Reputation: 1666
User of stored process, which variable to use?
When i look in a SAS log, there are 4 different Variables to grab User:
_METAPERSON
_METAUSER
_SECUREUSERNAME
_USERNAME
When i check the log, all 4 variables have the same value when i execute the process. So i builded a process which checked _Metauser for some specific user, so that only the users i wanted could do something. But a colleague of me had the problem that in the variable was not the username stored for him when he called the process, but username@Context. In the other 3 variables, there was only username stored for him, so maybe i can change to one of them. I can not use Metauser, because for some persons there could be an @Context after username.
No i have the problem, which variable to use? What is the difference between the 4 variables? Which to use, to be sure that i only (and always) get the pure username, no matter from where and which programm/Version the User is calling the process?
- At the moment i use Sas 9.3 and run the process via webservice
- I switched to SECUREUSERNAME for now, but i am not sure if this can make problems for other users, at the moment only 3 work with this process, but there will be a lot more soon
- Our authorization concept is based on metadata, so i think maybe i should use _Metaperson...
Upvotes: 5
Views: 1100
Answers (3)
Reputation: 12701
From testing in a Stored Process session, 9.2 (windows) environment with SSO:
OS username (in my case, my windows ID)
- _METAUSER (when signing in with OS login, eg with SSO, see @Vasilij Nevlev comment in accepted answer)
- _SECUREUSERNAME
SAS username (in metadata)
- _METAPERSON - Specifies the person metadata name that is associated with the _METAUSER login variable. Not sure how this can be unknown, as SMC won't let you enter a blank value.. (anonymous web user is webanon)
- _USERNAME - definitely the username as you can use this along with _password in the URL to bypass the SAS login screen.
Upvotes: 1
Reputation: 1062
I am using _METAUSER. Now, our systems are set up with SSO, so the username is always without the "@". I have used it without SSO as well, but then I had to use %scan(&_METAUSER,1,@) to strip away the @context part.
Upvotes: 1
Reputation: 1449
The _SECUREUSERNAME macro variable is created when the application server executes a Stored Process. The value of _SECUREUSERNAME contains the client identity and this value will be written into the _USERNAME macro variable if _USERNAME doesn't already contain a value. Under most circumstances, the value of _SECUREUSERNAME will be the same as _USERNAME
_USERNAME Specifies the value for the user name obtained from Web client authentication.
_METAPERSON Specifies the Person metadata name that is associated with the _METAUSER login variable. The value of this variable can be UNKNOWN. This variable cannot be modified by the client.
_METAUSER Specifies the login username that is used to connect to the metadata server. This variable cannot be modified by the client.
There is no easy answer to your question, because it depends on your set up. Do your users have to login by using Metaserver? Is your code always accessed using the WebService? User IDs, what are they, are they ID from AD? Is Single-Sign-On (SSO) enabled? How are the IDs configured on SAS? Do people use Trusted Users to connect?
Regards, Vasilij
Upvotes: 4
Related Questions
- How can we pass variable in oscmd command in sas
- Problems with reserved field name 'user' in SAS Proc SQL
- Determining Server Context (Workspace Server vs Stored Process Server)
- Sas process sql
- Fetch user id from SAS metadata server
- XML Syntax for SAS Stored Process
- Macro variable in sas stored process
- How to get ID of stored process?
- where data get stored in sas by using stored process. using local server(work space) option
- How do I obtain the current Windows logon/user id from within Base SAS?