chore: automated commit

This commit is contained in:
munja 2022-07-09 23:35:24 +01:00
parent 60a51c94ba
commit 0acbd660f5
4 changed files with 19 additions and 16 deletions

View File

@ -2,12 +2,9 @@
layout: article layout: article
title: Column Level Security title: Column Level Security
description: Column Level Security prevents end users from viewing or editing specific columns in SAS according to their group membership. description: Column Level Security prevents end users from viewing or editing specific columns in SAS according to their group membership.
og_image: https://docs.datacontroller.io/img/rls_table.png og_image: https://docs.datacontroller.io/img/cls_table.png
--- ---
!!! warning
In development - coming soon!
# Column Level Security # Column Level Security
Column level security is implemented by mapping _allowed_ columns to a list of SAS groups. In VIEW mode, only allowed columns are visible. In EDIT mode, allowed columns are _editable_ - the remaining columns are read-only. Column level security is implemented by mapping _allowed_ columns to a list of SAS groups. In VIEW mode, only allowed columns are visible. In EDIT mode, allowed columns are _editable_ - the remaining columns are read-only.
@ -28,14 +25,14 @@ When `CLS_SCOPE in ('VIEW','ALL')` then only the listed columns are _visible_ (u
When `CLS_SCOPE in ('EDIT','ALL')` then only the listed columns are _editable_ (the remaining columns are read-only, and visible). Furthermore: When `CLS_SCOPE in ('EDIT','ALL')` then only the listed columns are _editable_ (the remaining columns are read-only, and visible). Furthermore:
* The user will be unable to ADD or DELETE records. * The user will be unable to ADD or DELETE records.
* Primary Key values are always read only * Primary Key values are always read only
* Primary Key values cannot be hidden (`CLS_HIDE=1` will have no effect) * Primary Key values cannot be hidden (`CLS_HIDE=1` will have no effect)
### CLS_GROUP ### CLS_GROUP
The SAS Group to which the rule applies. The user could also be a member of a [DC group](/dcc-groups). The SAS Group to which the rule applies. The user could also be a member of a [DC group](/dcc-groups).
- If a user is in ANY of the groups, the columns will be restricted. - If a user is in ANY of the groups, the columns will be restricted.
- If a user is in NONE of the groups, no restrictions apply (all columns available). - If a user is in NONE of the groups, no restrictions apply (all columns available).
- If a user is in MULTIPLE groups, they will see all allowed columns across all groups. - If a user is in MULTIPLE groups, they will see all allowed columns across all groups.
@ -46,7 +43,7 @@ The library of the target table against which the security rule will be applied
The target table against which the security rule will be applied The target table against which the security rule will be applied
### CLS_VARIABLE_NM ### CLS_VARIABLE_NM
This is the name of the variable against which the security rule will be applied. Note that This is the name of the variable against which the security rule will be applied. Note that
### CLS_ACTIVE ### CLS_ACTIVE
If you would like this rule to be applied, be sure this value is set to 1. If you would like this rule to be applied, be sure this value is set to 1.

View File

@ -73,9 +73,9 @@ Leave blank if not required.
### PRE_EDIT_HOOK ### PRE_EDIT_HOOK
[Hook script](#hook-scripts) to execute _prior_ to an edit being made. This allows data to be modified before being presented for editing. [Hook script](#hook-scripts) to execute _prior_ to an edit being made. This allows data to be modified before being presented for editing.
Leave blank if not required. Leave blank if not required.
SAS Developer Notes: SAS Developer Notes:
@ -117,7 +117,7 @@ SAS Developer Notes:
### POST_APPROVE HOOK ### POST_APPROVE HOOK
This [hook script](#hook-scripts) is `%inc`'d _after_ an approval is made. This is the most common type of hook script, and is useful for, say, running a SAS job after a mapping table is updated, or running a model after changing a parameter. This [hook script](#hook-scripts) is `%inc`'d _after_ an approval is made. This is the most common type of hook script, and is useful for, say, running a SAS job after a mapping table is updated, or running a model after changing a parameter.
Leave blank if not required. Leave blank if not required.
@ -148,10 +148,16 @@ Not required, but recommended.
For retained / surrogate keys, an auto-incrementing field is used to represent each unique record. In this case, the RK (integer) field itself should be added in the [BUSKEY](#buskey) column, and the natural / underlying key should be added here. For retained / surrogate keys, an auto-incrementing field is used to represent each unique record. In this case, the RK (integer) field itself should be added in the [BUSKEY](#buskey) column, and the natural / underlying key should be added here.
Leave blank unless using retained / surrogate keys. Leave blank unless using retained / surrogate keys.
### HELPFUL_LINK ### AUDIT_LIBDS
If more information is available to describe the table being updated (eg on sharepoint), provide a url here and it will be made available to approvers. If this field is blank (ie empty, missing), **every** change is captured in the [MPE_AUDIT](/tables/mpe_audit.md). This can result in large data volumes for frequently changing tables.
Leave blank if not required.
Alternative options are:
1. Enter a zero (`0`) to switch off audit logging completely
2. Enter a library.dataset reference of an alternative audit table in which to capture the change history.
For option 2, the base table structure can be generated using this macro: [https://core.sasjs.io/mddl__dc__difftable_8sas_source.html](https://core.sasjs.io/mddl__dc__difftable_8sas_source.html).
## HOOK Scripts ## HOOK Scripts

BIN
docs/img/cls_table.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 333 KiB

View File

@ -12,7 +12,7 @@ A more detailed breakdown of the columns / features is available in the [configu
## Columns ## Columns
- `TX_FROM num`: SCD2 open datetime - `TX_FROM num`: SCD2 open datetime
- 🔑 `TX_TO num`: SCD2 close datetime - 🔑 `TX_TO num`: SCD2 close datetime
- 🔑 `LIBREF char(8)`: SAS Libref (8 chars) - 🔑 `LIBREF char(8)`: SAS Libref (8 chars)
- 🔑 `DSN char(64)`: The library member name - 🔑 `DSN char(64)`: The library member name
@ -33,4 +33,4 @@ A more detailed breakdown of the columns / features is available in the [configu
- `SIGNOFF_HOOK char(200)`: Run SAS code after signoff. See [config](/dcc-tables/#signoff_hook) - `SIGNOFF_HOOK char(200)`: Run SAS code after signoff. See [config](/dcc-tables/#signoff_hook)
- `NOTES char(1000)`: Additional notes. See [config](/dcc-tables/#notes) - `NOTES char(1000)`: Additional notes. See [config](/dcc-tables/#notes)
- `RK_UNDERLYING char(1000)`: The key on which the retained key is generated. See [config](/dcc-tables/#rk_underlying) - `RK_UNDERLYING char(1000)`: The key on which the retained key is generated. See [config](/dcc-tables/#rk_underlying)
- `HELPFUL_LINK char(300)`: URL to additional notes about the table. See [config](/dcc-tables/#helpful_link) - `AUDIT_LIBDS char(41)`: Configure alternative audit history tracking tables (or switch off audit history). See [config](/dcc-tables/#audit-libds)