BookmarkSubscribeRSS Feed
GyaniBaba
Obsidian | Level 7
I am trying to develop a code which make a list of metadata users and their roles (not groups)

for example
userA is the part of roleA and groupA
And groupA is the part of groupB
And groupB is the part of roleB roleC

final output should be
userA roleA
userA roleB
userA roleC
9 REPLIES 9
Sajid01
Meteorite | Level 14

Unless there are other exclusions and conflicts, userA will be a member of Roles A,B and C.
As a general rule if there are conflicts , then permissions are denied.

GyaniBaba
Obsidian | Level 7
I am looking for code which make list of users and their roles (including nested)
SASKiwi
PROC Star

There are numerous posts on this topic in the Admin & Deploy forum like this one: https://communities.sas.com/t5/Administration-and-Deployment/SAS-Metadata-Roles-amp-Capabilities-Rep...

 

I'll leave you to search for others.

GyaniBaba
Obsidian | Level 7
I am looking for nested membership, sas have inbuilt macros to extract direct group/roles but when it comes to nested groups , it becomes tricky

I have user a mduextr macro output and have done some base sas program on the output to achieve desired result but code is not very good currently, hopefully i will be able to optimise it
SASKiwi
PROC Star

@gwootton is a great help on unravelling the complexities of SAS metadata. Maybe he can help in this case. But I suggest you search the admin forum for "metadata roles" to see if there are more relevant solutions to try.

GyaniBaba
Obsidian | Level 7
I haven’t been able to find any existing code which takes care of nested memberships, currently I am working on it and hopefully I will be able to post the final code in some days.

The idea is to use mduextr macro and then use the output tables , perform conditional nested loops and joins to achieve the the desired output
gwootton
SAS Super FREQ
This code to identify circular memberships might be helpful:

Circular Metadata-Group Membership Can Make You Dizzy!
https://support.sas.com/resources/papers/proceedings17/SAS0381-2017.pdf

The first half of this code builds from the MDUEXTR a parent/child data set (ALLGROUPS).

From there I suppose it would be a matter of associating the roles down that tree and in a data set and then translating that based on direct group membership for the users.
--
Greg Wootton | Principal Systems Technical Support Engineer
PaulHomes
Rhodochrosite | Level 12

I'm not sure if you are open to using a commercial product for this but if you are then you could consider our Metacoda Plug-ins Role Reviewer. It is a plug-in to SAS Management Console that presents a list of roles and their members via direct membership, indirect membership and implicit membership. Here is a sample screenshot:

 

roleinfo-members.png

It will also gracefully handle infinite loops in group memberships and role contributions and show/hide duplicate membership paths. If you are interested in capabilities then it also shows which capabilities are granted to members, directly or indirectly through role contributions. All of this information is available to export to HTML for security documentation purposes.

The plug-in will help if you want to quickly answer a question of who are all the members of this role and by what path or paths are they a member. If you are after the underlying data to do custom reporting not available in the plug-ins themselves then it can be exported into an XML format for which we provide SAS XML Libname Engine maps to query them as SAS tables - see https://github.com/Metacoda/sectest-maps

 

If this is of interest and you would like to try it out for yourself (as well as all of the other included plug-ins) then you can sign up for a free 30 day evaluation at https://www.metacoda.com/en/evaluation/  I'd be happy to arrange a web meeting to go through them in more detail if you like.

GyaniBaba
Obsidian | Level 7
Yes - metacoda is amazing and can help in many ways, but unfortunately currently we are just looking for above solution. Our metadata is not too complicated and easy to understand 🙂

Thanks for your suggestions

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 953 views
  • 5 likes
  • 5 in conversation