Previous Page | Next Page

User Import Macros

Overview of User Import and Synchronization

In order to make access distinctions and track user activity, the metadata server has to know who is making each request. To enable the metadata server to make this determination, each user's metadata definition includes that user's account ID from your authentication provider. The metadata server maintains its own copy of each ID. The metadata server doesn't maintain copies of external passwords for identification purposes.

Note:   For a few administrators, a SAS internal account can be used instead. See SAS Internal Authentication.  [cautionend]

This chapter helps you use autocall macros and sample code that SAS provides to create your own programs that import and manage user information. The chapter emphasizes coordination with an Active Directory server or UNIX /etc/passwd files but also provides information to help you extrapolate to other providers.

The following figures introduce the batch processes for identity information. In the figures, the MDU**** items are macros and the libraries contain SAS data sets.

The initial import extracts identity information from your authentication provider and loads that information into the metadata.

Initial Import

[Initial Import]

The synchronization performs two extractions (one from your authentication provider and another from the SAS metadata) and then loads validated updates into the metadata. The numbers in the following figure correspond to these activities:

  1. Extract information from your authentication provider.

  2. Extract information from the SAS metadata.

  3. Compare the two sets of tables and identify updates that need to be made to the metadata (excluding any exceptions metadata that you want to preserve).

  4. Validate the changes to make sure that they won't violate the metadata server's integrity constraints.

  5. Load the updates into the metadata.

Note:   Notice that the first part of the import process (the extraction from your authentication provider) is the same as the first part of the synchronization process. You will reuse your import extraction code in your synchronization program.  [cautionend]

Periodic Synchronization

[Periodic Synchronization]

The following two topics document the format of the data sets and explain how corresponding identity entries are mapped between your authentication provider and the SAS metadata.

Previous Page | Next Page | Top of Page