Previous Page | Next Page

DATA Step Functions for Metadata Security Administration

METASEC_GETNAUTH Function

Returns the nth authorization for an object.


Syntax

rc = METASEC_GETNAUTH(tc,uri,n,type,name,auth,perm,cond<,flags,display>);


Arguments

Argument Direction Description
tc
in Transaction context handle; can be an empty string " " to invoke with a temporary context
uri
in Character variable or constant that contains the URI of the object that is requested; can be an empty string " " if tc is specified; you can optimize performance by using the following form of URI:
omsobj:metatype/identifier.identifier
n
in One-based numeric index value that indicates which row to return from the array; for more information, see Array Parameters
type
in/out Character variable that contains the identity type. The variable should be large enough to store the two available values, IdentityGroup or Person, probably at least $13. If this argument is empty, all identities associated to authorizations for the object are returned. Can be a comma-delimited list that is parallel to a list for the name argument; for more information, see About the in/out Arguments.
name
in/out Character variable that contains the identity name, which must be unique for every identity of that type on the metadata server. If this argument is empty, all identities associated to authorizations for the object are returned. Can be a comma-delimited list that is parallel to a list for the type argument; for more information, see About the in/out Arguments.
auth
out Integer bit field that indicates grant or deny, and the origin of the grant or deny. You can use macro variables from %MDSECCON() to translate the integer into a recognizable message;for more information, see Authorizations and the %MDSECCON() Macro.
perm
in/out For input, it is an optional, comma-delimited list of permission names for which authorizations are requested;for more information, see About the in/out Arguments. If this argument is empty, all available permissions are returned.

For output, it is a character variable that contains the name of the permission whose grant or deny state is specified in the auth argument.

cond
out Character variable that contains the condition if a grant permission is conditional; can be very long, so if this argument is too short, the value is truncated
flags
in Optional integer bit field; you can use one of the following macro variables from %MDSECCON()
_SECAD_ACT_CONTENTS

Return the authorizations that define the contents of an ACT when the tc or uri argument references an ACT

_SECAD_DO_NOT_RETURN_PERMCOND

Do not return any available values for the cond argument

For more information see Using the %MDSECCON() Macro.

display
out Optional; character variable that contains the value of the DisplayName attribute if the identity has a DisplayName attribute


Authorizations and the %MDSECCON() Macro

As noted in Arguments, the auth parameter of the METASEC_GETNAUTH function returns an integer that indicates grant or deny and the origin of the grant or deny. To simplify usage, you can use macro variables from %MDSECCON() instead of the integer values. Here are the authorizations, macro variables, and descriptions. For more information, see Using the %MDSECCON() Macro. For suggested usage, see Example: Working with ACTs.

Authorization Type Macro Variable Description
Explicit deny _SEC_PERM_EXPD Explicit deny that originates from the authorization that is directly associated to the object
Explicit grant _SEC_PERM_EXPG Explicit grant that originates from the authorization that is directly associated to the object
Explicit mask _SEC_PERM_EXPM Mask to extract explicit value that originates from the authorization that is directly associated to the object
ACT deny _SEC_PERM_ACTD Deny that originates from an ACT other than the default ACT
ACT grant _SEC_PERM_ACTG Grant that originates from an ACT other than the default ACT
ACT mask _SEC_PERM_ACTM Mask to extract indirect value that originates from an ACT other than the default ACT
Indirect deny _SEC_PERM_NDRD Indirect deny that originates from an IdentityGroup membership, through inheritance, or from the default ACT; an indirect value is always returned
Indirect grant _SEC_PERM_NDRG Indirect grant that originates from an IdentityGroup membership, via inheritance, or from the default ACT; an indirect value is always returned
Indirect mask _SEC_PERM_NDRM Mask to extract indirect value that originates from an IdentityGroup membership, via inheritance, or from the default ACT; an indirect value is always returned.


About the in/out Arguments

Some of this function's arguments are in/out. After the first call for the specified URI, the in/out parameters do not need to be reset to the initial calling value. Subsequent calls will retrieve the output values from the cache, and place them in the output variable without consideration of the value when the call was made. In other words, after the first call is made for the URI, the metadata server ignores the input aspect of the in/out parameters.

Here is an example of comma-delimited lists for type and name arguments:

type = "person,person,person";
name = "Fred,Yolanda,Viktorija";

rc = metasec_getnauth(tc,uri,n,type,name,auth,permission,cond);


Return Values

Value Description
0 Successful completion
-1 Unable to connect to the metadata server
-2 Error parsing type or name input list
-3 No objects match the specified URI
-4 Numeric value (flag) exceeds the maximum usable value
-5 n is out of range
-99 or less Other error; see log or sysmsg() for information


Details

This function calls the ISecAdmin method GetAuthorizationsOnObj(). For information about the method, see SAS Open Metadata Interface: Reference.


Example


Related Functions

Previous Page | Next Page | Top of Page