Simple Row-Level Filtering

Attention : This code requires administrator privileges.

This example modifies access to a CAS table (`tableA`) so that a specific user (`userA`) can only access rows where the value of the `Make` column is 'Ford'. It demonstrates the use of the `accessControl.updSomeAcsTable` action to assign 'Select' and 'ReadInfo' permissions with a row-level filtering condition. It is assumed that the user does not already have `ReadInfo` access to the table. Examples include creating a temporary CAS table to ensure autonomy.

Data Analysis

Type : CREATION_INTERNE

Examples use data generated via a DATA Step with Datalines, then loaded into CAS (caslib 'casuser').

1 Code Block

DATA STEP / PROC CAS Data

Explanation :
This example creates a table named 'Cars' in the 'casuser' caslib. Then, it uses the `accessControl.updSomeAcsTable` action to grant 'userA' 'Select' and 'ReadInfo' permissions on this table. The 'Select' permission is accompanied by a filter, ensuring that 'userA' can only see rows where the 'Make' column has the value 'Ford'.

Copied!

1	/* Création de données d'exemple dans CAS */
2	DATA casuser.Cars;
3	INFILE DATALINES;
4	INPUT Make $ Model $ Price;
5	DATALINES;
6	Ford Focus 20000
7	Ford Mustang 35000
8	Honda Civic 22000
9	Honda CRV 28000
10	Toyota Camry 25000
11	Chevrolet Cruze 21000
12	;
13	RUN;
14
15	/* Charger la table dans CAS */
16	PROC CAS;
17	SESSION casauto;
18	TABLE.promote /
19	caslib='casuser'
20	name='Cars'
21	replace=true;
22	RUN;
23	QUIT;
24
25	/* Appliquer le filtre de sécurité au niveau ligne pour 'userA' */
26	/* Note: 'userA' doit exister dans l'environnement SAS Viya */
27	PROC CAS;
28	SESSION casauto;
29	ACCESSCONTROL.updSomeAcsTable /
30	acs={
31	{caslib="casuser",
32	TABLE="Cars",
33	identity="userA",
34	identityType="User",
35	permType="Grant",
36	permission="Select",
37	filter="Make='Ford'"},
38	{caslib="casuser",
39	TABLE="Cars",
40	identity="userA",
41	identityType="User",
42	permType="Grant",
43	permission="ReadInfo"}
44	};
45	RUN;
46	QUIT;

2 Code Block

PROC CAS

Explanation :
This example extends the filtering concept by applying a more complex filter for 'userB'. This filter allows 'userB' to see rows where 'Make' is 'Honda' OR 'Price' is greater than 25000. In addition to 'Select' and 'ReadInfo' permissions, 'userB' also receives 'Update' permission on the filtered table.

Copied!

1	/* Assurez-vous que la table 'Cars' existe et est chargée comme dans l'Exemple 1 */
2	/* Si non, exécuter la partie de création de données de l'Exemple 1 */
3
4	/* Appliquer un filtre plus complexe et des permissions additionnelles pour 'userB' */
5	/* Note: 'userB' doit exister dans l'environnement SAS Viya */
6	PROC CAS;
7	SESSION casauto;
8	ACCESSCONTROL.updSomeAcsTable /
9	acs={
10	{caslib="casuser",
11	TABLE="Cars",
12	identity="userB",
13	identityType="User",
14	permType="Grant",
15	permission="Select",
16	filter="Make='Honda' OR Price > 25000"},
17	{caslib="casuser",
18	TABLE="Cars",
19	identity="userB",
20	identityType="User",
21	permType="Grant",
22	permission="ReadInfo"},
23	{caslib="casuser",
24	TABLE="Cars",
25	identity="userB",
26	identityType="User",
27	permType="Grant",
28	permission="Update"}
29	};
30	RUN;
31	QUIT;

3 Code Block

PROC CAS

Explanation :
This example illustrates how to use a SAS macro variable (`selected_make`) to dynamically insert a value into the filter condition. This simulates a dynamic filter without the need to re-code the action. 'userC' will have filtered access for cars of brand 'Toyota'.

Copied!

1	/* Assurez-vous que la table 'Cars' existe et est chargée comme dans l'Exemple 1 */
2	/* Si non, exécuter la partie de création de données de l'Exemple 1 */
3
4	%let selected_make = Toyota;
5
6	/* Appliquer le filtre de sécurité avec une valeur dynamique pour 'userC' */
7	/* Note: 'userC' doit exister dans l'environnement SAS Viya */
8	PROC CAS;
9	SESSION casauto;
10	ACCESSCONTROL.updSomeAcsTable /
11	acs={
12	{caslib="casuser",
13	TABLE="Cars",
14	identity="userC",
15	identityType="User",
16	permType="Grant",
17	permission="Select",
18	filter="Make='%upcase(&selected_make)'"},
19	{caslib="casuser",
20	TABLE="Cars",
21	identity="userC",
22	identityType="User",
23	permType="Grant",
24	permission="ReadInfo"}
25	};
26	RUN;
27	QUIT;

4 Code Block

PROC CAS

Explanation :
This example shows how to revoke the permissions (and consequently the associated row filter) that were previously granted to 'userA' on the 'Cars' table. The `accessControl.dropSomeAcsTable` action with `permType='Revoke'` is used to remove 'Select' and 'ReadInfo' permissions, which also cancels the row-level filter for these permissions. After this operation, 'userA' will no longer have filtered access.

Copied!

1	/* Assurez-vous qu'un filtre existe pour 'userA' comme dans l'Exemple 1 */
2
3	/* Suppression des permissions de sélection et ReadInfo pour 'userA' sur 'Cars' avec le filtre */
4	PROC CAS;
5	SESSION casauto;
6	ACCESSCONTROL.dropSomeAcsTable /
7	acs={
8	{caslib="casuser",
9	TABLE="Cars",
10	identity="userA",
11	identityType="User",
12	permType="Revoke", /* Utiliser Revoke pour supprimer les permissions */
13	permission="Select"},
14	{caslib="casuser",
15	TABLE="Cars",
16	identity="userA",
17	identityType="User",
18	permType="Revoke",
19	permission="ReadInfo"}
20	};
21	RUN;
22	QUIT;
23
24	/* Après exécution, 'userA' n'aura plus les permissions 'Select' et 'ReadInfo' sur la table 'Cars', et le filtre de lignes associé sera supprimé. */

This material is provided "as is" by We Are Cas. There are no warranties, expressed or implied, as to merchantability or fitness for a particular purpose regarding the materials or code contained herein. We Are Cas is not responsible for errors in this material as it now exists or will exist, nor does We Are Cas provide technical support for it.

Retour à la liste