Allan
a00d31caf3
All checks were successful
Build / Build-and-ng-test (pull_request) Successful in 1m23s
adding frontend validation rule, backend upcase enforcement rule, and modification to service code to ensure values are upcased before comparison
96 lines
2.7 KiB
SAS
Executable File
96 lines
2.7 KiB
SAS
Executable File
/**
|
|
@file
|
|
@brief Checks group access level for a table or library
|
|
@details In order for a user to be able to EDIT or APPROVE a table they must
|
|
be in a group that has been granted access to that table in the
|
|
MPE_SECURITY table. Alternatively, they may be in the &mpeadmins
|
|
group (which has full access to everything).
|
|
|
|
<h4> SAS Macros </h4>
|
|
@li mp_abort.sas
|
|
@li mf_getuser.sas
|
|
@li mf_verifymacvars.sas
|
|
@li mp_dropmembers.sas
|
|
@li mpe_getgroups.sas
|
|
|
|
@param [in] base_table The base table to check for
|
|
@param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd
|
|
@param [out] outds= (MED_ACCESSCHECK) Output table containing all the groups
|
|
the user is a member of, which are granted the access_level requested.
|
|
|
|
@version 9.2
|
|
@author 4GL Apps Ltd
|
|
@copyright 4GL Apps Ltd. This code may only be used within Data Controller
|
|
and may not be re-distributed or re-sold without the express permission of
|
|
4GL Apps Ltd.
|
|
**/
|
|
|
|
%macro mpe_accesscheck(
|
|
base_table
|
|
,outds=med_accesscheck /* WORK table to contain access details */
|
|
,user= /* metadata user to check for */
|
|
,access_level=APPROVE
|
|
);
|
|
|
|
%if &user= %then %let user=%mf_getuser();
|
|
|
|
%if %index(&outds,.) %then %do;
|
|
%local lib ds;
|
|
%let lib=%scan(&outds,1,.);
|
|
%let ds=%scan(&outds,2,.);
|
|
%if %upcase(&lib) ne WORK %then %do;
|
|
%mp_abort(msg=outds should be a WORK table
|
|
,mac=mpe_accesscheck);
|
|
%end;
|
|
%end;
|
|
%else %let ds=&outds;
|
|
|
|
%mp_abort(
|
|
iftrue=(%mf_verifymacvars(base_table user access_level)=0)
|
|
,mac=bitemporal_dataloader
|
|
,msg=%str(Missing base_table/user access_level)
|
|
)
|
|
|
|
/* ensure any existing table is dropped */
|
|
%mp_dropmembers(&ds)
|
|
|
|
/* get list of user groups */
|
|
%local tempds1;
|
|
%let tempds1=%mf_getuniquename(prefix=usergroups);
|
|
%mpe_getgroups(user=&user,outds=&tempds1)
|
|
|
|
/* get list of groups with access for that table */
|
|
%local tempds2;
|
|
%let tempds2=%mf_getuniquename(prefix=tablegroups);
|
|
proc sql;
|
|
create table &tempds2 as
|
|
select distinct sas_group
|
|
from &mpelib..mpe_security
|
|
where &dc_dttmtfmt. lt tx_to
|
|
and access_level="&access_level"
|
|
and (
|
|
(libref="%scan(&base_table,1,.)" and upcase(dsn)="%scan(&base_table,2,.)")
|
|
or (libref="%scan(&base_table,1,.)" and dsn="*ALL*")
|
|
or (libref="*ALL*")
|
|
);
|
|
%if &_debug ge 131 %then %do;
|
|
data _null_;
|
|
set &tempds1;
|
|
putlog (_all_)(=);
|
|
run;
|
|
data _null_;
|
|
set &tempds2;
|
|
putlog (_all_)(=);
|
|
run;
|
|
%end;
|
|
|
|
proc sql;
|
|
create table &outds as
|
|
select * from &tempds1
|
|
where groupname="&mpeadmins"
|
|
or groupname in (select * from &tempds2);
|
|
|
|
%put &sysmacroname: base_table=&base_table;
|
|
%put &sysmacroname: access_level=&access_level;
|
|
%mend mpe_accesscheck;
|