chore: improving docs for mpe_accesscheck and adding a test for mpe_accesscheck
Build / Build-and-ng-test (pull_request) Successful in 1m27s Details

This commit is contained in:
Allan 2023-10-07 22:46:32 +01:00
parent e7ab2cc956
commit 5b06f4ede8
2 changed files with 95 additions and 24 deletions

View File

@ -6,18 +6,28 @@
MPE_SECURITY table. Alternatively, they may be in the &mpeadmins
group (which has full access to everything).
@param [in] base_table The base table to check for
@param [in] user= The user for which the access level should be returned. If
not provided, the mf_user() result is used instead.
@param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd.
Valid values:
@li EDIT
@li APPROVE
@li VIEW
@param [in] cntl_lib= (MPELIB) The name of a global macro variable that
contains the libref in which the MPE_SECURITY table is stored
@param [out] outds= (MED_ACCESSCHECK) Output WORK table containing all the
groups for which the user is granted the particular ACCESS_LEVEL.
<h4> SAS Macros </h4>
@li mp_abort.sas
@li mf_getuniquename.sas
@li mf_getuser.sas
@li mf_verifymacvars.sas
@li mp_dropmembers.sas
@li mpe_getgroups.sas
@param [in] base_table The base table to check for
@param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd
@param [out] outds= (MED_ACCESSCHECK) Output table containing all the groups
the user is a member of, which are granted the access_level requested.
<h4> Related Macros </h4>
@li mpe_accesscheck.test.sas
@version 9.2
@author 4GL Apps Ltd
@ -31,42 +41,36 @@
,outds=med_accesscheck /* WORK table to contain access details */
,user= /* metadata user to check for */
,access_level=APPROVE
,cntl_lib=MPELIB
);
%if &user= %then %let user=%mf_getuser();
%if %index(&outds,.) %then %do;
%local lib ds;
%let lib=%scan(&outds,1,.);
%let ds=%scan(&outds,2,.);
%if %upcase(&lib) ne WORK %then %do;
%mp_abort(msg=outds should be a WORK table
,mac=mpe_accesscheck);
%end;
%end;
%else %let ds=&outds;
%mp_abort(
iftrue=(%index(&outds,.)>0 and %upcase(%scan(&outds,1,.)) ne WORK)
,mac=mpe_accesscheck
,msg=%str(outds should be a WORK table)
)
%mp_abort(
iftrue=(%mf_verifymacvars(base_table user access_level)=0)
,mac=bitemporal_dataloader
,msg=%str(Missing base_table/user access_level)
,mac=mpe_accesscheck
,msg=%str(Missing base_table/user access_level variables)
)
/* ensure any existing table is dropped */
%mp_dropmembers(&ds)
/* make unique temp table vars */
%local tempds1 tempds2;
%let tempds1=%mf_getuniquename(prefix=usergroups);
%let tempds2=%mf_getuniquename(prefix=tablegroups);
/* get list of user groups */
%local tempds1;
%let tempds1=%mf_getuniquename(prefix=usergroups);
%mpe_getgroups(user=&user,outds=&tempds1)
/* get list of groups with access for that table */
%local tempds2;
%let tempds2=%mf_getuniquename(prefix=tablegroups);
proc sql;
create table &tempds2 as
select distinct sas_group
from &mpelib..mpe_security
from &&&cntl_lib...mpe_security
where &dc_dttmtfmt. lt tx_to
and access_level="&access_level"
and (

View File

@ -0,0 +1,67 @@
/**
@file
@brief Testing mpe_accesscheck macro
@details Checking functionality of mpe_accesscheck.sas macro
<h4> SAS Macros </h4>
@li mf_getuniquename.sas
@li mf_getuser.sas
@li mp_assertdsobs.sas
@li mpe_getgroups.sas
@li mpe_accesscheck.sas
@author 4GL Apps Ltd
@copyright 4GL Apps Ltd. This code may only be used within Data Controller
and may not be re-distributed or re-sold without the express permission of
4GL Apps Ltd.
**/
/* get the groups this user is actually a member of */
%mpe_getgroups(user=%mf_getuser(),outds=work.groups)
data _null_;
set work.groups;
call symputx('groupname',groupname);
run;
/* create demo MPE_SECURITY table */
data work.mpe_security;
if 0 then set &dc_libref..mpe_security;
do access_level='EDIT','APPROVE','VIEW';
LIBREF='SOMELIB';
DSN='SOMEDS';
sas_group="&groupname";
tx_from=0;
tx_to='31dec4999:23:59:59'dt;
output;
end;
run;
%mpe_accesscheck(
SOMELIB.SOMEDS
,outds=work.test1
,access_level=APPROVE
,cntl_lib=WORK
)
%mp_assertdsobs(work.test1,
desc=Test 1 - One record returned,
test=EQUALS 1,
outds=work.test_results
)
%mpe_accesscheck(
SOMELIB.INVALID
,outds=work.test2
,access_level=APPROVE
,cntl_lib=WORK
)
%mp_assertdsobs(work.test1,
desc=Test 12 - 0 records returned,
test=EQUALS 0,
outds=work.test_results
)