viewlibs.sas
Go to the documentation of this file.
1 /**
2  @file viewlibs.sas
3  @brief List the libraries for view access
4  @details
5 
6  <h4> SAS Macros </h4>
7  @li dc_getlibs.sas
8  @li mp_abort.sas
9  @li mf_getuser.sas
10  @li mpe_getgroups.sas
11  @li mpeinit.sas
12 
13  @version 9.3
14  @author 4GL Apps Ltd
15  @copyright 4GL Apps Ltd. This code may only be used within Data Controller
16  and may not be re-distributed or re-sold without the express permission of
17  4GL Apps Ltd.
18 **/
19 
20 %mpeinit()
21 
22 /**
23  * get full list of libraries
24  */
25 %dc_getlibs(outds=work.mm_getLibs)
26 
27 /* get security groups */
28 %mpe_getgroups(user=%mf_getuser(),outds=groups)
29 
30 /* get security settings */
31 data sec;
32  set &mpelib..mpe_security;
33  where &dc_dttmtfmt.lt tx_to and ACCESS_LEVEL='VIEW';
34 run;
35 
36 /* check for any matching groups */
37 proc sql noprint;
38 create table matches as
39  select * from sec
40  where upcase(sas_group) in (select upcase(groupname) from groups);
41 select count(*) into: securitygroupscount from matches;
42 select count(*) into: ALL_CNT from matches where libref='*ALL*';
43 %put securitygroupscount=&securitygroupscount;
44 %put ALL_CNT=&ALL_CNT;
45 %mp_abort(iftrue= (&syscc ne 0)
46  ,mac=&_program..sas
47  ,msg=%str(syscc=&syscc)
48 )
49 
50 %macro mpestp_viewlibs();
51 %if not %symexist(DC_RESTRICT_VIEWER) %then %let DC_RESTRICT_VIEWER=NO;
52 
53 /* scenario 1 - user is in admin group, hence can view all libraries */
54 proc sql noprint;
55 select count(*) into: scenario1 from groups where groupname="&mpeadmins";
56 %if &scenario1>0 %then %do;
57  %put user in admin group (scenario1=&scenario1);
58  %return;
59 %end;
60 /* scenario 2 - viewer unrestricted and no groups listed */
61 %if &DC_RESTRICT_VIEWER=NO and &securitygroupscount=0 %then %do;
62  %put DC_RESTRICT_VIEWER=&DC_RESTRICT_VIEWER;
63  %put securitygroupscount=&securitygroupscount;
64  %return;
65 %end;
66 
67 /* scenario 3 - an *ALL* libref is listed */
68 %if &all_cnt>0 %then %do;
69  %put all_cnt=&all_cnt;
70  %return;
71 %end;
72 
73 /* scenario 4 - specific librefs listed */
74 %if &securitygroupscount>0 %then %do;
75  %put scenario 4;
76  %put securitygroupscount=&securitygroupscount;
77  proc sql;
78  delete from mm_getLibs
79  where upcase(libraryref) not in (select upcase(libref) from matches);
80  %return;
81 %end;
82 
83 /* viewer restricted and no groups listed */
84 %if &DC_RESTRICT_VIEWER=YES and &securitygroupscount=0 %then %do;
85  %put DC_RESTRICT_VIEWER=&DC_RESTRICT_VIEWER;
86  %put securitygroupscount=&securitygroupscount;
87  data mm_getlibs;
88  set mm_getlibs;
89  stop;
90  run;
91  %return;
92 %end;
93 
94 %mp_abort(iftrue= (1=1)
95  ,mac=&_program..sas
96  ,msg=%str(unhandled security logic err!)
97 )
98 
99 %mend mpestp_viewlibs;
100 %mpestp_viewlibs()
101 
102 %global dc_viewlib_check;
103 
104 /**
105 * deal with invalid and duplicate library definitions
106 */
107 proc sort data=mm_getlibs;
108  by libraryref libraryname;
109 run;
110 
111 data mm_getlibs;
112  set mm_getlibs;
113  by libraryref;
114  if symget('dc_viewlib_check')='YES' then do;
115  /* note - invalid libraries can result in exception errors. If this happens,
116  configure the dc_viewlib_check variable to NO in Data Controller Settings
117  */
118  rc=libname(libraryref,,'meta',cats('library="',libraryname,'";'));
119  drop rc;
120  if rc ne 0 then do;
121  putlog "NOTE: Library " libraryname " does not exist!!";
122  putlog (_all_) (=);
123  delete;
124  end;
125  end;
126  if not first.libraryref then delete;
127 run;
128 
129 proc sort data=mm_getlibs out=saslibs;
130  by libraryname;
131 run;
132 
133 %mp_abort(iftrue= (&syscc ne 0)
134  ,mac=&_program..sas
135  ,msg=%str(syscc=&syscc)
136 )
137 
138 %webout(OPEN)
139 %webout(OBJ,saslibs)
140 %webout(CLOSE)
141 
142 %mpeterm()