BookmarkSubscribeRSS Feed
Koenigpe
Calcite | Level 5

Hi,

I´m currently checking the  Row-level Security for LASR Tables (SAS(R) Visual Analytics 6.1: User's Guide).

Is it posible determine the current user in SAS VA to use it as part of the Row-Level Permission Conditions. Something like &SYSUSERID in SAS Macro. I would like to build a condition like  <responsible= "&SYSUSERID">  on the column "responsible" in the sas va dataset .

This would be an easy way to build a filter depending on the current user without setting the permissions on the table for each user.

Kind Regards,

Peter

7 REPLIES 7
MichelleHomes
Meteorite | Level 14

Hi Peter,

I am not sure you can use SAS macro variables to dynamically assign the row-level permission conditions. Perhaps instead of having the condition based on a user identity, using a group identity might help. I wrote a blog post about how to set this up and how you can see the underlying ACE permission condition XML at Conditional Grants in SAS Visual Analytics

In SAS Visual Analytics 7.1 there is a new parameters tab to set up global parameters in filters, calculated items, and aggregated measures more for the GUI rather than being used on the underlying LASR table SAS(R) Visual Analytics 7.1: User's Guide - Parameters

Kind Regards,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
pratikjageera
Obsidian | Level 7

Hi Michelle ,

 

How can I see what values do the variables SAS.Userid SAS.Personname, SAS.IdentityName hold , so that I can compare it with specific columns in my dataset.

I am applying row level security on dataset based on the logged in user.

 

Pratik

Allan_dk
Quartz | Level 8

In VA 6.1 you can write expressions like this

("rbs-"|| departmentname) IN ("SUB::SAS.IdentityGroups") OR "rbs-FullAccess" IN ("SUB::SAS.IdentityGroups")

If the user is member of the group "rbs-Sales" then they will have access to all rows where departmentname = 'Sales'.

I have a extra condition that allows users in the group 'rbs-FullAccess' to read all data.

There are other identity driven properties like SAS.Userid SAS.Personname, SAS.IdentityName that you can use.

BTW:

In VA 6.2 and 6.3 (and maybe even later versions) SAS have removed the option to write expression, and replaced the editor with a drag-and-drop editor, and you can not use identity driven properties.

There is a workaround.

You can activate the old editor on a table with a command like this

./sas-set-metadata-access -host servername -port 8561 -user USERNAME -password PASSWORD "Analytical LASR Data - Sandbox/SALES(Table)" -grant "SalesUsers":Read -condition '("rbs-"|| departmentname) IN ("SUB::SAS.IdentityGroups") OR "rbs-FullAccess" IN ("SUB::SAS.IdentityGroups")'

Koenigpe
Calcite | Level 5

Sounds promising! Thanks.

I will check solution.

MichelleHomes
Meteorite | Level 14

Hi,

How did you go with this? Do you require further assistance? Please mark question as answered correctly or helpful so that others know who may come across this in future.

Thanks,

Michelle

//Contact me to learn how Metacoda software can help keep your SAS platform secure - https://www.metacoda.com
SamirC_B_
Calcite | Level 5

Thank you, Allan.

Very useful information, it helped me a lot in my implementation.

pratikjageera
Obsidian | Level 7

Hi Allan_dk ,

 

How can I see what values do the variables SAS.Userid SAS.Personname, SAS.IdentityName hold , so that I can compare it with specific columns in my dataset.

I am applying row level security on dataset based on the logged in user.

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

Tips for filtering data sources in SAS Visual Analytics

See how to use one filter for multiple data sources by mapping your data from SAS’ Alexandria McCall.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • 13314 views
  • 8 likes
  • 5 in conversation