 |
|
| User Import Macros |
%MDUCMP
Generates data sets that contain the changes that must be made to the metadata.
| Used in: | User Synchronization |
| Depicted in: | Periodic Synchronization |
| Syntax | |
| Defining Exceptions |
Syntax |
| %MDUCMP (MASTER=libref, TARGET=libref, CHANGE=libref, EXCEPTIONS=<libref.>dataset , <EXTERNONLY=0|1>, <AUTHDOMCOMPARE=name|keyid>); |
- MASTER
-
specifies the location of the master tables (use the libref that you specify in %MDUIMPC).
- TARGET
-
specifies the location of the target tables that contain information extracted from the metadata (use the libref that you specify in %MDUEXTR).
- CHANGE
-
specifies the location for the change tables. These tables are created ( xxx is the base name of each canonical table):
xxx_add contains users, groups, and roles to be added to the target tables to make them look like the master tables.
xxx_update contains users, groups, and roles to be modified in the target tables to make them look like the master tables.
xxx_delete contains users, groups, and roles to be deleted from the target tables to make them look like the master tables.
person_summary summarizes changes to users (Person objects).
idgrps_summary summarizes changes to groups and roles (IdentityGroup objects).
authdomain_
summarysummarizes changes to SAS authentication domains (AuthenticationDomain objects).
- EXCEPTIONS
-
specifies a data set that contains exception values. See Defining Exceptions.
- EXTERNONLY
-
defines the scope of the comparison.
Note: Unless the master data set has an ObjectId column, this option has no effect. A typical master data set does not include an ObjectId column. A master data set that is extracted from the SAS Metadata Repository (rather than from your authentication provider) does include an ObjectId column. Extraction of a master data set from the metadata repository happens in the identity synchronization processes for some solutions.
![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
1 specifies that only identities that have an external identity value are included in the comparison. This is the default value.
0 specifies that all identities are included in the comparison.
If EXTERNONLY=1 but AUTHDOMCOMPARE=name, all authentication domains are compared. In other words, for authentication domains AUTHDOMCOMPARE=name overrides EXTERNONLY=1.
- AUTHDOMCOMPARE
-
defines how authentication domains are compared.
name compares all authentication domains by name. Prevents deletion and renaming of all authentication domains. Prevents deletion of logins in authentication domains that do not exist in the master data set. This is the default.
keyid compares by keyid. Can cause deletion of authentication domains that were originally imported but are not present in the master data set. Can cause renaming of authentication domains that were originally imported but have a different name in the master data set. Does not prevent deletion of logins in authentication domains that do not exist in the master data set.
- CAUTION:
- If you specify AUTHDOMCOMPARE=keyid,
authentication domains and logins that are interactively created might be
deleted.
For a standard synchronization, don't use this setting.
| Defining Exceptions |
The exceptions data has these columns:
| tablename |
specifies the name of the canonical table to which the exception applies. Valid values are person, logins, email, phone, location, idgrps, grpmems, and authdomain. |
| filter |
specifies a SAS WHERE clause expression (without the WHERE) to apply against the corresponding table. The WHERE clause consists of a canonical table column name and an exception value. |
For example, consider this exceptions data set:
phone PhoneType="manual Phone" email EmailType="manual Email" logins authDomKeyId="A002" logins userid="testid%"
Each line protects a set of objects in a particular target table, ensuring that those metadata objects are preserved.
-
The first entry excludes objects in the target phone table that have a PhoneType of manual Phone. In SAS Management Console, the PhoneType is displayed in the Type field in the Phone Properties dialog box.
-
The second entry excludes objects in the target email table that have the EmailType value manual Email. In SAS Management Console, the EmailType is displayed in the Type field in the Email Properties dialog box.
-
The last entry excludes any objects in the target logins table which have a userid value that begins with testid.
Note: Logins that are in
authentication domains
that do not exist in the master tables are preserved by default. It is not
necessary to define exceptions for such logins.
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.