Security Report Macros

Overview of Security Reporting

Security reporting creates a snapshot of metadata layer access control settings and uses that snapshot in these ways:

as a data source for reports about current settings
as a data point for comparing settings across time

The first task in security reporting is to extract, filter, and format authorization data for a specified set of identities, permissions, and objects. SAS provides macros that help you perform this task. For example, the following code uses the main security report macro, %MDSECDS, to generate authorization data sets for a specified folder and its contents:

/* connect to the metadata server */
options metaserver=machine-name metauser="sasadm@saspw" metapass="Pwd123";  
        
/* run the main report macro against a target folder */
%mdsecds(folder="\Shared Data\New Stored Processes");
run;

The second task in security reporting is to build reports that run against the authorization data sets. For example, the following code prints some of the data from the preceding example:

/* print the WriteMetadata setting information  */
proc print data=work.mdsecds_join noobs width=minimum;
var objname publictype identityname WriteMetadata;
run;

The output looks like this:

ObjName                 PublicType       identityname           WriteMetadata

New Stored Processes    Folder           PUBLIC                 Denied Indirectly
New Stored Processes    Folder           SAS System Services    Denied Indirectly
New Stored Processes    Folder           SAS Administrators     Granted by ACT
Shoe Sales Graphics     StoredProcess    PUBLIC                 Denied Explicitly
Shoe Sales Graphics     StoredProcess    SAS System Services    Denied Indirectly
Shoe Sales Graphics     StoredProcess    SAS Administrators     Granted Explicitly
Shoe Sales by Region    StoredProcess    PUBLIC                 Denied Indirectly
Shoe Sales by Region    StoredProcess    SAS System Services    Granted Indirectly
Shoe Sales by Region    StoredProcess    SAS Administrators     Granted Indirectly
Shoe Sales by Region    StoredProcess    SASUSERS               Granted Explicitly

Because the output is SAS data sets, you can create sophisticated reports by using SAS reporting techniques such as these:

create an information map that uses an authorization data set as its data source and then use SAS Web Report Studio to create reports based on that information map.
write SAS ODS (output display system) code that builds an HTML report against the authorization data sets. For an example, see SAS-installation-directory\SASFoundation\9.2\core\sample\secrpt.sas (Windows) or SAS-installation-directory/SASFoundation/9.2/samples/base/secrpt.sas (UNIX).

Top of Page