BookmarkSubscribeRSS Feed
LenHarbottle
Fluorite | Level 6
Whilst using _METAUSER within a stored process, the result is being shown as a URL, e.g. @, whereas the user accounts are created using the format of \.

This is causing no groups to be identified, when trying to match the user running the stored process against the actual list of groups that the user has been assigned against.

Is there a specific configuration setting that is causing this? If not, how do we overcome this discrepancy?
6 REPLIES 6
Vince_SAS
Rhodochrosite | Level 12
Do you maintain the the "actual list of groups that the user has been assigned against", or are you somehow extracting that from the SAS metadata?

Vince DelGobbo
SAS R&D
LenHarbottle
Fluorite | Level 6
The assignment to groups is carried out outside of metadata, using the users Windows AD account.
Whilst developing the stored process, using the windows AD account (corp\ to connect to the metaserver, the process works as expected.
Unfortunately, after converting the method of connecting to the metaserver, using variables of _METAUSER and password ($$$uid & $$pw), it was noted that the actual _METAUSER was in the format of @corp which returns "No Groups found" when trying to identify the assigned groups to this user, as this differs from the userid format of corp\.
Vince_SAS
Rhodochrosite | Level 12
I might have to send you to our Technical Support department to get a resolution.

What version of SAS are you running, 9.1.3 or 9.2?

Can you post a code snippet of the code that does this:

"...connecting to the metaserver, using variables of _METAUSER and password ($$$uid & $$pw) ..."

Can you post a code snippet that generates the "No Groups found" error, along with the full text of the error message?

Thanks.

Vince DelGobbo
SAS R&D
LenHarbottle
Fluorite | Level 6
We are using SAS 9.2.

An extract of the actual code is appended below, but please note that for security purposes I have had to edit out certain values, but I believe you should be able to follow the code.

%macro get_uid_var();

%global uid_var;
/* %let uid_var=SYSUSERID; Default value - replaced by user_id from _METADATA*/
%let uid_var=_METAUSER;

filename uvputlog '~/uvput.log';

proc printto log=uvput new;
run;
%put _all_;
proc printto;
run;
data _null_;
infile uvputlog;
input;
length inline $255;
inline=compress(_infile_,"_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789:,.-()*&^%$£!","k");
if index(inline,"_EGUSERID") gt 0 then
call symput('uid_var',"_EGUSERID");
if index(inline,"_METAUSER") gt 0 then
call symput('uid_var',"_METAUSER");
run;

data _null_;
msg=sysmsg();
put rc=;
put msg=;
run;

filename uvputlog clear;

%mend;
%macro get_users_grps;

/* metadata server that contains the user information. */

options metaserver=
metaport=8561
metauser=&&&uid_var
metapass=&&pw
metaprotocol=bridge
metarepository=Foundation;

data WORK.users_grps;
length uri name userid group groupuri loginuri $256 id $30;

/* Initialize variables to missing. */
n=1;
uri='';
name='';
userid='';
group='';
groupuri='';
id='';
loginuri='';

/* Determine how many person objects are defined. */
nobj=metadata_getnobj("omsobj:Person?@Id contains '.'",n,uri);
if nobj=0 then put 'No Persons available.';

else do while (nobj > 0);

/* Retrieve the current person's name & User ID. */
rc=metadata_getattr(uri, "Name", Name);
logassn=metadata_getnasn(uri,"Logins",1,loginuri);
if logassn > 0 then do;
rc3=metadata_getattr(loginuri, "UserID", UserID);
/* Get the group association information for the current person. */
a=1;
grpassn=metadata_getnasn(uri,"IdentityGroups",a,groupuri);
/* If this person does not belong to any groups, set their group */
/* variable to 'No groups' and output the name. */
if grpassn in (-3,-4) then do;
group="No groups";
output;
end;

/* If the person belongs to any groups, loop through the list */
/* and retrieve the name of each group, outputting each on a */
/* separate record. */
else do while (grpassn > 0);
rc2=metadata_getattr(groupuri, "Name", group);
a+1;
output;
grpassn=metadata_getnasn(uri,"IdentityGroups",a,groupuri);
end;
end;
/* Retrieve the next person's information. */
n+1;
nobj=metadata_getnobj("omsobj:Person?@Id contains '.'",n,uri);
end;
keep name userid group;
run;
%mend;

%macro display_exceptions(Region=,Area=,DateFrom=,DateTo=);
/* identify the Users UID */
%get_uid_var;
/* Identify the groups that the user belongs to, using uid as parameter */
%get_users_grps;
/* Initialise the display exceptions marker prior to confirming whether or not the user has access permissions) */
%let display_exception="N";
/* If Metadata server query fails, do not display exceptions */
proc sql noprint;
select count(*) into :num_recs from users_grps
where group in ('Testers');
quit;
%if &num_recs eq 0 %then %do; /* This is 0 as @corp not the same as */
%let display_exceptions="N";
title "***** ACCESS WARNING – Access Denied ******";
data WORK.TEMP;
length Warning $180;
Warning="You are not authorised to have access to this area.";
output;
Warning="If you believe you should have access then please contact the";
output;
Warning="System Administrator.";
output;
run;
proc print data=WORK.TEMP noobs;
run;
%end;
………
Vince_SAS
Rhodochrosite | Level 12
Did you migrate this code from SAS 9.1?

When using SAS 9.2, you automatically have a metadata connection to the server using the credentials of the user stored in the _METAUSER macro variable. Thus, you don't need to specify the METASERVER, METAPORT, METAUSER, etc. options.

Try removing the OPTIONS statement from your code to see if that rectifies the problem.

Vince DelGobbo
SAS R&D
LenHarbottle
Fluorite | Level 6
Thank you for this prompt response.

This code was based on a previously migrated stored process from 9.1 to 9.2, but following your advice, I have reworked the actual stored process omitting the connection options etc.

At the same time, I have also managed to manipulate the _METAUSER content to meet the windows AD format, using the following code to create the global variable (uid_var):

%let uid_var=corp\%sysfunc(scan(“&_METAUSER”,1,“@”)));

I believe this has now resolved my initial problems.

Thanks again for your support.

Len Harbottle

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 6 replies
  • 2640 views
  • 1 like
  • 2 in conversation