Tag: Metacoda Plug-ins

Finding Private User Folders for Deleted SAS Platform Users

“How do I find all the private user folders for SAS users that have been deleted so I know which folders can be removed?”

I was asked this question recently and thought that I should be able to build up a single line XMLSELECT style SAS® metadata query to answer it. I could then paste this query in our free Metacoda Metadata Explorer Plug-in and export the results as a CSV file.

If you’re reading this post because that’s something you need to do, and you want the answer quickly, then here is the query:

{{{ Tree[@PublicType='Folder'][not(AssociatedIdentity/Person)][ParentTree/Tree[@Name='User Folders']/SoftwareComponents/SoftwareComponent[@PublicType='RootFolder']] }}}

The 3 curly brackets at the beginning and end are only needed if you are using the Metacoda Metadata Explorer Plug-in as it’s a signal that it is not a simple text search but an advanced XMLSELECT style query. If you are plugging this into some SAS PROC METADATA code then strip off the curly brackets.

If you want to know how that query works Continue reading “Finding Private User Folders for Deleted SAS Platform Users”

Testing Conditional Grants in SAS Visual Analytics

If you use conditional grants in SAS® Visual Analytics for row level security, then you might be interested in one of the enhancements available in our recent Metacoda Plug-ins 5.0 release. This new release adds support for automated metadata security testing of the permission conditions behind conditional grants. Conditional grants, sometimes known as row-level permissions or row-level security, allow you to grant limited access to a subset of data based on an expression. If someone is in a constrained group then they only get to see the rows where the expression evaluates to true.

If you’re using conditional grants to restrict certain groups of users to specific subsets of data then you’d probably be keenly interested in making sure those conditional grants remain in place. You wouldn’t want to discover at some future time that, due to unexpected changes in the permission conditions, those groups of users have been getting much broader access to data than should have been allowed.

We’ve enhanced Metacoda Plug-ins in version 5 to help people maintain the integrity of their permission conditions in the following areas: Continue reading “Testing Conditional Grants in SAS Visual Analytics”

Testing Recommended Practices with SAS Metadata Security

If you use our Metacoda Security Testing Framework to continuously and automatically validate your SAS® platform metadata security implementations, then you’ll be interested in some new ‘recommended practice’ tests that are coming in the next release of Metacoda Plug-ins (version 5.0).

Are you are a fan of the Danish Golden Rules for SAS metadata security? Several of our new recommended practice tests can also help you enforce those rules for your SAS platform installations. The six golden rules can be found in SAS Global Forum 2011 paper 376-2011 “Best Practice Implementation of SAS® Metadata Security at Customer Sites in Denmark” by Cecily Hoffritz and Johannes Jørgensen from SAS Institute Denmark. It’s excellent paper that I often recommend to other SAS platform administrators. By following the golden rules presented in that paper you’ll find SAS metadata security much easier to understand and manage.

You might also notice that some of these recommended practice tests look like test-based alternatives to the recommend practice indicators currently available in Metacoda Security Plug-ins. These new recommended practice tests are a little bit smarter and also allow for exclusions – where you know a recommended practice is not being followed but have a good reason for doing so. While the indicators require someone to regularly look for them, the recommended practice tests can be scheduled to email an alert to someone whenever deviations from the practices are detected.

Here are some details and examples of the new recommended practices tests that will be available in Metacoda Security Plug-ins 5.0. I also point out which tests will help with enforcing the Danish Golden Rules. Continue reading “Testing Recommended Practices with SAS Metadata Security”

SAS Metadata Security Testing

SAS® Global Forum 2014 is now only a few days away, and I’m excited (and a little nervous) about presenting my paper Test for Success: Automated Testing of SAS® Metadata Security Implementations.

Update 03Apr2014: My paper is now available for download from the SAS Global Forum 2014 Online Proceedings.

SAS metadata security testing is a topic I’ve been contemplating for a long time now. For many organizations, metadata security is an important feature of the SAS platform. It enables them to control access to business resources described by the metadata and ensure their users can only use SAS applications to view and modify resources appropriate to their roles within the organization.

When metadata security is important, conducting security testing on a regular basis is important too. Regular testing allows an organization to feel confident in the security of their platform and to promptly detect deviations from a carefully crafted metadata security implementation. Many times I’ve seen accidental changes, or quick fixes, which had a detrimental impact on an installation’s metadata security. Without regular testing, Continue reading “SAS Metadata Security Testing”

SAS Stored Process Code in Metadata

With SAS® 9.3 the SAS code for a Stored Process can be located in metadata rather than located the file system (as was required with earlier versions). I had often wondered whether this meant the SAS code was really in metadata or whether it appeared to be in metadata but was really kept in the SAS Content Server (as is done with SAS Web Report Studio report definition .srx XML files). I don’t like not knowing the answers to questions, even ones I ask myself, so today I went looking for an answer. Continue reading “SAS Stored Process Code in Metadata”