Overview of Authorization Reporting :: SAS(R) 9.3 Intelligence Platform: Security Administration Guide

Authorization reporting creates a snapshot of metadata layer access control settings and uses that snapshot in these ways:

as a data source for reports about current settings
as a data point for comparing settings across time

The first task in security reporting is to extract, filter, and format authorization data for a specified set of identities, permissions, and objects. SAS provides macros that help you perform this task. For example, the following code uses the main security report macro, %MDSECDS, to generate authorization data sets for a specified folder and its contents:

/* connect to the metadata server */
options 
   metaserver=machine-name 
   metauser="sasadm@saspw" 
   metapass="{sas002}3CD4EA1E35CA49324AOC4D63";  
        
/* run the main report macro against a target folder */
%mdsecds(folder="\demo");
run;

The second task in security reporting is to build reports that run against the authorization data sets. For example, the following code prints some of the data from the preceding example:

/* print the WriteMetadata information  */
proc print data=work.mdsecds_join noobs;
var objname publictype identityname WriteMetadata;
run;

The output looks like this:

Because the output is SAS data sets, you can create sophisticated reports by using SAS reporting techniques such as these:

create an information map that uses an authorization data set as its data source and then use SAS Web Report Studio to create reports based on that information map.
write SAS ODS (output display system) code that builds an HTML report against the authorization data sets. For an example, see SAS-installation-directory\SASFoundation\9.3\core\sample\secrpt.sas (Windows) or SAS-installation-directory/SASFoundation/9.3/samples/base/secrpt.sas (UNIX).

For details, options, and examples, see %MDSECDS.