This post continues a series of examples on Advanced Expression-Based Filters for Metacoda Plug-ins, in this case for the ACE Reviewer.
Here are some expressions that you may find useful to copy and paste into the filter bar of the Metacoda ACE Reviewer as a starting point for finding interesting sets of SAS Access Control Entries (ACEs or explicit permissions):
Tree Branch ACEs: show explicit permissions on folders and objects underneath the /Vegas Enterprises/HR metadata tree branch.
#@ protectedObjectPath.startsWith("/Vegas Enterprises/HR")
Object Type ACEs: show explicit permissions on folders (excluding the root folder)
#@ protectedObjectPublicType.equals("Folder")
Non-Implicit ACEs: show explicit permissions for non-implicit identities (everyone other than PUBLIC and SASUSERS)
#@ !identities.equals("PUBLIC") && !identities.equals("SASUSERS")
Non-Implicit Denial ACEs: show explicit permissions for non-implicit identities where there is at least one permission denial (which goes against the best practice of only granting permissions to non-implicit identities)
#@ permissionsSummary.contains("-") && !identities.equals("PUBLIC") && !identities.equals("SASUSERS")
User ACEs: show explicit permissions that grant/deny permissions for users (hiding those that follow best practices in using groups)
#@ refersToPerson
Permission Condition ACEs: show explicit permissions that have permission conditions (as used for fine-grained security like OLAP member-level security and BI row-level security).
#@ !permissionCondition.equals("")
… or …
#@ permissionCondition.length() > 0
The examples above all work with the current Metacoda Plug-ins 6.0 release. If you have any other useful examples that you have used in the ACE Reviewer please post them as a comment below.