Additional Resources for Building Authorization Data Sets

For reference, this topic documents the underlying security report macros.
You can choose to directly use the underlying report macros instead of using only %MDSECDS (which is the standard approach to building authorization data sets). However, the underlying macros don't offer any unique inclusion or exclusion parameters. The following figure introduces the underlying macros. In the figure, arrow direction indicates input to and output from each underlying macro.
Underlying Macros
Underlying Macros
The numbers in the preceding figure correspond to these activities:
  1. %MDSECGO extracts information for a specified set of objects. You specify one folder and indicate whether to include subdirectories. You can also provide a list of object types to include and filter the data set by attribute value.
    Note: The same level of control is provided by using %MDSECDS on its own.
  2. For every object in a specified data set, %MDSECGP gets effective permission settings for a specified set of identities and permissions.
    Note: This is the point at which using the underlying macros creates an opportunity for you to define a subset of the objs data set.
  3. %MDSECTR transforms the extracted data set from a long format (a separate row for each permission) to a wide format (all permissions in the same row).
  4. %MDSECVW creates a joined view or data set that can be used for reporting.
The following table introduces a few utility macros that can be useful in security reporting:
Utility Macros for Security Reporting
Utility Macro
Description
%MDUTYPED
Extracts information about top-level metadata objects or locates templates for a particular object type.
%MDUGFLDR
Returns the object ID for a specified folder.
%DEFINEOBJTAB_SQL
Defines the table into which %MDSECGO inserts rows.
The underlying macros and utility macros are in SAS-installation-directory\SASFoundation\9.3\core\sasmacro (Windows) or SAS-installation-directory/SASFoundation/9.3/sasautos (UNIX).