Attention : This code requires administrator privileges.
The program connects to the SAS© metadata server to identify 'Login' objects whose user ID contains an outdated Windows domain. For each 'Login' found, it isolates the username, combines it with the new domain name, and then updates the 'UserID' attribute in the SAS© metadata. This automates the migration of user IDs following an authentication domain change.
Data Analysis
Type : CREATION_INTERNE
Data is dynamically extracted from the SAS metadata server. The script does not read any external data sources (file, database) or use SASHELP tables. It operates directly on metadata objects returned by SAS functions.
1 Code Block
OPTIONS
Explanation :
This block configures the connection options to the SAS metadata server. It specifies the host, port, administrator credentials, repository, and protocol required to interact with SAS metadata.
This block configures the connection options to the SAS metadata server. It specifies the host, port, administrator credentials, repository, and protocol required to interact with SAS metadata.
Copied!
| 1 | options |
| 2 | metaserver="meta.demo.sas.com" |
| 3 | metaport=8561 |
| 4 | metauser="sasadm @saspw" |
| 5 | metapass="password" |
| 6 | metarepository=Foundation |
| 7 | metaprotocol=BRIDGE; |
2 Code Block
DATA STEP
Explanation :
This _NULL_ DATA step (which does not create a SAS table) executes the main logic. It defines the old and new domains via macro variables. It uses `metadata_resolve` to count 'Login' objects corresponding to a metadata query. If objects are found, a loop iterates over each 'Login' to retrieve its URI with `metadata_getnobj` and its 'UserID' with `metadata_getattr`. It then manipulates the character string to replace the domain, and updates the metadata object with the new value using `metadata_setattr`, which constitutes an administration operation.
This _NULL_ DATA step (which does not create a SAS table) executes the main logic. It defines the old and new domains via macro variables. It uses `metadata_resolve` to count 'Login' objects corresponding to a metadata query. If objects are found, a loop iterates over each 'Login' to retrieve its URI with `metadata_getnobj` and its 'UserID' with `metadata_getattr`. It then manipulates the character string to replace the domain, and updates the metadata object with the new value using `metadata_setattr`, which constitutes an administration operation.
Copied!
| 1 | DATA _null_; |
| 2 | /* Define the old and replacement domains. */ |
| 3 | %let old_domain = domain; |
| 4 | %let new_domain = newdomain; |
| 5 | /* End edit. */ |
| 6 | |
| 7 | /* Define and initialize variables. */ |
| 8 | LENGTH type id login_uri user stripped_user new_user $ 60; |
| 9 | call missing(type,id,login_uri,user); |
| 10 | |
| 11 | /* This is the query to local the Logins with the old domain. */ |
| 12 | obj="omsobj:Login? @code_sas_json/list_defaultauth_userids.json contains '&old_domain\'"; |
| 13 | |
| 14 | /* Count the number of logins found by the query above. */ |
| 15 | count=metadata_resolve(obj,type,id); |
| 16 | |
| 17 | /* If logins were found, proceed. */ |
| 18 | IF count > 0 THEN DO n = 1 to count; |
| 19 | /* Get the Metadata URI for the nth login. */ |
| 20 | login_rc=metadata_getnobj(obj,n,login_uri); |
| 21 | /* Pull the full user ID for the login. */ |
| 22 | rc=metadata_getattr(login_uri,"UserID",user); |
| 23 | /* Strip the domain from the user ID. */ |
| 24 | stripped_user=trim(scan(user,2,'\')); |
| 25 | /* Define a new variable with the new domain and the user ID. */ |
| 26 | new_user=cats("&new_domain\",stripped_user); |
| 27 | /* Set this new variable as the UserID attribute. */ |
| 28 | rc=metadata_setattr(login_uri,"UserID",new_user); |
| 29 | end; |
| 30 | /* If no logins are found with that domain, write that to the SAS log. */ |
| 31 | else put "No users match query"; |
| 32 | RUN; |
3 Code Block
DATA STEP
Explanation :
This `DATA STEP` block is responsible for creating the `work.users` dataset and populating it with user IDs. It declares and initializes the necessary variables. It uses `metadata_getnobj` to find the 'DefaultAuth' authentication domain and its URI, then `metadata_getattr` to retrieve its ID. Then, a `do while` loop iterates through all 'Login' objects associated with this domain. For each Login found, the user ID (`UserID`) is extracted via `metadata_getattr` and added to the `work.users` dataset. Only the `user_id` variable is retained in the final dataset.
This `DATA STEP` block is responsible for creating the `work.users` dataset and populating it with user IDs. It declares and initializes the necessary variables. It uses `metadata_getnobj` to find the 'DefaultAuth' authentication domain and its URI, then `metadata_getattr` to retrieve its ID. Then, a `do while` loop iterates through all 'Login' objects associated with this domain. For each Login found, the user ID (`UserID`) is extracted via `metadata_getattr` and added to the `work.users` dataset. Only the `user_id` variable is retained in the final dataset.
Copied!
| 1 | DATA work.users; /* Create work.users library to house data. */ |
| 2 | |
| 3 | /* declare variables */ |
| 4 | |
| 5 | LENGTH |
| 6 | ad_uri $ 256 |
| 7 | ad_id $ 256 |
| 8 | login_uri $ 256 |
| 9 | user_id $ 256; |
| 10 | |
| 11 | /* initialize variables. */ |
| 12 | |
| 13 | call missing(ad_uri,ad_id,login_uri,user_id); |
| 14 | keep user_id; /* only keep the user ids in the table. */ |
| 15 | |
| 16 | n=1; |
| 17 | /* Get the URI for the DefaultAuth Authentication Domain. */ |
| 18 | adrc=metadata_getnobj("omsobj:AuthenticationDomain? @name = 'DefaultAuth'",1,ad_uri); |
| 19 | rc=metadata_getattr(ad_uri,"Id",ad_id); |
| 20 | |
| 21 | /* Get number of login objects that have the DefaultAuth authentication */ |
| 22 | /* domain associated with them, as well as the URI of the first login. */ |
| 23 | loginrc=metadata_getnobj("omsobj:Login?Login[Domain/AuthenticationDomain[ @Id='"||ad_id||"']",n,login_uri); |
| 24 | DO while(loginrc>0); |
| 25 | /* extract the user ID from login */ |
| 26 | rc=metadata_getattr(login_uri,"UserID",user_id); |
| 27 | OUTPUT; |
| 28 | n+1; |
| 29 | /* Get the URI of the next login. */ |
| 30 | loginrc=metadata_getnobj("omsobj:Login?Login[Domain/AuthenticationDomain[ @Id='"||ad_id||"']",n,login_uri); |
| 31 | END; |
| 32 | RUN; |
This material is provided "as is" by We Are Cas. There are no warranties, expressed or implied, as to merchantability or fitness for a particular purpose regarding the materials or code contained herein. We Are Cas is not responsible for errors in this material as it now exists or will exist, nor does We Are Cas provide technical support for it.
Copyright Info : Author: Greg Wootton Date: 24MAY2019
