Attention : This code requires administrator privileges.
The program uses a 'data _null_;' DATA step to interact with the SAS© Viya™ metadata server. It initializes variables, then proceeds to create an 'IdentityGroup' object of type 'Role' with a specified name. Various attributes (PublicType, GroupType, UsageVersion, IsHidden, Desc, DisplayName) are defined for this new role. Then, the script identifies the URI of a capability ('Server Manager' Access Control Entry) and associates it with the role. Finally, the newly created role is added as a member to an existing identity group named 'group1'. This script is purely administrative and modifies the security configuration of SAS© Viya™.
Data Analysis
Type : CREATION_INTERNE
The script does not read tabular data. It manipulates SAS Viya metadata objects. The data necessary for role creation (name, attributes, capabilities, target group) are defined directly in the SAS code, without depending on external data sources or SASHELP.
1 Code Block
DATA STEP
Explanation :
This DATA step block uses a series of SAS Metadata functions to perform administrative operations. It starts by initializing variables. Then, it creates a new metadata object of type 'IdentityGroup' (representing a role) with a specific name ('New Role Name'). Mandatory and optional attributes are defined for this role. The script then retrieves the URI of a capability ('Server Manager') from the metadata and associates it with the role. Finally, it adds the newly created role to an existing identity group named 'group1'. All these operations are persistent in the SAS Viya metadata repository.
This DATA step block uses a series of SAS Metadata functions to perform administrative operations. It starts by initializing variables. Then, it creates a new metadata object of type 'IdentityGroup' (representing a role) with a specific name ('New Role Name'). Mandatory and optional attributes are defined for this role. The script then retrieves the URI of a capability ('Server Manager') from the metadata and associates it with the role. Finally, it adds the newly created role to an existing identity group named 'group1'. All these operations are persistent in the SAS Viya metadata repository.
Copied!
| 1 | DATA _null_; |
| 2 | /**** Initialize Variables ****/ |
| 3 | LENGTH uri $ 38 cap_uri $ 43; |
| 4 | call missing (of _character_); |
| 5 | |
| 6 | /**** Create the object. ****/ |
| 7 | rc=metadata_newobj("IdentityGroup",uri,"New Role Name"); |
| 8 | |
| 9 | /* Add some required attributes. */ |
| 10 | rc=metadata_setattr(uri,"PublicType","Role"); |
| 11 | rc=metadata_setattr(uri,"GroupType","ROLE"); |
| 12 | rc=metadata_setattr(uri,"UsageVersion","1000000.0"); |
| 13 | rc=metadata_setattr(uri,"IsHidden","0"); |
| 14 | |
| 15 | /* Add some optional attributes. */ |
| 16 | rc=metadata_setattr(uri,"Desc","This is the description of the new role"); |
| 17 | rc=metadata_setattr(uri,"DisplayName","This is the display name of the role"); |
| 18 | |
| 19 | /**** Add a capability. ****/ |
| 20 | |
| 21 | /* Define the search for the access control entry for the cability */ |
| 22 | cap_obj="omsobj:AccessControlEntry?AccessControlEntry[Objects/ApplicationAction[ @Name='Server Manager']]"; |
| 23 | |
| 24 | /* Pull it's URI into the variable cap_uri */ |
| 25 | rc=metadata_getnobj(cap_obj,1,cap_uri); |
| 26 | |
| 27 | /* Add the capability association to the role. */ |
| 28 | rc=metadata_setassn(uri,"AccessControlEntries","APPEND",cap_uri); |
| 29 | |
| 30 | /**** Add the Role to a Group ****/ |
| 31 | rc=metadata_setassn(uri,"MemberIdentities","APPEND","omsobj:IdentityGroup? @Name='group1'"); |
| 32 | RUN; |
This material is provided "as is" by We Are Cas. There are no warranties, expressed or implied, as to merchantability or fitness for a particular purpose regarding the materials or code contained herein. We Are Cas is not responsible for errors in this material as it now exists or will exist, nor does We Are Cas provide technical support for it.
Copyright Info : Author: Greg Wootton Date: 09OCT2020
