Here are some expressions that you may find useful to copy and paste into the filter bar of the Metacoda ACE Reviewer as a starting point for finding interesting sets of SAS Access Control Entries (ACEs or explicit permissions):
Tree Branch ACEs: show explicit permissions on folders and objects underneath the /Vegas Enterprises/HR metadata tree branch.
#@ protectedObjectPath.startsWith("/Vegas Enterprises/HR")
Object Type ACEs: show explicit permissions on folders (excluding the root folder)
Non-Implicit ACEs: show explicit permissions for non-implicit identities (everyone other than PUBLIC and SASUSERS)
#@ !identities.equals("PUBLIC") && !identities.equals("SASUSERS")
Non-Implicit Denial ACEs: show explicit permissions for non-implicit identities where there is at least one permission denial (which goes against the best practice of only granting permissions to non-implicit identities)
#@ permissionsSummary.contains("-") && !identities.equals("PUBLIC") && !identities.equals("SASUSERS")
User ACEs: show explicit permissions that grant/deny permissions for users (hiding those that follow best practices in using groups)
Permission Condition ACEs: show explicit permissions that have permission conditions (as used for fine-grained security like OLAP member-level security and BI row-level security).
… or …
#@ permissionCondition.length() > 0
The examples above all work with the current Metacoda Plug-ins 6.0 release. If you have any other useful examples that you have used in the ACE Reviewer please post them as a comment below.