I would recommend opening a case with SAS Technical Support.   Carl Sommer - SAS Technical Support   ... View more

Please be aware that SAS 9.4 M4 is under Limited Support. See Older SAS 9.4 Platform Releases and Product Versions Moving to Limited... - SAS Support Communities   Carl Sommer - SAS Technical Support ... View more

And now I feel like I should have also said this instead.     Look at the Resources tab when you edit a compute context.   Reference SAS Help Center: Contexts Page A better reference / writeup:  Managing Connections to Data Sources and SAS Libraries for Compute Sessions in SAS Viya   Carl Sommer - SAS Technical Support ... View more

Given that there are no library objects in SAS VIya (aside from CASLIBS in CAS sessions), the Viya General Authorization system isn't able to help with library permissions or preassignment.   However youu could look at creating appropriate compute contexts for these purposes and permitting your users/groups to these contexts.   See SAS Help Center: SAS Compute: Server, Service, and Contexts and the section on the sas.compute.server: autoexec_code configuration instance.  If you truly needed highly-specific code, I've seen situations where PROC HTTP was used in the autoexec to determine the groups the user is in, and assign the librefs based upon that.   Carl Sommer - SAS Technical Support   ... View more

FYI - Steve has opened a tech support case on this; when it's resolved I'll update this thread with relevant information. Carl Sommer - SAS Technical Support ... View more

This sounds like your WORK library had an issue.   This could just be that you are making too-large of a metadata request.   Your original post said you were interested in what access specific groups had.   You could filter on both the member type (Library) and the specific group.   This is similar to what is shown in Example 3: ReadMetadata Permission for Libraries for a Specified User.   Here's the form of this, looking for all libraries where the ETLDevelopers group have WriteMetadata access:   %mdsecds(identitynames="ETLDevelopers", identitytypes="IdentityGroup", membertypes="Library", perms="WriteMetadata"); What do you have for MEMSIZE?  Have you verified your work library is OK?  Since it shows the H: drive, I suspect it is a network drive.   It's best to use a local disk for WORK.   If you continue to have issues, share your SAS log or open a case with SAS Technical Support.   Carl Sommer - SAS Technical Support  ... View more

Please see the documentation for SAS Help Center: %MDSECDS Security Report Macro .      Note that you likely have granted permissions using groups, so if you really want to report on an individual user, you will probably need to also use SAS Help Center: %MDUEXTR User Import Macro to generate tables of users and group memberships that you can join with the data from %MDSECDS to report at an individual user-level.   Here's an example invocation of %mdsecds to generate tables and a view in the WORK library for all libraries defined to metadata. %mdsecds(membertypes="Library");  Carl Sommer - SAS Technical Support ... View more

4 years later, and Allan's macro now lives at core/meta/mm_getfoldertree.sas at main · sasjs/core   Carl Sommer - SAS Technical Support ... View more

To amend what Greg suggested, you'll want to use both the STORE and the SECURE options. STORE provides macro compilation; SECURE provides encryption (so nosy people turning on MPRINT, etc get nada, zip, zilch) See Example 5: Using the %MACRO Statement with the STORE and SECURE Options   Carl Sommer - SAS Technical Support ... View more

As others have mentioned, importad.sas is the way to go for an automated method for maintaining users in metadata. However it's not wrong to define users manually either; however if you do, and intend to use importad..sas either now or in the future, be sure to define the external identity for the users you manually create, so that the matching key between metadata and your identity provider is in place.  See  SAS Help Center: External Identities   Carl Sommer - SAS Technical Support ... View more

SAS provides the %MDSECDS macro to build a set of tables for requested objects and their associated permissions. See SAS Help Center: Overview of the Security Report Macros.    I've not used the metacode plugin, but have heard great things about it.   Carl Sommer - SAS Technical Support ... View more

FYI, the link (http://go.documentation.sas.com/?cdcId=calcdc&cdcVersion=3.3&docsetId=calauthzgen&docsetTarget=n1xnhxt4tj57wzn1kdridi7u2g27.htm&locale=en#p06lel9je9mt0sn18xx4pjrvnmbz) in this text is broken:   Instead it means, to quote the Viya Administration documentation, "access to the associated service’s endpoints in the context of that particular object" ... View more

I recently had a case for a customer who had exactly this situation.  I'm a bit surprised that someone hasn't surfaced code for this sooner.   Better late than never, a macro for this has been added at technical-support-code/usage/administration/sas-metadata-server/create_metadata_login_s9.sas at main · sascommunities/technical-support-code · GitHub   %createLoginObject( Person_Name=sasdemo /* REQUIRED: metadata name for Person object */ ,Authdomain=OracleAuth /* REQUIRED: metadata name for the Authdomain for the Login object */ ,Login_userid=scott /* OPTIONAL: userid attribute for the Login object */ ,Login_password=tiger /* OPTIONAL: password attribute for the Login object */ ,Login_Name=sasdemo Oracle login /* OPTIONAL: metadata name for the Login object */ );   Carl Sommer - SAS Technical Support ... View more