In case anyone wants to prevent users from bypassing metadata security in SAS EG here is a solution, albeit one that is not particularly efficient for the SAS EG user. Block off all host level access to data. Only allow access to data via information maps (apart for developers). Include, in all information maps, stored processes to access the RDBMS data. within the stored process code, explicitly write RDBMS connection details. Hide the code in your stored process using compiled macros. Remove all metadata permissions to libraries referencing your RDBMS data to ordinary users, making it difficult to write rogue information maps. No one can see RDBMS details. Only install Infromation Map studio to trusted developers and regularly audit metadata for rogue information maps. For really sensitive data, encrypt field values stored in the RDBMS and use decryption algorithms within the information map used for access. Upside - all security is now via metadata, and it is really hard to bypass. Downside - Opening up such an information map in SAS EG introduces a significant performance hit. Would be interested what Paul Holmes and/or Chris think about this approach to enforcing metatadata security for EG users. Nick ... View more

Thanks Tom and Art for your reply. The data will be in SQL, and so we have to implement OS security at both the metadata level and OS/database level is we were to use a persons individual credentials. Administratore will know that you can put all the metadata security in the world, but if a user has OS permissions, they can write a libname statement straight to the data and do what they want. By using information maps, which can access the data directly via a limited number of service accounts, we make sure that the information map has full access to the data, but only give users access to the information maps, not the data underneath. This works great if you access information maps using web report studio, as by default, this accesses data using the pooled workspace server. However, by default, SAS EG access information maps using the workspace server, and if the user does not have OS permission to the data, then, and only then, tries using the pooled workspace server. For a user who does not have OS/database permissions to the SQL server (which is what we intend) it means that SAS EG throws up an error, but still is able to process the information map. The reason in throws up an error is that it first tries to use the persons credentials and when it fails, an error ensues. This is unsightly for the user, and it also makes it an inefficient way of access information maps. For more info, see usage note 38948 So, whilst mediated access is a recommended approach by SAS to help overcome the limitations of metadata security, and it works, it is not ideal in  SAS EG in that processing of information maps is slow and an error is thrown, even though it works. It would be nice, given that SAS BI is metadata driven, that mediated access is more elegantly managed in SAS EG. Nick ... View more

Thanks Patrick, I have tried that, but it appears that when you run a stored process, it spawns a new SAS session, which is seperate from the SAS EG session from which it is run. Therefore, macro variables within the SAS EG session are not passed to the stored process. Therefore, my impression is that there is no way to automatically pass macro variable or other values from a SAS session to a stored process unless entered by a user from a prompt or, unless proc STP is used from a SAS program, which doesn't really solve my problem. Is this correct, or am I missing something? Nick ... View more

Hi Chris, Fantastic tools. Would you be willing to share your hard work and make the project files available? I would love to edit the code to create similar tools for searching and displaying our user defined formats. Regards, Nick ... View more

How about 9. Ability to easily remove formats from the viewer so that you can see the underlying values 10. Ability to drill down into the formats in the properties window i.e. see what the possible fomat values are. 11. Define a 'favourites' format list. ... View more

Sounds like you may have permission issues. Make sure the workspace server, stored process, and underlying data can be accessed by that account at the metadata level, and that the data can be accessed at the OS level. Nick ... View more

Hi, You need to run the STP on a workspace server rather that the STP server. Try reading this to find out more: http://support.sas.com/documentation/cdl/en/biasag/61237/HTML/default/viewer.htm#wsspovw.htm NIck ... View more

This may help. http://support.sas.com/kb/26/177.html Nick ... View more

Hi Chris, I too have definitely seen this phenomenon in EG 4.3 on a handful of occasions. To be honest, I cant say I can see a consistent reason for it. I usually just close and reopen. Regards, Nick ... View more

Actually, my solution does not address your problem. Apologies. Nick ... View more

The trick is to first create a datasets with distinct values for the 'Name' variable, then apply the monotonic function and merge back to the original dataset. This means having two nodes in EG, but I cant think of a way to do it in one step. Hope  thats clearer. Nick ... View more

Thanks Chris, Can you confirm if SAS EG 5.1 (or whatever it ends up being called) will be compatible with 4.3 custom tasks? Nick ... View more

Hi, You can also: 1. Using query builder, select the 'Name' variable and click 'select distinct values only' to create a new dataset. 2. User query builder and add a computed column 'count' defined with the function 'monotonic()' 3. Use query builder to merge back with the orginal dataset, and concatenate "Phone" and count. This means you dont have to change the phone number to numeric. Nick ... View more