This post continues a series of examples on Advanced Expression-Based Filters for Metacoda Plug-ins, in this case for the Protected Object Reviewer.
Here are some expressions that you may find useful to copy and paste into the filter bar of the Metacoda Protected Object Reviewer as a starting point for finding interesting sets of SAS metadata objects that have had access controls, Access Control Templates (or ACTs) and/or Access Control Entries (ACEs or explicit permissions), applied to them:
Protected Tree Branch Objects: show folders and objects, underneath the /Vegas Enterprises metadata tree branch, that have had any ACTs or ACEs applied to them.
#@ path.startsWith("/Vegas Enterprises")
ACT Protected Tree Branch Objects: show folders and objects, underneath the /Vegas Enterprises metadata tree branch, that have had ACTs applied (and optionally ACEs). Continue reading “Metacoda Plug-ins Tip: Advanced Expression-Based Filters (Protected Object Reviewer)”
This post continues a series of examples on Advanced Expression-Based Filters for Metacoda Plug-ins, in this case for the ACE Reviewer.
Here are some expressions that you may find useful to copy and paste into the filter bar of the Metacoda ACE Reviewer as a starting point for finding interesting sets of SAS Access Control Entries (ACEs or explicit permissions):
Tree Branch ACEs: show explicit permissions on folders and objects underneath the /Vegas Enterprises/HR metadata tree branch.
#@ protectedObjectPath.startsWith("/Vegas Enterprises/HR")
Object Type ACEs: show explicit permissions on folders (excluding the root folder) Continue reading “Metacoda Plug-ins Tip: Advanced Expression-Based Filters (ACE Reviewer)”
Many of the Metacoda Plug-ins have Filter Bars which provide a way to filter the contents displayed and show an interesting subset. Normally they do simple case-insensitive “contains” filtering on key attributes like name and description (the filter bar label indicates which attributes are used).
Simple text filtering, as described above, is sufficient for many needs. However, for more advanced requirements there is the ability to switch to expression-based filters which are much more flexible. To use expression-based filtering you add a #@ prefix at the beginning of the filter bar field. What follows is then an expression that can use many of the other attributes/columns available in the tables. This expression is written as a Java like expression (BeanShell to be precise) and must resolve to a boolean true/false to determine whether a row should be shown in the table. Any errors in the expression will be shown in a popup error dialog.
This will allow you to do complex expressions like this in the User Reviewer: Continue reading “Metacoda Plug-ins Tip: Advanced Expression-Based Filters (ACT Reviewer)”
This is the first of a series of quick-tip type posts on Metacoda Plug-ins. Most of my previous posts have been relatively long (and less frequent). These quick-tip posts will generally be shorter and hopefully more frequent (time permitting). They will mostly be of use to Metacoda customers and may include links to the appropriate documentation pages (login required). I will the posts with “Metacoda Plug-ins Tip” so you can browse the collection if you want (currently a collection of 1!).
To kick the series off, this post is about the forced-refresh preferences. These are preferences that control whether or not Metacoda Plug-ins will refresh its cache of SAS security metadata prior to exporting HTML, CSV and Security Test XML files. You will find these preferences as check-boxes located in Security Tools Common Preferences available via the Preferences context menu item from right-mouse clicking over most of the Metacoda Plug-ins.
Continue reading “Metacoda Plug-ins Tip: Forced Refresh (or not)”
Sometimes I forget whether I’ve added our internal site root and intermediate CA certificates to the Trusted CA Bundle that SAS® Software applications use. Sometimes I also forget the command I can use to find out whether I did! 😉 As is often the case with my blog posts, by jotting things down here, I can find them again either by searching this blog, or more likely, by remembering I wrote it when I see it turn up in Google search results!
If you use site-signed certificates from your own internal CA in your SAS platform installations then you’re probably already familiar with adding them to the Trusted CA Bundle using the SAS Deployment Manager (see the Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager section in the Encryption in SAS® 9.4 book for more info).
If you want to find out what CA certificates are already in that bundle you can use the Java keytool command like so:
/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit
It generates a long list of CA certs, so I pipe it through grep to look for the ones I want:
/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit | grep -i metacoda
If you want more details on the certificates you can Continue reading “Did I add that CA Certificate to the SAS Trusted CA Bundle?”