With SAS® 9.3 the SAS code for a Stored Process can be located in metadata rather than located the file system (as was required with earlier versions). I had often wondered whether this meant the SAS code was really in metadata or whether it appeared to be in metadata but was really kept in the SAS Content Server (as is done with SAS Web Report Studio report definition .srx XML files). I don’t like not knowing the answers to questions, even ones I ask myself, so today I went looking for an answer. Continue reading “SAS Stored Process Code in Metadata”
Tag: SAS Management Console
SAS Management Console: Client and Server Versions
We recently released an update to our Metacoda Security Plug-ins (V3.0 R2) with support for use with SAS® 9.3 M2. This of course required testing with a variety of SAS Metadata Server versions and different versions of SAS Management Console clients too. We could rule out SAS 9.1.3 because our V3 plug-ins are only supported for use with SAS versions 9.2 and 9.3 but that still leaves SAS 9.2 M3, SAS 9.3 M0 and SAS 9.3 M2 because there are small SAS metadata model differences between all of these. For example SAS 9.3 M0 has new metadata model types CalculatedMember, FavoritesContainer, NamedSet, and Search, which are not present in SAS 9.2. SAS 9.3 M2 also has new metadata model types SecuredLibrary and SecuredTable not present in SAS 9.3 M0.
The obvious combinations to test are the matching SAS Management Console and SAS Metadata Server versions, 9.2 to 9.2, 9.3 M0 to 9.3 M0, and 9.3 M2 to 9.3 M2. However we also need to test mismatched client and server versions because some mixed combinations are allowed. I’m sure you can imagine situations where the SAS Metadata Server version is upgraded but a few client workstations still have older SAS Management Console versions installed. Or perhaps someone is using a newer SAS Management Console version but accidentally connects to an older SAS Metadata Server in the middle of a migration project.
The following table shows the combinations of client and server versions where we have tested connections (to see if we need to test our plug-ins): Continue reading “SAS Management Console: Client and Server Versions”
Migrating SAS Access Control Templates
I ran into a tricky issue today whilst migrating some Access Control Templates (ACTs) from an old SAS® 9.3 M0 deployment to a new SAS 9.3 M2 deployment. I’d seen it before and I initially forgot how I resolved it. It took a little while to rediscover the method that worked so I’m blogging it in the hope I won’t forget it in future. Perhaps it will help others too.
As you may know, SAS 9.3 has virtual folders that allow you to export security metadata like users, groups, roles and ACTs. It’s quite handy. We use it at Metacoda to migrate some security metadata we carry over from version to version for testing and demonstrating our Metacoda Security Plug-ins. You can find more information about migrating security metadata on the SAS web site in the Promotion Details for Specific Object Types section of the SAS 9.3 Intelligence Platform: System Administration Guide, Second Edition.
I had successfully exported a package of ACTs from my source 9.3 M0 environment, but when I tried to import them into my target 9.3 M2 environment I saw the following error message:
It was quite puzzling. It said I had to import ACTs into a specific folder, but that was the very same folder I was trying to import into. I had a feeling of deja-vu. I realized I’d seen this back when I first set up our SAS 9.3 M0 environment and was testing migration of security metadata between levels for the same SAS version. Continue reading “Migrating SAS Access Control Templates”
Metacoda’s Metadata Explorer Plug-in
Update 15Jun2015: The Metadata Explorer plug-in discussed in this blog post was first made publicly available with Metacoda Plug-ins V3.0. It has been enhanced in subsequent releases and now supports additional SAS platform versions beyond those originally mentioned in this post (such as SAS 9.4). For more information on supported SAS versions, please see the Metacoda Plug-ins System Requirements page.
My work at Metacoda involves lots of metadata, as does my work as in SAS® platform administration. I spend a lot of time looking inside SAS metadata repositories, searching for objects, looking at their attributes, following their associations to other objects, and generally getting to grips with the SAS Metadata Model. I write programs that use the SAS Open Metadata Interface, primarily using the SAS Java Metadata Interface, but sometimes using the SAS Language Interface to Metadata usually via PROC METADATA.
When I originally started to explore metadata, I used the metabrowse feature in Foundation SAS. I really liked it, but I’m not always working on, or have easy access to, a machine that has Base SAS installed (and I wanted to do some more extensive searching). I do spend a lot of time inside the SAS Management Console though. I tried using the XML Metadata Interface in SAS Management Console 9.1 for a short while but found it made me think too much about how to do the query, rather than what it was I was looking for. I also found working with the raw XML results returned by the XML Metadata Interface plug-in was a bit challenging too and it distracted me from my original purpose of finding metadata. As an aside, the SAS Management Console XML Metadata Interface plug-in is no longer available by default in SAS Management Console 9.2 and 9.3, but it is still available. If you need it, you can find instructions on how to enable it in a SAS Global Forum 2012 paper.
Now, as many programmers do when they can’t quite find what they are looking for, they write their own tools, and this is what I did. “scratching an itch” is a term I often hear programmers use to describe this. My goals for this ideal metadata exploration tool, which evolved over time, were along these lines: Continue reading “Metacoda’s Metadata Explorer Plug-in”
Sneak Peek at our new Effective Permissions Explorers
Update 16Apr2015: The Effective Permissions Explorers discussed in this blog post were first made available in Metacoda Plug-ins V3.0 and further enhanced in Metacoda Plug-ins V4.0. Details of additional improvements coming in the next release, including export to HTML and CSV, are discussed in this more recent blog post: Getting Ready for SASGF15
Update 08Aug2012: The Effective Permissions Explorers discussed in this blog post are now available for testing. More information is available in this Metacoda blog post: Metacoda Plug-ins V3.0 BETA2 (with free Metadata Explorer & ACT Reviewer!)
This post is a sneak peek at a couple of effective permissions explorers that we are putting into the next version of our Metacoda Security Plug-ins. We’ll also be demoing these at the SAS Global Forum 2012 in Orlando next week, so if you’re attending please pop by and visit us.
One of the most common requests we had been hearing at Metacoda was about providing extra information for effective permissions with SAS® metadata security. Effective permissions will tell you exactly what permissions are granted or denied for a particular user on a particular object, taking into account all of the factors such as Access Control Templates (ACTs), Access Controls Entries (ACEs or explicit permissions), object inheritance paths and identity hierarchies. Effective permissions give you this information without you having to understand all of the rules that SAS software follows to work them out. Of course, I still think an understanding of the rules is essential knowledge for SAS platform administrators to help with planning and impact awareness but that’s another story. Attending the SAS Platform Administration: Fast Track course from SAS Institute is a great way to learn these rules.
Why Another Effective Permissions Tool?
Effective permissions can already be seen in SAS Management Console 9.2 & 9.3 through the Explore Authorizations tab (accessible to administrators via the Advanced button on any objects Authorization tab). This is a great feature and I can’t recommend it enough to people who are troubleshooting metadata permissions on a single object. What we were hearing was Continue reading “Sneak Peek at our new Effective Permissions Explorers”