SAS administrators tip: keeping track of SAS users
source link: https://blogs.sas.com/content/sgf/2016/01/13/sas-administrators-tip-keeping-track-of-sas-users/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
If you are a SAS Administrator who is tasked with managing SAS users including adding and removing SAS users in the SAS Management Console, assigning (or re-assigning) them to Groups and Roles, maintaining their General information and user Accounts, then you know that when number of users grow, at some point things can get messy.
SAS Users Definition in the Metadata
Suppose, you have multiple SAS users defined in the SAS Management Console as in the following example:
1 - General tab:
2 - Groups and Roles tab:
3 - Accounts tab:
After adding a couple dozen (or hundred) users to SAS Metadata using the User Manager plug-in of the SAS Management Console you will start dreaming of some “push-a-button” report that will show a listing of all your SAS users with all the relevant information (name, title, description, e-mail, groups, user id, etc.) in a plain view.
Luckily, SAS provides you with a little-known, but well-documented macro that makes such SAS users reporting a snap.
%MDUEXTR Macro
This macro is documented in the SAS Intelligence Platform: Security Administration Guide and it is one of the several User Import Macros that you get with SAS Business Intelligence or SAS Visual Analytics installation. When invoked, it extracts SAS user identity information from the SAS metadata and creates several canonical tables:
SAS Users Report Implementation
Having the above tables at your fingertips, you can easily combine them in any way you need to generate a report you want. Here is the code example:
/* Connect to the SAS metadata server */ options metaserver = "a123.us.company.com" metaport = 8561 metauser = "sasadm@saspw" metapass = "{SAS002}1D57933958C580064BD3DCA81A33DFB2" metarepository = Foundation metaprotocol = bridge ; /* Extract user information from the SAS metadata */ %mduextr(libref=work); /* Combine data from multiple tables */ data work.metadata_users (drop=keyid); merge work.person (keep=keyid name DisplayName title description in=user) work.logins (keep=keyid UserID) work.groupmempersons_info (keep=memid name rename=(name=groupname memid=keyid)) work.email (keep=keyid emailAddr) ; by keyid; if user; run; proc sort data=work.metadata_users; by name groupname; run; /* Blank out duplicate information */ data work.metadata_users_ready; set work.metadata_users; by name; array a [*] name DisplayName title description emailAddr UserID; if not first.name then do i=1 to dim(a); a[i] = ''; end; run; /* Specify output file location */ filename fout 'C:\PROJECTS\_BLOG_SAS\sas-admin-keeping-track-of-sas-users\user-roster.html'; /* Generate report on SAS metadata users and their groups */ ods html file=fout; title "SAS Metadata Registered Users (as of %sysfunc(putn(%sysfunc(datetime()),datetime19.)))"; proc print data=work.metadata_users_ready noobs label; var name DisplayName title description emailAddr UserID groupname; label name = 'User Name' DisplayName = 'Display Name' title = 'Job Title' description = 'Description' emailAddr = 'Email Address' UserID = 'User ID' groupname = 'Member of Group' ; run; ods html close;
SAS Metadata Users Report Output
Here is a fragment of the SAS Users report output in HTML format produced by the above code (you may click on the image below to see the report in a web browser):
In the above implementation, we assumed for simplicity that each user has a single user id. If that is not the case, you would need to modify the code section denoted as Blank out duplicate information.
I also recommend: SAS administrators tip: Automatically deleting old SAS logs
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK