As an alternative to using the User Manager in the SAS® Management Console to add and maintain user identities in the metadata repository, you can use bulk-load processes provided via sample programs and SAS autocall macros. These processes are designed to be an exclusive mechanism for managing metadata identities.
In order to synchronize user information between the external enterprise source (such as Microsoft's Active Directory Server or the UNIX /etc/passwd file) and the metadata identity, the bulk-load processes rely on an external identifier key that is stored in the metadata as an ExternalIdentity object. Users that are added manually through the SAS Management Console User Manager do not have an ExternalIdentity association. If you attempt to run the synchronization process using the bulk-load utility, any users that were previously entered manually could cause the synchronization to fail.
You can synchronize your metadata identities with your enterprise data source when you have already entered some users manually through any of the following methods:
The best approach when you have a large number of users is to use the bulk-load processes to load and synchronize metadata identities initially, and to avoid entering users manually. The synchronization process will perform correctly and the steps outlined above are unnecessary.
The bulk-load processes are documented in the SAS 9.1.3 Intelligence Platform Security Administration Guide in Appendix 2. SAS Technical Support consultants are available to answer specific questions you might have concerning this process. If you require a resource to customize the initial load and synchronization programs for your site, please contact your SAS account representative who can coordinate with SAS Consulting Services to assist you.
Product Family | Product | System | SAS Release | |
Reported | Fixed* | |||
SAS System | SAS Metadata Server | z/OS | 9.1 TS1M3 SP4 | |
Microsoft® Windows® for 64-Bit Itanium-based Systems | 9.1 TS1M3 SP4 | |||
Microsoft Windows Server 2003 Datacenter 64-bit Edition | 9.1 TS1M3 SP4 | |||
Microsoft Windows Server 2003 Enterprise 64-bit Edition | 9.1 TS1M3 SP4 | |||
Microsoft Windows XP 64-bit Edition | 9.1 TS1M3 SP4 | |||
Microsoft® Windows® for x64 | 9.1 TS1M3 SP4 | |||
Microsoft Windows 2000 Advanced Server | 9.1 TS1M3 SP4 | |||
Microsoft Windows 2000 Datacenter Server | 9.1 TS1M3 SP4 | |||
Microsoft Windows 2000 Server | 9.1 TS1M3 SP4 | |||
Microsoft Windows 2000 Professional | 9.1 TS1M3 SP4 | |||
Microsoft Windows Server 2003 Datacenter Edition | 9.1 TS1M3 SP4 | |||
Microsoft Windows Server 2003 Enterprise Edition | 9.1 TS1M3 SP4 | |||
Microsoft Windows Server 2003 Standard Edition | 9.1 TS1M3 SP4 | |||
Microsoft Windows XP Professional | 9.1 TS1M3 SP4 | |||
64-bit Enabled AIX | 9.1 TS1M3 SP4 | |||
64-bit Enabled HP-UX | 9.1 TS1M3 SP4 | |||
64-bit Enabled Solaris | 9.1 TS1M3 SP4 | |||
HP-UX IPF | 9.1 TS1M3 SP4 | |||
Linux | 9.1 TS1M3 SP4 | |||
Linux on Itanium | 9.1 TS1M3 SP4 |
This program adds an ExternalIdentity association to metadata identities to allow the bulkload synchronization programs to successfully update metadata identities that were not originally added using the bulkload processes.
This code should be embedded within your synchronization program, after the steps where you perform your metadata and enterprise extracts. You must also repeat the metadata extract after this block of code, in order to pick up the changes.
Be sure to supply values for the three macro variables that are assigned at the beginning of the program. Each variable's purpose is indicated in the accompanying comments.
/*------------------------------------------------------------------------
* Add External Identities to Internal Identities for Synchronization.
* Compare Persons and IdentityGroups stored in metadata identities
* stored in the external enterprise source to identify identities that
* will not successfully synchronize unless an ExternalIdentity object
* is added to the metadata Identity.
*
* This sample code can be embedded within your synchronization program.
* You should place it after you perform your metadata and enterprise
* extracts. Then, after this code has executed, you must repeat the
* metadata extract in order to pick up the changes.
*
* User input required: You must supply values for the 3 macro variables
* at the beginning of the program.
*-----------------------------------------------------------------------*/
%let metaextractlibref= ; *Insert the libref you use to store your metadata extract;
%let importlibref= ; *Insert the libref you use to store your enterprise extract;
%let html= ; *Supply a path where the identity report can be written;
%global Identityn GrpIdentityn;
ods html file="&html\nonextpersons.html";
proc sql;
Title 'Metadata Identities with no ExternalIdentity who will be Imported';
create table &metaextractlibref..nonextpersons as
select md.name, ie.keyid label="External_id",
md.extid_identifier label="Meta_extid" from
&metaextractlibref..person_info as md,
&importlibref..person as ie
where md.name=ie.name and md.extid_identifier="";
select * from &metaextractlibref..nonextpersons ;
select count(*) into :Identityn from &metaextractlibref..nonextpersons ;
quit;
ods html close;
ods html file="&html\nonextgroups.html";
proc sql;
Title 'Metadata Groups with no ExternalIdentity who will be Imported';
create table &metaextractlibref..nonextgroups as
select md.name,ie.keyid label="External_id",
md.extid_identifier label= "Meta_extid" from
&metaextractlibref..group_info as md, &importlibref..Idgrps as ie
where md.name=ie.name and md.extid_identifier="";
select * from &metaextractlibref..nonextgroups;
select count(*) into :GrpIdentityn from &metaextractlibref..nonextgroups;
quit;
ods html close;
%macro add_external_identity;
%put Note: Begin update Person Identities with External Identity.;
%if (%superq(Identityn) ^= 0) %then %do;
data _null_;
set &metaextractlibref..nonextpersons;
/* Only add external Identity to Persons */
length id $20
type uri puri obj $256;
id='';
type='';
uri='';
puri='';
Context='IdentityImport'; /* Default value from mduimpl */
/*------------------------------------------------------------------------
* this object identifies whether an ExternalIdentity already exists for the Person
------------------------------------------------------------------------*/
obj="omsobj:ExternalIdentity?ExternalIdentity[OwningObject/Person[@Name='"
|| name || "']]";
put obj=;
/*------------------------------------------------------------------------
* test to see if an ExternalIdentity already exists
------------------------------------------------------------------------*/
rc=metadata_resolve(obj,type,id);
put rc=; /* This should be 0 */
put id=;
put type=; /* This should be Person */
if (rc=0) then do;
/*------------------------------------------------------------------------
* add a new ExternalIdentity object with a
* name value of the Person's name, with a
* parent of the Person's identity object
------------------------------------------------------------------------*/
obj="omsobj:Person?@Name='" || name || "'";
put obj=;
rc=metadata_resolve(obj,type,id);
put rc=; /* This should be 1 */
put id=;
put type=; /* This should be Person */
rc=metadata_newobj("ExternalIdentity",
puri,
name,
"Foundation",
obj,
"ExternalIdentities");
put puri= rc= 'After newobj';
/*------------------------------------------------------------------------
* set the attributes for the Identifier and Context
------------------------------------------------------------------------*/
rc=metadata_setattr(puri,'Identifier',keyid);
put rc= 'After setattr Identifier';
rc=metadata_setattr(puri,'Context',Context);
put rc= 'After setattr Context';
end;
else put 'External Identity already exists for ' name;
run;
%end;
%else %put Note: There are no internal identities;
%put Note: Finish update Person Identities with External Identity.;
%mend;
%add_external_identity;
%macro add_external_Group_identity;
%put Note: Begin update IdentityGroup Identities with External Identity.;
%if (%superq(GrpIdentityn) ^= 0) %then %do;
data _null_;
set &metaextractlibref..nonextgroups;
/* Only add external Identity to Persons */
length id $20
type uri puri obj $256;
id='';
type='';
uri='';
puri='';
Context='IdentityImport'; /* Default value from mduimpl */
/*------------------------------------------------------------------------
* this object identifies if an ExternalIdentity already exists for the Group
------------------------------------------------------------------------*/
obj="omsobj:ExternalIdentity?ExternalIdentity[OwningObject/IdentityGroup[@Name='"
|| name || "']]";
put obj=;
/*------------------------------------------------------------------------
* test to see if an ExternalIdentity already exists
------------------------------------------------------------------------*/
rc=metadata_resolve(obj,type,id);
put rc=; /* This should be 0 */
put id=;
put type=; /* This should be Group */
if (rc=0) then do;
/*------------------------------------------------------------------------
* add a new ExternalIdentity object with a
* name value of the Group's name, with a
* parent of the Group's identity object
------------------------------------------------------------------------*/
obj="omsobj:IdentityGroup?@Name='" || name || "'";
put obj=;
rc=metadata_resolve(obj,type,id);
put rc=; /* This should be 1 */
put id=;
put type=; /* This should be IdentityGroup */
rc=metadata_newobj("ExternalIdentity",
puri,
name,
"Foundation",
obj,
"ExternalIdentities");
put puri= rc= 'After newobj';
/*------------------------------------------------------------------------
* set the attributes for the Identifier and Context
------------------------------------------------------------------------*/
rc=metadata_setattr(puri,'Identifier',keyid);
put rc= 'After setattr Identifier';
rc=metadata_setattr(puri,'Context',Context);
put rc= 'After setattr Context';
end;
else put 'External Identity already exists for ' name;
run;
%end;
%else %put Note: There are no internal identities;
%put Note: Finish update IdentityGroup Identities with External Identity.;
%mend;
%add_external_Group_identity;
Type: | Usage Note |
Priority: |
Date Modified: | 2008-06-25 16:19:11 |
Date Created: | 2008-01-03 13:36:52 |