FYI - Steve has opened a tech support case on this; when it's resolved I'll update this thread with relevant information. Carl Sommer - SAS Technical Support ... View more

This sounds like your WORK library had an issue.   This could just be that you are making too-large of a metadata request.   Your original post said you were interested in what access specific groups had.   You could filter on both the member type (Library) and the specific group.   This is similar to what is shown in Example 3: ReadMetadata Permission for Libraries for a Specified User.   Here's the form of this, looking for all libraries where the ETLDevelopers group have WriteMetadata access:   %mdsecds(identitynames="ETLDevelopers", identitytypes="IdentityGroup", membertypes="Library", perms="WriteMetadata"); What do you have for MEMSIZE?  Have you verified your work library is OK?  Since it shows the H: drive, I suspect it is a network drive.   It's best to use a local disk for WORK.   If you continue to have issues, share your SAS log or open a case with SAS Technical Support.   Carl Sommer - SAS Technical Support  ... View more

Please see the documentation for SAS Help Center: %MDSECDS Security Report Macro .      Note that you likely have granted permissions using groups, so if you really want to report on an individual user, you will probably need to also use SAS Help Center: %MDUEXTR User Import Macro to generate tables of users and group memberships that you can join with the data from %MDSECDS to report at an individual user-level.   Here's an example invocation of %mdsecds to generate tables and a view in the WORK library for all libraries defined to metadata. %mdsecds(membertypes="Library");  Carl Sommer - SAS Technical Support ... View more

4 years later, and Allan's macro now lives at core/meta/mm_getfoldertree.sas at main · sasjs/core   Carl Sommer - SAS Technical Support ... View more

To amend what Greg suggested, you'll want to use both the STORE and the SECURE options. STORE provides macro compilation; SECURE provides encryption (so nosy people turning on MPRINT, etc get nada, zip, zilch) See Example 5: Using the %MACRO Statement with the STORE and SECURE Options   Carl Sommer - SAS Technical Support ... View more

As others have mentioned, importad.sas is the way to go for an automated method for maintaining users in metadata. However it's not wrong to define users manually either; however if you do, and intend to use importad..sas either now or in the future, be sure to define the external identity for the users you manually create, so that the matching key between metadata and your identity provider is in place.  See  SAS Help Center: External Identities   Carl Sommer - SAS Technical Support ... View more

SAS provides the %MDSECDS macro to build a set of tables for requested objects and their associated permissions. See SAS Help Center: Overview of the Security Report Macros.    I've not used the metacode plugin, but have heard great things about it.   Carl Sommer - SAS Technical Support ... View more

FYI, the link (http://go.documentation.sas.com/?cdcId=calcdc&cdcVersion=3.3&docsetId=calauthzgen&docsetTarget=n1xnhxt4tj57wzn1kdridi7u2g27.htm&locale=en#p06lel9je9mt0sn18xx4pjrvnmbz) in this text is broken:   Instead it means, to quote the Viya Administration documentation, "access to the associated service’s endpoints in the context of that particular object" ... View more

I recently had a case for a customer who had exactly this situation.  I'm a bit surprised that someone hasn't surfaced code for this sooner.   Better late than never, a macro for this has been added at technical-support-code/usage/administration/sas-metadata-server/create_metadata_login_s9.sas at main · sascommunities/technical-support-code · GitHub   %createLoginObject( Person_Name=sasdemo /* REQUIRED: metadata name for Person object */ ,Authdomain=OracleAuth /* REQUIRED: metadata name for the Authdomain for the Login object */ ,Login_userid=scott /* OPTIONAL: userid attribute for the Login object */ ,Login_password=tiger /* OPTIONAL: password attribute for the Login object */ ,Login_Name=sasdemo Oracle login /* OPTIONAL: metadata name for the Login object */ );   Carl Sommer - SAS Technical Support ... View more

By "relevant libname statement", do you mean the libname you can view from SAS Management Console when you right-click on the library and select Display LIBNAME statement...?  Or do you mean something using the META libname engine? The latter is what you really need to try.   Let's assume the name of the registered library is MYLIB.   What do you get when you submit LIBNAME test META LIBRARY="MYLIB" libdebug ;   Carl Sommer - SAS Technical Support ... View more

You can open a case with SAS Technical Support via email by following the instructions at  Technical Support | SAS   Carl Sommer - SAS Technical Support ... View more

Querying the DICTIONARY.COLUMNS table will only help find what has been physically allocated to your SAS session via libname assigments. To query metadata, you can do this in SAS Managment Console through the following steps: login to SAS Management Console as an identity that will be able to read the metadata you are looking for. From the tabbed view in the left pane, select Search Specify the column name and the operator (in my case I chose MAKE, with the Contains operator; note that the name is case-insensitive) Clear all of the selected types, and then select Column Select the Search button at the bottom of the pane   In the results in right pane, select one of the matches Right mouse on this selected column and choose Properties Click on the Authorization tab Select the Advanced button This will display the (inverted) hierarchy of the column (i.e., the table and the folder hierarchy) Note that the library is not displayed     Carl Sommer - SAS Technical Support     ... View more