METASEC_GETNAUTH Function

Returns the nth authorization for an object.
Syntax
Details
Authorizations and the %MDSECCON() Macro
About the in/out Arguments
See Also

Syntax

rc=METASEC_GETNAUTH(tc, uri, n, type, name, auth, perm, cond <, flags><, display>)

Required Arguments

tc (in)
specifies a transaction context handle; can be an empty string " " to invoke with a temporary context.
uri (in)
specifies a character variable or constant that contains the URI of the object that is requested; can be an empty string " " if tc is specified. You can optimize performance by using the following form of URI: 
omsobj: metatype/identifier.identifier
n (in)
specifies a one-based numeric index value that indicates which row to return from the array. For more information, see Array Parameters.
name (in/out)
specifies a character variable that contains the identity name, which must be unique for every identity of that type on the metadata server. If this argument is empty, all identities associated to authorizations for the object are returned. Can be a comma-delimited list that is parallel to a list for the type argument; for more information, see About the in/out Arguments.
auth (out)
returns an integer bit field that indicates grant or deny, and the origin of the grant or deny. You can use macro variables from %MDSECCON() to translate the integer into a recognizable message. For more information, see Authorizations and the %MDSECCON() Macro.
perm (in/out)
For input, specifies an optional, comma-delimited list of permission names for which authorizations are requested. For more information, see About the in/out Arguments. If this argument is empty, all available permissions are returned.
For output, returns a character variable that contains the name of the permission whose grant or deny state is specified in the auth argument.
cond (out)
returns a character variable that contains the condition if a grant permission is conditional; can be very long, so if this argument is too short, the value is truncated.

Optional Arguments

flags (in)
specifies an optional integer bit field. You can use one of the following macro variables from %MDSECCON():
_SECAD_ACT_CONTENTS Return the authorizations that define the contents of an ACT when the tc or uri argument references an ACT.
_SECAD_DO_NOT_RETURN_PERMCOND Do not return any available values for the cond argument.
For more information, see Using the %MDSECCON() Macro.
display (out)
specifies a character variable that contains the value of the DisplayName attribute, if the identity has a DisplayName attribute.

Return Values

0
Successful completion.
-1
Unable to connect to the metadata server.
-2
Error parsing type or name input list.
-3
No objects match the specified URI.
-4
Numeric value (flag) exceeds the maximum usable value.
-5
n is out of range.
-99 or less
Other error; see log or sysmsg() for information.

Details

This function calls the ISecAdmin method GetAuthorizationsOnObj(). For information about the method, see SAS Open Metadata Interface: Reference and Usage.

Authorizations and the %MDSECCON() Macro

The auth parameter of the METASEC_GETNAUTH function returns an integer that indicates grant or deny and the origin of the grant or deny. To simplify usage, you can use macro variables from %MDSECCON() instead of the integer values. Here are the authorizations, macro variables, and descriptions. For more information, see Using the %MDSECCON() Macro. For suggested usage, see Example: Working with ACTs.
Explicit, ACT, and Indirect Authorizations and Masks
Authorization Type
Macro Variable
Description
Explicit deny
_SEC_PERM_EXPD
Explicit deny that originates from the authorization that is directly associated to the object
Explicit grant
_SEC_PERM_EXPG
Explicit grant that originates from the authorization that is directly associated to the object
Explicit mask
_SEC_PERM_EXPM
Mask to extract explicit value that originates from the authorization that is directly associated to the object
ACT deny
_SEC_PERM_ACTD
Deny that originates from an ACT other than the default ACT
ACT grant
_SEC_PERM_ACTG
Grant that originates from an ACT other than the default ACT
ACT mask
_SEC_PERM_ACTM
Mask to extract indirect value that originates from an ACT other than the default ACT
Indirect deny
_SEC_PERM_NDRD
Indirect deny that originates from an IdentityGroup membership, through inheritance, or from the default ACT; an indirect value is always returned
Indirect grant
_SEC_PERM_NDRG
Indirect grant that originates from an IdentityGroup membership, via inheritance, or from the default ACT; an indirect value is always returned
Indirect mask
_SEC_PERM_NDRM
Mask to extract indirect value that originates from an IdentityGroup membership, via inheritance, or from the default ACT; an indirect value is always returned.

About the in/out Arguments

Some of this function's arguments are in/out. After the first call for the specified URI, the in/out parameters do not need to be reset to the initial calling value. Subsequent calls will retrieve the output values from the cache, and place them in the output variable without consideration of the value when the call was made. In other words, after the first call is made for the URI, the metadata server ignores the input aspect of the in/out parameters.
Here is an example of comma-delimited lists for type and name arguments: 
type = "person,person,person";
name = "Fred,Yolanda,Viktorija";

rc = metasec_getnauth(tc,uri,n,type,name,auth,permission,cond);

See Also

Functions
METASEC_APPLYACT Function
METASEC_GETNACT Function
METASEC_GETNID Function
METASEC_REMACT Function
METASEC_SETAUTH Function
Copyright © SAS Institute Inc. All rights reserved.