolve(Ace_obj,type,id);
    *put Aces= id=;
    if (Aces >0) then do n = 1 to Aces;
    	nobj=metadata_getnobj(Ace_obj,n,Ace_Uri);
    	rc= metadata_getattr(Ace_Uri, "Name", AceName);
    	rc= metadata_getattr(Ace_Uri, "Id", AceId);
    	*Put AceId= AceName= ;
    	ApACTs=metadata_getnasn(Ace_Uri,"Objects",1,ApActuri);
	    rc=metadata_getattr(ApActuri, "Desc", ApAct_desc);
	    rc=metadata_getattr(ApActuri, "Id", ApActId);
      rc= metadata_getattr(ApActuri, "Name", Capability);
      rc=metadata_getattr(ApActuri, "ActionIdentifier", ApActIdent);
      *put AceId= ApActIdent= ApAct_desc=;
      trees=metadata_getnasn(ApActuri,"Trees",1,Tree_Uri);
      if (trees >0) then do j=1 to 1;
  	      call missing(Tree_Uri,TreeId, TreeName, TreeDesc, PTreeId, 
  	                   PTreeDesc, PTree_Uri, SoftComp_Uri, ProductName  );
          tree=metadata_getnasn(ApActuri,"Trees",j,Tree_Uri);
		     rc=metadata_getattr(Tree_Uri, "Id", TreeId);
    	   rc= metadata_getattr(Tree_Uri, "Name", TreeName);
    	   rc= metadata_getattr(Tree_Uri, "Desc", TreeDesc);
    	   ptrees=metadata_getnasn(Tree_Uri,"ParentTree",1,PTree_Uri);
    	   rc=metadata_getattr(PTree_Uri, "desc", PTreedesc);
    	   rc=metadata_getattr(PTree_Uri, "Id", PtreeId); 
    	   SoftComps=metadata_getnasn(PTree_Uri,"SoftwareComponents",1,SoftComp_Uri);
    	   if SoftComps=1 then do;
    	     rc=metadata_getattr(SoftComp_Uri, "Id", SCId); 
   	       rc=metadata_getattr(SoftComp_Uri, "ProductName", ProductName);   
   	       	   put j= TreeId=  TreeName=  TreeDesc= ProductName=;
         end;
         else put TreeId=  TreeName= SoftComp= PTreeDesc=;
     	end;
      assocroles=metadata_getnasn(Ace_Uri,"Identities",1,Role_Uri);
      if (assocroles >0) then do j=1 to assocroles;
         assocroles=metadata_getnasn(Ace_Uri,"Identities",j,Role_Uri);
		     rc=metadata_getattr(Role_Uri, "Id", RoleId);
    	   rc= metadata_getattr(Role_Uri, "Name", RoleName);
    	   *put j= ApActIdent=  RoleId= RoleName= ;
    	   output;
		     call missing(Role_Uri,RoleId, RoleName);
    	end;
      else output;
      call missing(Ace_Uri,AceId,ApActuri,ApAct_desc,ApActId,
		                Capability,ApActIdent);
    	end;	
    	j=0;
	run;

	ods listing close;
	filename htmout "&htmout";

ods html body=htmout (no_bottom_matter) style=barrettsblue;
  %let now=%sysfunc(datetime(),datetime32.);
  proc sql noprint;
  
  create view rolecapable as
  select RoleName, ProductName, capability, ApAct_desc, TreeName, TreeId, TreeDesc from aceexe
     order by RoleName, ProductName, TreeName, capability;
     quit;
  run;
options nobyline;
  Title " &now -  Roles and their assigned Product Capabilities";
  title2 'for #byval(RoleName)';  

proc report data=rolecapable headline nowd headskip;
	by rolename;
 	column Rolename  ProductName TreeName  capability ApAct_desc ;
 	define RoleName / order format=$45.   ;
 	define ProductName / order format=$45.   ;
 	define TreeName / order format=$40.   ;
 	define ApAct_desc /display   style(column)=[cellwidth=3in];
 	/* define Treedesc /order   style(column)=[cellwidth=3in]; */
 	define capability / display ;
 	break after Rolename / ol
                         summarize
                         skip;
  compute after RoleName;
   line ' ';
   endcomp;                                  
run;
ods html close;
filename htmout "&htmout" mod;

filename reports 'Roles_Procuct_capabilities.html' mod;
ods html body=reports(no_top_matter)anchor='end';
Title "Defined Roles which have no Product capabilities Assigned";
proc sql; select RoleName label="Role Name", Role_Desc label="Role Description" 
   from role where RoleId not in (select RoleId from Aceexe);
quit;

ods html close;
MSMM
SAS Employee MSMM
SAS Employee

Re: Get roles and their capabilities from metadata.

Posted 03-26-2019 09:11 AM (2185 views)  |   In reply to alexal
appreciate your support, many thanks I will check it
0 Likes

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Watch CLI in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎03-26-2019 07:53 AM
  • 2211 views
  • 4 likes
  • 3 in conversation