From 12d2837450649dacd0c6b01c35509ead6e934233 Mon Sep 17 00:00:00 2001
From: Allan Bowe <>
Date: Tue, 18 Jun 2019 22:37:36 +0200
Subject: [PATCH] docs: updating security config

---
 docs/dcc-security.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/dcc-security.md b/docs/dcc-security.md
index 28c1920..2e51d3c 100644
--- a/docs/dcc-security.md
+++ b/docs/dcc-security.md
@@ -14,3 +14,29 @@ For guidance with adding SAS users, see [SAS Documentation](http://support.sas.c
 In order to surface a table to a new group, simply add a record to the `DATACTRL.MPE_SECURITY` table.  The `library.dataset` value should go in the `BASE_TABLE` field, the level of access (either _EDIT_ or _APPROVE_) should go in the `ACCESS_LEVEL` field, and the exact name of the relevant metadata group should go in the `SAS_GROUP` field.  The change should then be submitted, and approved, at which point the new security setting will be applied.
 
 ![Screenshot](img/securitytable.png)
+
+## EDIT vs APPROVE
+
+The `EDIT` permission determines which groups will be able to upload CSVs and submit changes via the web interface for that table.  The `APPROVE` permission determines which groups will be able to approve those changes, and hence enable the target table to be loaded.  If you wish to have members of a particular group both edit AND approve, then two lines (one for each group) must be entered, per table.
+
+
+## Determining Group Members
+
+Before adding a group to Data Controller, it helps to know the members of that group!  The following options are available:
+
+1 - Use SAS Management Console
+
+2 - Deploy the [Boemska User Navigator](https://github.com/Boemska/user-navigator)
+
+3 - Use Code
+
+The "code" option can be performed as follows:
+
+```
+/* get macro library */
+filename mc url "https://raw.githubusercontent.com/Boemska/macrocore/master/macrocore.sas";
+%inc mc;
+/* call macro */
+%mm_getgroupmembers(YOURGROUPNAME)
+/* the above will create a dataset containing the group members */
+```
\ No newline at end of file