diff --git a/docs/column-level-security.md b/docs/column-level-security.md index b16a6a7..4cd2dc9 100644 --- a/docs/column-level-security.md +++ b/docs/column-level-security.md @@ -2,12 +2,9 @@ layout: article title: Column Level Security description: Column Level Security prevents end users from viewing or editing specific columns in SAS according to their group membership. -og_image: https://docs.datacontroller.io/img/rls_table.png +og_image: https://docs.datacontroller.io/img/cls_table.png --- -!!! warning - In development - coming soon! - # Column Level Security Column level security is implemented by mapping _allowed_ columns to a list of SAS groups. In VIEW mode, only allowed columns are visible. In EDIT mode, allowed columns are _editable_ - the remaining columns are read-only. @@ -28,14 +25,14 @@ When `CLS_SCOPE in ('VIEW','ALL')` then only the listed columns are _visible_ (u When `CLS_SCOPE in ('EDIT','ALL')` then only the listed columns are _editable_ (the remaining columns are read-only, and visible). Furthermore: * The user will be unable to ADD or DELETE records. -* Primary Key values are always read only +* Primary Key values are always read only * Primary Key values cannot be hidden (`CLS_HIDE=1` will have no effect) ### CLS_GROUP -The SAS Group to which the rule applies. The user could also be a member of a [DC group](/dcc-groups). +The SAS Group to which the rule applies. The user could also be a member of a [DC group](/dcc-groups). - - If a user is in ANY of the groups, the columns will be restricted. + - If a user is in ANY of the groups, the columns will be restricted. - If a user is in NONE of the groups, no restrictions apply (all columns available). - If a user is in MULTIPLE groups, they will see all allowed columns across all groups. @@ -46,7 +43,7 @@ The library of the target table against which the security rule will be applied The target table against which the security rule will be applied ### CLS_VARIABLE_NM -This is the name of the variable against which the security rule will be applied. Note that +This is the name of the variable against which the security rule will be applied. Note that ### CLS_ACTIVE If you would like this rule to be applied, be sure this value is set to 1. diff --git a/docs/dcc-tables.md b/docs/dcc-tables.md index 0491842..56779f1 100644 --- a/docs/dcc-tables.md +++ b/docs/dcc-tables.md @@ -73,9 +73,9 @@ Leave blank if not required. ### PRE_EDIT_HOOK -[Hook script](#hook-scripts) to execute _prior_ to an edit being made. This allows data to be modified before being presented for editing. +[Hook script](#hook-scripts) to execute _prior_ to an edit being made. This allows data to be modified before being presented for editing. -Leave blank if not required. +Leave blank if not required. SAS Developer Notes: @@ -117,7 +117,7 @@ SAS Developer Notes: ### POST_APPROVE HOOK -This [hook script](#hook-scripts) is `%inc`'d _after_ an approval is made. This is the most common type of hook script, and is useful for, say, running a SAS job after a mapping table is updated, or running a model after changing a parameter. +This [hook script](#hook-scripts) is `%inc`'d _after_ an approval is made. This is the most common type of hook script, and is useful for, say, running a SAS job after a mapping table is updated, or running a model after changing a parameter. Leave blank if not required. @@ -148,10 +148,16 @@ Not required, but recommended. For retained / surrogate keys, an auto-incrementing field is used to represent each unique record. In this case, the RK (integer) field itself should be added in the [BUSKEY](#buskey) column, and the natural / underlying key should be added here. Leave blank unless using retained / surrogate keys. -### HELPFUL_LINK +### AUDIT_LIBDS -If more information is available to describe the table being updated (eg on sharepoint), provide a url here and it will be made available to approvers. -Leave blank if not required. +If this field is blank (ie empty, missing), **every** change is captured in the [MPE_AUDIT](/tables/mpe_audit.md). This can result in large data volumes for frequently changing tables. + +Alternative options are: + +1. Enter a zero (`0`) to switch off audit logging completely +2. Enter a library.dataset reference of an alternative audit table in which to capture the change history. + +For option 2, the base table structure can be generated using this macro: [https://core.sasjs.io/mddl__dc__difftable_8sas_source.html](https://core.sasjs.io/mddl__dc__difftable_8sas_source.html). ## HOOK Scripts diff --git a/docs/img/cls_table.png b/docs/img/cls_table.png new file mode 100644 index 0000000..33d2353 Binary files /dev/null and b/docs/img/cls_table.png differ diff --git a/docs/tables/mpe_tables.md b/docs/tables/mpe_tables.md index 3890881..8d773d3 100644 --- a/docs/tables/mpe_tables.md +++ b/docs/tables/mpe_tables.md @@ -12,7 +12,7 @@ A more detailed breakdown of the columns / features is available in the [configu ## Columns - - `TX_FROM num`: SCD2 open datetime + - `TX_FROM num`: SCD2 open datetime - 🔑 `TX_TO num`: SCD2 close datetime - 🔑 `LIBREF char(8)`: SAS Libref (8 chars) - 🔑 `DSN char(64)`: The library member name @@ -33,4 +33,4 @@ A more detailed breakdown of the columns / features is available in the [configu - `SIGNOFF_HOOK char(200)`: Run SAS code after signoff. See [config](/dcc-tables/#signoff_hook) - `NOTES char(1000)`: Additional notes. See [config](/dcc-tables/#notes) - `RK_UNDERLYING char(1000)`: The key on which the retained key is generated. See [config](/dcc-tables/#rk_underlying) - - `HELPFUL_LINK char(300)`: URL to additional notes about the table. See [config](/dcc-tables/#helpful_link) \ No newline at end of file + - `AUDIT_LIBDS char(41)`: Configure alternative audit history tracking tables (or switch off audit history). See [config](/dcc-tables/#audit-libds)