INFOMAPS Procedure
- Syntax
Procedure SyntaxPROC INFOMAPS StatementCLOSE INFOMAP StatementDELETE IDENTITY_PROPERTY StatementDELETE INFOMAP StatementEXPORT StatementEXPORT LOCALIZABLE_PROPERTIES StatementIMPORT StatementIMPORT LOCALIZED_PROPERTIES StatementINSERT DATAITEM StatementINSERT DATASOURCE StatementINSERT FILTER StatementINSERT FOLDER StatementINSERT IDENTITY_PROPERTY StatementINSERT RELATIONSHIP StatementLIST StatementMOVE DATAITEM StatementMOVE FILTER StatementMOVE FOLDER StatementNEW INFOMAP StatementSAVE StatementSET ASSIGNED_FILTERS StatementSET STORED PROCESS StatementUPDATE CURRENT_INFOMAP StatementUPDATE DATAITEM StatementUPDATE DATASOURCE StatementUPDATE FILTER StatementUPDATE FOLDER StatementUPDATE INFOMAP StatementUPDATE MAP_PERMISSIONS StatementUPDATE RELATIONSHIP Statement - Overview
- Examples
UPDATE MAP_PERMISSIONS Statement
Changes the access permissions to the information
map and optionally assigns authorization-based prefilters for a specific
user or group.
| Note: | The UPDATE MAP_PERMISSIONS statement immediately updates the permissions settings for the information map when it is submitted. This is different from the other UPDATE statements in the INFOMAPS procedure, for which the specified changes are not stored until the information map is saved. |
Syntax
Form 1:
UPDATE MAP_PERMISSIONS GROUP="identity" permission-specification-1
<...permission-specification-n>;
<...permission-specification-n>;
Form 2:
UPDATE MAP_PERMISSIONS USER="identity" permission-specification-1
<...permission-specification-n>;
<...permission-specification-n>;
Required Arguments
- GROUP="identity"
- USER="identity"
- specifies the name of a group or user whose permissions to the information map are updated.
- permission-specification
- specifies the user’s or group’s access
permissions settings to the information map. The specification value
has the following forms:
- DENY (READ | READMETADATA | WRITEMETADATA)
-
denies the user or group one or more of the following access permissions to the information map.
READ sets the Read access permission for the information map. READMETADATA sets the ReadMetadata access permission for the information map. WRITEMETADATA sets the WriteMetadata access permission for the information map.
- GRANT (READ</CONDITION=(<data-source-filters-1<... data-source-filters-n>>)> | READMETADATA | WRITEMETADATA)
-
grants the user or group one or more access permissions to the information map. See the DENY option for descriptions of the permission values.When the READ option is specified, you can add the /CONDITION= option to assign authorization-based prefilters for the user or group. The data-source-filters values for the /CONDITION= option have the following form:"data-source-ID" (PREFILTERS=("filter-ID-1 <... "filter-ID-n">)
- data-source-ID
-
specifies the identifier of the data source to which the assigned filters are applied.
- filter-ID
-
specifies the identifier of a filter defined in the information map that is applied before the specified data source is used.
Notes:When the /CONDITION= option is used with the READ option, the Read permission for the user or group is granted immediately, but the specified filter assignments are not written to the information map until it is saved.When a Read permission is denied or removed for the user or group, any associated permission condition is deleted.
- REMOVE (READ | READMETADATA | WRITEMETADATA)
-
removes one or more access permissions to the information map for the specified user or group. See the DENY option for descriptions of the permission values.
See:For more information about metadata permissions, see “Introduction to Access Management” in SAS Management Console: Guide to Users and Permissions.
Details
Authorization-based
assigned prefilters are filters that are applied to queries by the
specified user or group that reference the data source with which
the filter is associated and to queries for which the associated data
source is marked as required. Prefilters are applied before the data
source is used by the specified user or group. These filters subset
the data in its associated data source before any other part of a
query is run. The generated query contains a subquery that ensures
that no data is consumed without the filter being applied.
Note: Assigned prefilters can also
be applied for all users of the information map. For more information
about assigning prefilters that apply to all users, see SET ASSIGNED_FILTERS Statement.
Example
/* For user "jsmith", grant both WRITEMETADATA and READ permissions */
/* and assign authorization-based prefilters to the identity. */
update map_permissions
user="jsmith"
grant(writemetadata
read/condition=("Customer"
(prefilters=("ageLessThan30" "FemaleOnly"))));
/* For group "PUBLIC", deny WRITEMETADATA permission and */
/* grant READMETADATA permission to the information map */
update map_permissions
group="PUBLIC"
deny (writemetadata)
grant(readmetadata);
/* Remove the READ permission of the identity "jsmith". Any */
/* permission condition associated with the READ permission */
/* is deleted and the identity resumes whatever permissions */
/* it obtains from group memberships or inheritance. */
update map_permissions user="jsmith" remove(read);