Skip to content

platformadmin.com

Paul Homes blogging on SASĀ® platform administration topics

  • Home
  • Reading List
  • About / Contact
  • RSS Feed
  • LinkedIn
  • GitHub
  • LinkedIn (Metacoda)
  • YouTube (Metacoda)
platformadmin.com

Tag: ACT

Duplicating or Copying SAS Access Control Templates

When working with SAS® 9 metadata security, I often want to create an Access Control Template (ACT) which is very similar to an existing ACT. It may be that it will have a similar definition or permission pattern. It will usually have the same access controls applied to it for its own protection. It might occasionally be applied to protect the same set of objects as the original ACT.

Duplicating or copying SAS metadata security objects, such as ACTs, users, groups, and roles, has been a common request from Metacoda customers too. For this reason we added duplication support in Metacoda Plug-ins 6.1 R3. In the ACT, User, Group, and Role Reviewer plug-ins you will find a new Duplicate… action in the the context menu seen when right-mouse clicking over an object. A pop-up dialog then gives you some options to control what is duplicated.

The ability to duplicate objects via this facility is limited to SAS administrators via membership of one the standard SAS metadata server roles (i.e. “Metadata Server: Unrestricted“, “Metadata Server: User Administration“, or “Metadata Server: Operation“). Of course you also need permission to view the object you are duplicating. Continue reading “Duplicating or Copying SAS Access Control Templates”

Author Paul HomesPosted on 9 March 202029 December 2024Categories Metacoda Security Plug-insTags ACT, ACT Reviewer, Authorization Manager, Metacoda Plug-ins, Metacoda Plug-ins Tip, Metacoda Security Plug-ins, SAS, SAS 9.2, SAS 9.3, SAS 9.4, SAS Management Console, SAS Metadata, SAS Metadata Security

Metacoda Plug-ins Tip: Advanced Expression-Based Filters (Protected Object Reviewer)

This post continues a series of examples on Advanced Expression-Based Filters for Metacoda Plug-ins, in this case for the Protected Object Reviewer.

Here are some expressions that you may find useful to copy and paste into the filter bar of the Metacoda Protected Object Reviewer as a starting point for finding interesting sets of SAS metadata objects that have had access controls, Access Control Templates (or ACTs) and/or Access Control Entries (ACEs or explicit permissions), applied to them:

Protected Tree Branch Objects: show folders and objects, underneath the /Vegas Enterprises metadata tree branch, that have had any ACTs or ACEs applied to them.

#@ path.startsWith("/Vegas Enterprises")

ACT Protected Tree Branch Objects: show folders and objects, underneath the /Vegas Enterprises metadata tree branch, that have had ACTs applied (and optionally ACEs). Continue reading “Metacoda Plug-ins Tip: Advanced Expression-Based Filters (Protected Object Reviewer)”

Author Paul HomesPosted on 16 May 201829 December 2024Categories Metacoda Security Plug-insTags ACE, ACT, Advanced Expression-Based Filters, BeanShell, Filter Bar, Member Level Security, Metacoda Plug-ins, Metacoda Plug-ins Tip, Metacoda Security Plug-ins, Protected Object Reviewer, Row Level Security, SAS Metadata Security

Metacoda Plug-ins Tip: Advanced Expression-Based Filters (ACT Reviewer)

Many of the Metacoda Plug-ins have Filter Bars which provide a way to filter the contents displayed and show an interesting subset. Normally they do simple case-insensitive “contains” filtering on key attributes like name and description (the filter bar label indicates which attributes are used).

Metacoda Plug-ins Filter Bar

Simple text filtering, as described above, is sufficient for many needs. However, for more advanced requirements there is the ability to switch to expression-based filters which are much more flexible. To use expression-based filtering you add a #@ prefix at the beginning of the filter bar field. What follows is then an expression that can use many of the other attributes/columns available in the tables. This expression is written as a Java like expression (BeanShell to be precise) and must resolve to a boolean true/false to determine whether a row should be shown in the table. Any errors in the expression will be shown in a popup error dialog.

This will allow you to do complex expressions like this in the User Reviewer: Continue reading “Metacoda Plug-ins Tip: Advanced Expression-Based Filters (ACT Reviewer)”

Author Paul HomesPosted on 16 May 201829 December 2024Categories Metacoda Security Plug-insTags ACT, ACT Reviewer, Advanced Expression-Based Filters, BeanShell, Filter Bar, Metacoda Plug-ins, Metacoda Plug-ins Tip, Metacoda Security Plug-ins, SAS Metadata Security

Promoting SAS Security Metadata (in Custom Repositories)

Did you know that with SASĀ® 9.3 you can promote (export/import) SAS metadata packages containing users, groups, roles, and ACTs, just like you can with Jobs, Tables, Libraries, Stored Processes, Reports and Information Maps? I needed to do this myself a few weeks ago. I wanted to promote some groups, roles and ACTs from an existing SAS 9.3 M1 installation to a newer SAS 9.3 M2 installation. Security metadata can be exported and imported via a SAS package file (.spk) from special virtual folders under the top-level /System folder. These virtual folders are distinguishable from normal folders because they have white folder icons instead of yellow folder icons as shown below.

SAS Management Console Virtual Folders

You can find out more information about this feature, including a few considerations you need to be aware of, by reading the Promoting Security Objects and Server Objects sub-section of the main Promotion Details for Specific Object Types section in the SAS 9.3 Intelligence Platform: System Administration Guide, Second Edition.

My security metadata promotion was a little more complicated than normal because I was also promoting some security metadata located in a custom repository. I normally avoid using custom repositories as much as possible (preferring to store everything in the Foundation repository and partitioning content with folders and ACTs). This is especially the case for security metadata: I’ve found that security metadata in custom repositories, being less visible, tends to get forgotten until it gets rediscovered whilst troubleshooting tricky security problems. Helping a customer resolve such problems was the reason we made security metadata from custom repositories highly visible in our Metacoda Security Plug-ins. We have since needed to keep some security metadata in custom repositories for the purposes of development and testing of our software. This is the custom repository security metadata I was attempting to promote, but it took me a little while to find it in the virtual folders …. Continue reading “Promoting SAS Security Metadata (in Custom Repositories)”

Author Paul HomesPosted on 2 April 201320 September 2024Categories GeneralTags ACT, Groups, Metadata Migration, Metadata Promotion, Roles & Capabilities, SAS, SAS 9.3, SAS Management Console, SAS Metadata Security, Users

Migrating SAS Access Control Templates

I ran into a tricky issue today whilst migrating some Access Control Templates (ACTs) from an old SAS® 9.3 M0 deployment to a new SAS 9.3 M2 deployment. I’d seen it before and I initially forgot how I resolved it. It took a little while to rediscover the method that worked so I’m blogging it in the hope I won’t forget it in future. Perhaps it will help others too.

As you may know, SAS 9.3 has virtual folders that allow you to export security metadata like users, groups, roles and ACTs. It’s quite handy. We use it at Metacoda to migrate some security metadata we carry over from version to version for testing and demonstrating our Metacoda Security Plug-ins. You can find more information about migrating security metadata on the SAS web site in the Promotion Details for Specific Object Types section of the SAS 9.3 Intelligence Platform: System Administration Guide, Second Edition.

I had successfully exported a package of ACTs from my source 9.3 M0 environment, but when I tried to import them into my target 9.3 M2 environment I saw the following error message:

It was quite puzzling. It said I had to import ACTs into a specific folder, but that was the very same folder I was trying to import into. I had a feeling of deja-vu. I realized I’d seen this back when I first set up our SAS 9.3 M0 environment and was testing migration of security metadata between levels for the same SAS version. Continue reading “Migrating SAS Access Control Templates”

Author Paul HomesPosted on 3 December 201220 September 2024Categories GeneralTags ACT, Metadata Migration, Metadata Promotion, SAS, SAS 9.3, SAS Management Console
RSS Feed Follow me on Mastodon View my LinkedIn® profile Send me a message   Vertical separator   Visit the Metacoda web site

Metacoda - productivity through metadata visibility

Horizontal separator

Tags

  • Accounts/Logins
  • ACT
  • Active Directory
  • Base SAS
  • Best Practices
  • Blogging
  • Identity Sync
  • IWA
  • Kerberos
  • Linux
  • Logging
  • Metacoda Plug-ins
  • Metacoda Plug-ins Tip
  • Metacoda Security Plug-ins
  • Metadata API
  • Metadata Migration
  • Metadata Promotion
  • Metadata Security Testing
  • Mid-Tier
  • PAM
  • platformadmin.com
  • Roles & Capabilities
  • SAS
  • SAS 9.1
  • SAS 9.2
  • SAS 9.3
  • SAS 9.4
  • SAS Architecture
  • SAS Configuration
  • SAS Enterprise Guide
  • SAS Global Forum
  • SAS Information Delivery Portal
  • SAS Installation
  • SAS Management Console
  • SAS Metadata
  • SAS Metadata Security
  • SAS Papers
  • SAS Training
  • SAS Usage Notes
  • SAS Viya
  • SPN
  • Ubuntu
  • UNIX
  • Windows
  • Windows 2008 R2

Blog Roll [ ... and links to blog rolls]

  • [ … blogs.sas.com]
  • [ … SAS RSS Feeds]
  • NOTE: The blog of RTSL.eu
  • The SAS Dummy

Metacoda Links

  • Metacoda
  • Metacoda Security Plug-ins
  • Metacoda Support

SAS Communities

  • SAS Communities
  • Stack Overflow / SAS tag
  • Super User / SAS tag

SAS Institute Links

  • SAS
  • SAS Australia
  • SAS Customer Support

SAS User Groups

  • [ … other SAS user groups]
  • SAS Global Forum
  • SUGA

Categories

  • General
  • Guest Posts
  • Interesting SAS Usage Notes
  • Linux
  • Metacoda
  • Metacoda Custom Tasks
  • Metacoda Plug-ins
  • Metacoda Security Plug-ins
  • SAS Architecture
  • SAS Books
  • SAS Configuration
  • SAS Documentation
  • SAS Enterprise Guide
  • SAS Environment Manager
  • SAS Installation
  • SAS Management Console
  • SAS Metadata
  • SAS Metadata Security
  • SAS Open Metadata API
  • SAS Software
  • SAS Support Resources
  • SAS Training
  • SAS User Groups
  • SAS Viya
  • Solaris
  • VirtualBox
  • Windows

Archives

  • October 2023
  • September 2023
  • August 2023
  • March 2023
  • February 2023
  • March 2022
  • July 2021
  • May 2021
  • March 2021
  • October 2020
  • March 2020
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • October 2018
  • September 2018
  • August 2018
  • May 2018
  • February 2018
  • September 2017
  • August 2017
  • June 2017
  • April 2017
  • January 2017
  • July 2016
  • April 2016
  • March 2016
  • November 2015
  • September 2015
  • July 2015
  • June 2015
  • March 2015
  • February 2015
  • January 2015
  • October 2014
  • May 2014
  • March 2014
  • February 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • Home
  • Reading List
  • About / Contact
  • RSS Feed
  • LinkedIn
  • GitHub
  • LinkedIn (Metacoda)
  • YouTube (Metacoda)

Copyright © 2010-2025 Paul Homes. All rights reserved. | Legal Notices | Admin