 |
|
| DATA Step Functions for Metadata Security Administration |
Introduction to DATA Step Functions for Metadata Security Administration
| What Are the DATA Step Functions for Metadata Security Administration? |
These DATA step functions enable an administrator to programmatically define or query authorization settings on objects in the SAS Metadata Server. In addition, these functions enable the administrator to create and manipulate access control templates (ACTs) and apply them to objects in the metadata server.
With the metadata security administration functions, the administrator does not need to know how the access controls are stored in metadata. The administrator specifies which permission should be granted or denied to a user, and the metadata server makes the appropriate change in the metadata. These tasks can also be performed with PROC METADATA or the DATA step functions for reading and writing metadata, but those methods can be complicated, and achieving the desired result can be more difficult.
Note: To create security reports about authorization, use the macros
that SAS provides. The macros extract authorization information into SAS data
sets that you can use to create security reports. For more information,
see the
SAS Intelligence Platform: Security Administration Guide. ![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
Here are the functions, organized by task:
| Task | Functions | Example |
|---|---|---|
| Transaction context control |
METASEC_BEGTRAN Function |
Example: Begin and End Transaction Context |
| Access control definition |
METASEC_APPLYACT Function |
Example: Working with ACTs |
| ACT manipulation |
METASEC_DELACT Function |
Example: Working with ACTs |
| Transaction Contexts and URIs |
The METASEC_BEGTRAN function creates a transaction context (TC), and the METASEC_ENDTRAN function ends it. The TC instance is located in the metadata server. The TC instance maintains the state of authorization query results and update requests for a client that is using the security administration interface. The TC accumulates changes that are requested for a single object. Submitting the METASEC_ENDTRAN function commits or discards changes, and then ends the TC.
Here are some usage notes:
-
For the value of the TC, if you specify an empty string, a temporary context is invoked, no server-side state is maintained, and changes to security settings are made immediately. This choice can be efficient if you have only one change to make, and you want to make the change immediately.
-
Specifying the URI is a best practice and is usually required. For DATA step functions that return information, the URI is the key to a cache of information about the object. The information is returned one row at a time in two-dimensional arrays. For more information, see Array Parameters.
If the URI refers to a standard metadata object, but not to an ACT or to a SAS Metadata Repository, you can use a standard URI. For more information, see What Is a URI?.
-
If the URI refers to an ACT, the URI must be in the form omsobj:AccessControlTemplate/my-ACTobj-id. For example:
omsobj:AccessControlTemplate/A5DRX6L4.AT000005
-
If the URI refers to a repository, the URI must be in the form reposid:my-repos-id. For example:
reposid:A5DRX6L4
| Using the %MDSECCON() Macro |
In the DATA step functions for metadata security administration, two arguments are represented in the SAS Open Metadata Architecture as bit flags that can be combined with an OR operation. One argument is flags, which is used in many of the functions. The other argument is auth in the METASEC_GETNAUTH function.
To simplify usage for the DATA step functions, instead of specifying a numeric parameter, you specify macro variables with easily recognizable names. To use the macro variables, you must first submit the macro %MDSECCON(). The appropriate macro variables are documented with the functions.
|
|
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.