mpe_accesscheck.sas
Go to the documentation of this file.
1 /**
2  @file
3  @brief Checks group access level for a table or library
4  @details In order for a user to be able to EDIT or APPROVE a table they must
5  be in a group that has been granted access to that table in the
6  MPE_SECURITY table. Alternatively, they may be in the &mpeadmins
7  group (which has full access to everything).
8 
9  @param [in] base_table The base table to check for
10  @param [in] user= The user for which the access level should be returned. If
11  not provided, the mf_user() result is used instead.
12  @param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd.
13  Valid values:
14  @li EDIT
15  @li APPROVE
16  @li VIEW
17  @param [in] cntl_lib_var= (MPELIB) The name of a global macro variable that
18  contains the libref in which the MPE_SECURITY table is stored
19  @param [out] outds= (MED_ACCESSCHECK) Output WORK table containing all the
20  groups for which the user is granted the particular ACCESS_LEVEL.
21 
22  <h4> SAS Macros </h4>
23  @li mp_abort.sas
24  @li mf_getuniquename.sas
25  @li mf_getuser.sas
26  @li mf_verifymacvars.sas
27  @li mpe_getgroups.sas
28 
29  <h4> Related Macros </h4>
30  @li mpe_accesscheck.test.sas
31 
32  @version 9.2
33  @author 4GL Apps Ltd
34  @copyright 4GL Apps Ltd. This code may only be used within Data Controller
35  and may not be re-distributed or re-sold without the express permission of
36  4GL Apps Ltd.
37 **/
38 
39 %macro mpe_accesscheck(
40  base_table
41  ,outds=med_accesscheck /* WORK table to contain access details */
42  ,user= /* metadata user to check for */
43  ,access_level=APPROVE
44  ,cntl_lib_var=MPELIB
45  );
46 
47  %if &user= %then %let user=%mf_getuser();
48 
49  %mp_abort(
50  iftrue=(%index(&outds,.)>0 and %upcase(%scan(&outds,1,.)) ne WORK)
51  ,mac=mpe_accesscheck
52  ,msg=%str(outds should be a WORK table)
53  )
54 
55  %mp_abort(
56  iftrue=(%mf_verifymacvars(base_table user access_level)=0)
57  ,mac=mpe_accesscheck
58  ,msg=%str(Missing base_table/user access_level variables)
59  )
60 
61  /* make unique temp table vars */
62  %local tempds1 tempds2;
63  %let tempds1=%mf_getuniquename(prefix=usergroups);
64  %let tempds2=%mf_getuniquename(prefix=tablegroups);
65 
66  /* get list of user groups */
67  %mpe_getgroups(user=&user,outds=&tempds1)
68 
69  /* get list of groups with access for that table */
70  proc sql;
71  create table &tempds2 as
72  select distinct sas_group
73  from &&&cntl_lib_var...mpe_security
74  where &dc_dttmtfmt. lt tx_to
75  and access_level="&access_level"
76  and (
77  (libref="%scan(&base_table,1,.)" and upcase(dsn)="%scan(&base_table,2,.)")
78  or (libref="%scan(&base_table,1,.)" and dsn="*ALL*")
79  or (libref="*ALL*")
80  );
81  %if &_debug ge 131 %then %do;
82  data _null_;
83  set &tempds1;
84  putlog (_all_)(=);
85  run;
86  data _null_;
87  set &tempds2;
88  putlog (_all_)(=);
89  run;
90  %end;
91 
92  proc sql;
93  create table &outds as
94  select * from &tempds1
95  where groupname="&mpeadmins"
96  or groupname in (select * from &tempds2);
97 
98  %put &sysmacroname: base_table=&base_table;
99  %put &sysmacroname: access_level=&access_level;
100 %mend mpe_accesscheck;