Hello Frank,
Thank you for your comments. I've updated the documentation for the METASEC_GETNAUTH= Function to show the correct prefix in the macro variable names. I've also added the integer associated with each macro variable to the table, and added a discussion of masks. The updated documentation will be available in the SAS 9.4M8 documentation update.
Until then, here is an explanation of masks:
A mask is a filter that returns an indirect result. A bitwise AND between the mask and a value within that mask produces the input value; otherwise, it produces a zero. Three masks -- an explicit mask (3), ACT mask (12), and an indirect mask (48) -- are provided to test whether a METASEC_GETNAUTH output value applies to a given authorization category.
The masks can be used with the BAND function. Here is example code that
illustrates how the masks can be used:
rc=metasec_getnauth("",objuri,n,
identitytypes,identitynames,
auth,tmppermissions,condition,
&_SECAD_RETURN_ROLE_TYPE, identitydispname);
...
authint = input(auth, 16.);
...
if (band(authint, &_SECAD_PERM_EXPM) ) then do;
if (band(authint,&_SECAD_PERM_EXPD)) then
authorization = "Denied Explicitly";
else
authorization = "Granted Explicitly";
end;
else if (band(authint, &_SECAD_PERM_ACTM) ) then do;
if (band(authint,&_SECAD_PERM_ACTD)) then
authorization = "Denied by ACT";
else
authorization = "Granted by ACT";
end;
else if (band(authint,&_SECAD_PERM_NDRM) ) then do;
if (band(authint,&SECAD_PERM_NDRD)) then
authorization = "Denied Indirectly";
else
authorization = "Granted Indirectly";
end;
...
The documentation was updated with the help of Greg Wootton.
... View more