Dear Community,
I'm using SAS Viya 2025.03 Visual Investigator and I have trouble implementing a record level access control. The problem is that the access of a record to a certain user is determined by the alignment of multiple variables and these variables can hold a large set of values.
I found that the built-in authorization fuctionality cannot handle such complexity, so any help would be well appreciated.
For easier understanding, let me give an example:
VAR1 and VAR2 are not nullable variables in an entity table. VAR1 values range from A to Z (26 distinct values), VAR2 range from 1 to 100 (100 distinct values). Permissions must cover all the 26x100=2600 combinations.
I want my test user to have access to records where VAR1 in {'C','D'} AND simultaneously VAR2 in {52,53}.
I was thinking about creating a group for each value of the two variable, and make the data accessible for users who hold permission both VAR1-wise AND VAR2-wise. My test user would be member of group_C, group_D, group_52 and group_53.
But since permissions are additive, the 'AND' operation between the two dimensions is impossible to do.
My user would end up getting access to all the Cs, Ds, 52s and 53s, instead of the intersection of C∪D and 52∪53.
Alternatively, I could create 2600 groups and add my test user to group_C_52, group_C_53, group_D_52 and group_D_53.
But it's too many groups and way too many user assignments to implement. And there could be more dimensions beyond VAR1 and VAR2...
Please give me viable options for the above problem
Thank you