From 5b06f4ede855e2192341a39ba8438fdaa29603bf Mon Sep 17 00:00:00 2001 From: Allan Date: Sat, 7 Oct 2023 22:46:32 +0100 Subject: [PATCH] chore: improving docs for mpe_accesscheck and adding a test for mpe_accesscheck --- sas/sasjs/macros/mpe_accesscheck.sas | 52 ++++++++++-------- sas/sasjs/macros/mpe_accesscheck.test.sas | 67 +++++++++++++++++++++++ 2 files changed, 95 insertions(+), 24 deletions(-) create mode 100644 sas/sasjs/macros/mpe_accesscheck.test.sas diff --git a/sas/sasjs/macros/mpe_accesscheck.sas b/sas/sasjs/macros/mpe_accesscheck.sas index d09a294..63f9ca2 100755 --- a/sas/sasjs/macros/mpe_accesscheck.sas +++ b/sas/sasjs/macros/mpe_accesscheck.sas @@ -6,18 +6,28 @@ MPE_SECURITY table. Alternatively, they may be in the &mpeadmins group (which has full access to everything). + @param [in] base_table The base table to check for + @param [in] user= The user for which the access level should be returned. If + not provided, the mf_user() result is used instead. + @param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd. + Valid values: + @li EDIT + @li APPROVE + @li VIEW + @param [in] cntl_lib= (MPELIB) The name of a global macro variable that + contains the libref in which the MPE_SECURITY table is stored + @param [out] outds= (MED_ACCESSCHECK) Output WORK table containing all the + groups for which the user is granted the particular ACCESS_LEVEL. +

SAS Macros

@li mp_abort.sas @li mf_getuniquename.sas @li mf_getuser.sas @li mf_verifymacvars.sas - @li mp_dropmembers.sas @li mpe_getgroups.sas - @param [in] base_table The base table to check for - @param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd - @param [out] outds= (MED_ACCESSCHECK) Output table containing all the groups - the user is a member of, which are granted the access_level requested. +

Related Macros

+ @li mpe_accesscheck.test.sas @version 9.2 @author 4GL Apps Ltd @@ -31,42 +41,36 @@ ,outds=med_accesscheck /* WORK table to contain access details */ ,user= /* metadata user to check for */ ,access_level=APPROVE + ,cntl_lib=MPELIB ); %if &user= %then %let user=%mf_getuser(); - %if %index(&outds,.) %then %do; - %local lib ds; - %let lib=%scan(&outds,1,.); - %let ds=%scan(&outds,2,.); - %if %upcase(&lib) ne WORK %then %do; - %mp_abort(msg=outds should be a WORK table - ,mac=mpe_accesscheck); - %end; - %end; - %else %let ds=&outds; + %mp_abort( + iftrue=(%index(&outds,.)>0 and %upcase(%scan(&outds,1,.)) ne WORK) + ,mac=mpe_accesscheck + ,msg=%str(outds should be a WORK table) + ) %mp_abort( iftrue=(%mf_verifymacvars(base_table user access_level)=0) - ,mac=bitemporal_dataloader - ,msg=%str(Missing base_table/user access_level) + ,mac=mpe_accesscheck + ,msg=%str(Missing base_table/user access_level variables) ) - /* ensure any existing table is dropped */ - %mp_dropmembers(&ds) + /* make unique temp table vars */ + %local tempds1 tempds2; + %let tempds1=%mf_getuniquename(prefix=usergroups); + %let tempds2=%mf_getuniquename(prefix=tablegroups); /* get list of user groups */ - %local tempds1; - %let tempds1=%mf_getuniquename(prefix=usergroups); %mpe_getgroups(user=&user,outds=&tempds1) /* get list of groups with access for that table */ - %local tempds2; - %let tempds2=%mf_getuniquename(prefix=tablegroups); proc sql; create table &tempds2 as select distinct sas_group - from &mpelib..mpe_security + from &&&cntl_lib...mpe_security where &dc_dttmtfmt. lt tx_to and access_level="&access_level" and ( diff --git a/sas/sasjs/macros/mpe_accesscheck.test.sas b/sas/sasjs/macros/mpe_accesscheck.test.sas new file mode 100644 index 0000000..3b39845 --- /dev/null +++ b/sas/sasjs/macros/mpe_accesscheck.test.sas @@ -0,0 +1,67 @@ +/** + @file + @brief Testing mpe_accesscheck macro + @details Checking functionality of mpe_accesscheck.sas macro + + +

SAS Macros

+ @li mf_getuniquename.sas + @li mf_getuser.sas + @li mp_assertdsobs.sas + @li mpe_getgroups.sas + @li mpe_accesscheck.sas + + + @author 4GL Apps Ltd + @copyright 4GL Apps Ltd. This code may only be used within Data Controller + and may not be re-distributed or re-sold without the express permission of + 4GL Apps Ltd. + +**/ + +/* get the groups this user is actually a member of */ +%mpe_getgroups(user=%mf_getuser(),outds=work.groups) + +data _null_; + set work.groups; + call symputx('groupname',groupname); +run; + +/* create demo MPE_SECURITY table */ +data work.mpe_security; + if 0 then set &dc_libref..mpe_security; + do access_level='EDIT','APPROVE','VIEW'; + LIBREF='SOMELIB'; + DSN='SOMEDS'; + sas_group="&groupname"; + tx_from=0; + tx_to='31dec4999:23:59:59'dt; + output; + end; +run; + + +%mpe_accesscheck( + SOMELIB.SOMEDS + ,outds=work.test1 + ,access_level=APPROVE + ,cntl_lib=WORK +) +%mp_assertdsobs(work.test1, + desc=Test 1 - One record returned, + test=EQUALS 1, + outds=work.test_results +) + +%mpe_accesscheck( + SOMELIB.INVALID + ,outds=work.test2 + ,access_level=APPROVE + ,cntl_lib=WORK +) +%mp_assertdsobs(work.test1, + desc=Test 12 - 0 records returned, + test=EQUALS 0, + outds=work.test_results +) +