The SAS Open Metadata Interface documentation has been reorganized. You need information about this reorganization to successfully use this book.
The SAS 9.2 Open Metadata Interface software has been enhanced to provide improved metadata access, authorization, and server control functionality. It also offers a new security administration interface.
See the following topics for information about specific enhancements in each area:
The content of SAS 9.1.3 Open Metadata Interface: Reference, the SAS 9.1.3 Open Metadata Interface: User's Guide, and the SAS 9.1.3 Java Metadata Interface: User's Guide has been merged into one document. The new document is the SAS 9.2 Open Metadata Interface: Reference and Usage. For information about the reorganization, see About This Book.
Documentation about SAS Metadata Model metadata types is not included in the SAS 9.2 Open Metadata Interface: Reference and Usage. This information is provided in a separate document: the SAS 9.2 Metadata Model: Reference.
Documentation about PROC METADATA and SAS metadata DATA step functions is not included in SAS 9.2 Open Metadata Interface: Reference and Usage. It is provided in SAS 9.2 Language Interfaces to Metadata.
SAS 9.2 Open Metadata Interface: Reference and Usage and SAS 9.2 Metadata Model: Reference are available only online. See Product Documentation in the Knowledge Base, available at http://support.sas.com.
This What's New section describes enhancements to the SAS Open Metadata Interface. For information about enhancements to the SAS 9.2 Java Metadata Interface, see What's New in the SAS 9.2 Java Metadata Interface. For information about enhancements to the SAS 9.2 Metadata Model and SAS language interfaces to metadata, see their documentation.
The SAS Open Metadata Interface provides the IOMI server interface for creating and accessing metadata in a SAS Metadata Repository. The IOMI server interface has been enhanced to improve functionality in several areas. The areas and specific enhancements are as follows:
Simplify creating and querying cross-repository references between objects in the foundation and custom repositories.
Dependency associations are no longer required to be defined between the foundation and custom repositories before cross-repository references can be created between objects in the repositories. Cross-repository references can now be created between objects in the foundation repository and custom repositories without preparation or restriction.
The foundation repository and custom repositories, which contain metadata for general use, are now referred to as public repositories. Project repositories, which serve as development playpens, are now referred to as private repositories.
Clients no longer need to set directionality flags in a GetMetadata request that is issued in a public repository to get information about cross-repository references in other public repositories. A GetMetadata request returns cross-repository references from all public repositories by default.
Better separate metadata in public and private repositories.
Because dependencies are no longer required, a project repository can serve as a development playpen for any public repository. However, a user needs CheckinMetadata permission in the public repository's default ACT to update the repository with information from a project repository.
The OMI_DEPENDENCY_USED_BY (16384) flag, which used to specify directionality for queries in SAS 9.1, has been repurposed. In SAS 9.2, specify OMI_DEPENDENCY_USED_BY in the GetMetadata method only if you want to include associated objects from private repositories in a request that is issued in a public repository. For more information, see GetMetadata and GetMetadata and Cross-Repository References in SAS 9.2.
Specify OMI_DEPENDENCY_USED_BY in the GetMetadataObjects method to include objects of the specified metadata type from all private repositories in the method results.
The OMI_DEPENDENCY_USES (8192) flag has been repurposed. In SAS 9.2, set OMI_DEPENDENCY_USES in the GetMetadataObjects method to include objects of the specified metadata type from all public repositories in the method results. For more information, see GetMetadataObjects and Expanding a GetMetadataObjects Request to Include Additional Repositories.
Improve repository management and reporting.
A repository's persisted availability is now controlled by using the value in its Access= attribute. The Access= attribute accepts new values to support online, read-only, administrative, and offline states for a repository. For more information about supported values, see RepositoryBase. The Access= attribute is set with the AddMetadata method and modified with the UpdateMetadata method.
The AddMetadata method creates the file system directory for a new repository when the <CREATEREPOSCONTAINER/> option is used. For more information, see AddMetadata.
The GetRepositories method now returns repository format, current access, name, path, type, and pause state values when the OMI_ALL (1) flag is set. For more information, see GetRepositories.
Improve metadata searching capabilities and selection criteria. The GetMetadataObjects XMLSELECT search syntax has been enhanced by the following features:
GE (greater than or equal to), NE (not equal to), and LE (less than or equal to) operators have been added for specifying selection criteria.
GT (greater than) and LT (less than) operators have been extended to operate on character string values and numeric values.
Concatenated association paths are supported as selection criteria.
An object qualifier is supported on search strings that are specified on association names to filter the associated objects that are selected.
For more information, see Filtering a GetMetadataObjects Request.
Support a consistent user interface to metadata in client user interfaces through the following new methods:
Support metadata ownership through the following new methods:
Creates a ResponsibleParty object for a Person or IdentityGroup in the repository that contains the Person or IdentityGroup object, even if the caller does not have WriteMetadata permission to the repository. For more information, see AddResponsibleParty.
Gets the ResponsibleParty object associated with a Person or IdentityGroup and responsibility, even if the caller does not have ReadMetadata permission to the repository. For more information, see GetResponsibleParty.
Improve metadata delete functionality. The DeleteMetadata method has been enhanced to delete the specified object and associated objects that are defined in a user-defined template. For more information, see DeleteMetadata and Deleting Metadata Objects.
Return information about supported values for metadata type properties from the SAS Metadata Model. For more information, see GetTypeProperties.
Other changes in the IOMI server interface include:
The CopyMetadata method is deprecated.
The CheckinMetadata, CheckoutMetadata, FetchMetadata, and UndoCheckoutMetadata methods are retired.
SAS Metadata Repository auditing is no longer supported. Client requests to store values for AuditPath=, AuditType=, AuditEngine=, and AuditOptions= attributes while adding a repository with the AddMetadata method or updating a repository definition with the UpdateMetadata method are ignored.
The SAS Metadata Server class factory number has been changed to prevent SAS 9.1.3 clients from accessing a SAS 9.2 Metadata Server without first being updated to SAS 9.2. For more information, see Connecting to the SAS Metadata Server.
The SAS Open Metadata Interface provides the ISecurity server interface for requesting authorizations on metadata. The ISecurity server interface has been enhanced as follows:
The IsAuthorized method now supports a Uniform Resource Name (URN) in the form REPOSID:_reposID in the RESOURCE parameter. For more information, see IsAuthorized.
Several new methods have been added that support authorization based on roles, multiple authorizations, and internal user authentication.
The GetApplicationActionsAuthorizations method returns authorizations for the ApplicationActions in a SoftwareComponent object. For more information, see GetApplicationActionsAuthorizations.
The IsInRole method returns the TRUE value when the user indicated in the CREDHANDLE parameter is in a role. For more information, see IsInRole.
The GetAuthorizationsOnObject method returns the permissions that apply to a resource for all identities or specified identities. For more information, see GetAuthorizationsOnObj.
The GetInfo method gets information, depending on the value in the INFOTYPE parameter, including the origin of a specified identity's privileges, the value of active enterprise policies, and so on. For more information, see GetInfo.
The GetLoginsforAuthDomain method gets the logins for the connected user for the specified authentication domain in order of identity precedence. For more information, see GetLoginsforAuthDomain.
New internal user authentication methods include:
Returns the active server-level internal authentication policies.
Creates an InternalLogin object for the specified user.
Customizes internal authentication policies for the specified user.
Gets availability information and internal authentication settings for the specified user.
Deletes the InternalLogin object that is associated with the specified user.
New functionality is available in the ISecurity 1.1 interface. Clients that do not want the new SAS 9.2 methods and functionality should call the ISecurity server interface as they did in SAS 9.1.3. For more information, see Using the ISecurity Server Interface.
The SAS Open Metadata Interface provides the IServer server interface for controlling the SAS Metadata Server and getting server status information. The IServer server interface has been enhanced as follows:
The Pause method can no longer be used to downgrade the availability of a specified SAS Metadata Repository.
The Pause method operates exclusively on the SAS Metadata Server and can downgrade the SAS Metadata Server to an ADMIN state (only users who have administrative user status on the SAS Metadata Server can access repositories) or the OFFLINE state (the SAS Metadata Server is not available to any users).
The Pause method now supports a <PAUSECOMMENT> element to enable callers to include a user-defined text message that specifies the reason for a server pause for clients. The element is passed to the SAS Metadata Server in the OPTIONS parameter. For more information, see Pause.
The Status method has been enhanced to poll the SAS Metadata Server for the content of the <PAUSECOMMENT> option.
The Status method has been enhanced to poll the SAS Metadata Server for the SAS platform version, which includes the repository level, and the server locale.
The Status method has been enhanced to optionally poll the SAS Metadata Server for the values of omaconfig.xml options and to provide journaling statistics. For more information, see Status.
The Refresh method has been enhanced to support an <OMA JOURNALPATH="file-name"/> option. This option can change the location of the journal file on a running SAS Metadata Server. For more information, see Refresh.
A new server interface, ISecurityAdmin, provides three categories of methods:
Transaction context methods enable programmers of interactive clients to record user interactions and return correct effective permissions for authorization changes, factoring in group memberships, before applying the changes to authorization metadata on the SAS Metadata Server. The BeginTransactionContext method creates a transaction context by returning a handle for a specified object. General authorization administration methods reference this handle in their requests. The transaction context is closed by using the EndTransactionContext method, which can commit or discard the changes.
General authorization administration methods provide a programmatic way to assign and get permissions for identities on resources, to list authorized identities, and to apply and remove access control templates (ACTs) from resources.
ACT administration methods create ACTs, modify the attributes of ACTs, list ACTs, and destroy ACTs.
For more information, see Security Administration (ISecurityAdmin Interface).