cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
TapioKalmi
SAS Employee TapioKalmi
SAS Employee

Juletip #4 - In Christmas you open only your own presents. But how to open only the right files?

Posted 12-04-2020 02:29 AM (453 views)

Everybody knows how big mistake it would be if you open a present which is aimed to somebody else. Even quite young children learn to read their own names and they can find the right presents in a glimpse of an eye. Likewise trying to include all autoexec_usermod.sas files may cause errors, if you have many properly secured application folders in one SAS Application Server instance. But how to effectively find out if any given user have access to a given application folder?

 

Think about a scenario where you will have hundreds of independent SAS applications used side by side. You really don't want to have hundreds of SAS Application Servers in your metadata. Therefore you define many applications into one SAS Application Server instance. You also want to give the possibility to make some application level usermods. You include application level usermods programs into SAS Application Server usermods program by using include command with a reference to a file in application folder.

 

Then you find out that some applications needs to be secured tightly because of GDPR or any other requirements. Securing is done at operational system level by restricting the read and write rights only to the given user groups. Then you think that all is done? Nope. When application level usermods programs are in application folders, those files can not be seen by anybody else but the members of the given user groups. All other users will get error message from the autoexec every time they start SAS session. It's just like they have tried to open a wrong present, oops!

 

But how to check the file availability as fast as possible? And without any errors? If you build any logic to check the user rights from metadata, it will take too long time. Think that you may have tens or hundreds of applications and these checks should be done for every application at every start of SAS session of any SAS user ...

 

Please find below a sample macro, which is one light and fast solution for this case. I have used it when including SAS autoexec_usermods.sas files from secured application folders, but the same idea can be used also in any other similar use cases.

 

%macro include_file(filename);
    /*
    Include command may give an error if access right is not given.

    To avoid the error from include command, we first try to open the file for read
    and check if it is possible.
    If it is ok, then also include will succeed and it can be done.
    If file open does not give valid file id (fid), then also include command would not work
    and therefore it should not be done.

    This functionality is normal also in that case when we do not get valid fid.
    Therefore this macro does not print any system error message to the log.
    */
    %local fileref rc fid;
    %let fileref=usermods;
    %let rc=%sysfunc(filename(fileref,&filename));
    %let fid=%sysfunc(fopen(&fileref));
    %if &fid gt 0 %then %do;
        %let rc =%sysfunc(fclose(&fid));
        %include "&filename";
    %end;
%mend include_file;

 

Sample macro call: %include_file(/sasfolders/lev1/my_application/my_application_autoexec_usermods.sas)

 

 

Reply

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Discussion stats
  • 0 replies
  • ‎12-04-2020 02:29 AM
  • 454 views
  • 6 likes
  • 1 in conversation