As others have mentioned, importad.sas is the way to go for an automated method for maintaining users in metadata. However it's not wrong to define users manually either; however if you do, and intend to use importad..sas either now or in the future, be sure to define the external identity for the users you manually create, so that the matching key between metadata and your identity provider is in place.  See  SAS Help Center: External Identities   Carl Sommer - SAS Technical Support ... View more

SAS provides the %MDSECDS macro to build a set of tables for requested objects and their associated permissions. See SAS Help Center: Overview of the Security Report Macros.    I've not used the metacode plugin, but have heard great things about it.   Carl Sommer - SAS Technical Support ... View more

FYI, the link (http://go.documentation.sas.com/?cdcId=calcdc&cdcVersion=3.3&docsetId=calauthzgen&docsetTarget=n1xnhxt4tj57wzn1kdridi7u2g27.htm&locale=en#p06lel9je9mt0sn18xx4pjrvnmbz) in this text is broken:   Instead it means, to quote the Viya Administration documentation, "access to the associated service’s endpoints in the context of that particular object" ... View more

I recently had a case for a customer who had exactly this situation.  I'm a bit surprised that someone hasn't surfaced code for this sooner.   Better late than never, a macro for this has been added at technical-support-code/usage/administration/sas-metadata-server/create_metadata_login_s9.sas at main · sascommunities/technical-support-code · GitHub   %createLoginObject( Person_Name=sasdemo /* REQUIRED: metadata name for Person object */ ,Authdomain=OracleAuth /* REQUIRED: metadata name for the Authdomain for the Login object */ ,Login_userid=scott /* OPTIONAL: userid attribute for the Login object */ ,Login_password=tiger /* OPTIONAL: password attribute for the Login object */ ,Login_Name=sasdemo Oracle login /* OPTIONAL: metadata name for the Login object */ );   Carl Sommer - SAS Technical Support ... View more

By "relevant libname statement", do you mean the libname you can view from SAS Management Console when you right-click on the library and select Display LIBNAME statement...?  Or do you mean something using the META libname engine? The latter is what you really need to try.   Let's assume the name of the registered library is MYLIB.   What do you get when you submit LIBNAME test META LIBRARY="MYLIB" libdebug ;   Carl Sommer - SAS Technical Support ... View more

You can open a case with SAS Technical Support via email by following the instructions at  Technical Support | SAS   Carl Sommer - SAS Technical Support ... View more

Querying the DICTIONARY.COLUMNS table will only help find what has been physically allocated to your SAS session via libname assigments. To query metadata, you can do this in SAS Managment Console through the following steps: login to SAS Management Console as an identity that will be able to read the metadata you are looking for. From the tabbed view in the left pane, select Search Specify the column name and the operator (in my case I chose MAKE, with the Contains operator; note that the name is case-insensitive) Clear all of the selected types, and then select Column Select the Search button at the bottom of the pane   In the results in right pane, select one of the matches Right mouse on this selected column and choose Properties Click on the Authorization tab Select the Advanced button This will display the (inverted) hierarchy of the column (i.e., the table and the folder hierarchy) Note that the library is not displayed     Carl Sommer - SAS Technical Support     ... View more

If you really wanted to ensure that you were talking to a functional metadata server, then  you would want to pursue the PROC METADATA approach.   That's more code and coordination than the command @gwootton suggested.   Carl  ... View more

I really like this solution better than mine. ... View more

I think you could run a batch SAS program that does the following: set the metadata options make sure a semaphore file (for example /opt/sas/ServerIsReady) does not exist define a macro to do the following: PROC METAOPERATE ACTION=STATUS OUT=WORK.STATOUT; RUN; Data step to read WORK.STATOUT if it exists and things look good, create /opt/sas/ServerIsReady Otherwise, sleep a minute and then jump to the top of the macro again Keep track of how many times this jump happens - after 10 tries (or whatever number is acceptable to you) you probably want to abort and toss an error (maybe create /opt/sas/ServerWillNotStart) Your powershell script could run this batch SAS program, and then wait until it finishes and look for the signal files and proceed accordingly.   Carl Sommer   ... View more

My advice is like the others, and while I work for SAS, it's just my advice. Find the person that is the go-to person for the group you join.  You know, the person that always has to handle the hard problems.  The person that has people lined up out there (perhaps virtual) office door to ask them a question.   Find ONE problem or duty that you can off-load from their plate.  Become an expert in that. Once that's done, or even when you are just half-expert, and are thus freeing that person up to focus on other hard stuff, come back and take ONE MORE problem or duty off their plate. Over time, you'll become that person that everyone goes to for help and guidance. Also, become a student of the SAS documentation.  That's very daunting, so pace yourself, and don't expect the first time reading it to make you an expert. When new releases come out, ALWAYS read the What's New.   Best wishes for success as you start your career,   Carl Sommer - SAS Technical Support ... View more

Neat!   I do have two questions, which I am sure are simply confusion on my part: Storing the refresh token Changing the compute server default domain   Storing the Refresh Token With regards to storing the refresh token, how does one do this using the CLI or SAS Environment Manager?   Am I misunderstanding the what this code is doing?  From looking at the code for modifydomain.py, it looks like it just associates the group or user identity to the token domain. python ~/admin/pyviyatools/modifydomain.py oauth2.0 --name DefaultToken\ --identitytype group \ --identity Finance Am I misunderstanding what is really going on?  I expected to see the refresh token as another input parameter.   Changing the compute server default domain In this example, what happens to users who are not in the Finance group?   And is there a way for Finance group members to run as themselves as well?   Would this be a situation where this default domain maybe should be defined for a separate compute context?   Carl ... View more