Module UserService

Macros to create and manipulate user accounts in the system.

Since: 2.1

Macro Summary
external

LSAF
%lsaf_createuser(lsaf_userid=, lsaf_displayname=, lsaf_email=, lsaf_accounttype=, lsaf_password=, lsaf_firstname=, lsaf_lastname=, lsaf_department=, lsaf_phone=);
Creates a user account.
external

LSAF
%lsaf_deleteuser(lsaf_userid=);
Deletes a user account.
external

LSAF
%lsaf_encryptpassword(lsaf_password=);
Encrypts the password for a user account.
external

LSAF
%lsaf_getallusers(sas_dsname=work.lsafGetAllUsers);
Gets the metadata for all of the user accounts that are defined. The metadata is stored in a ...
external

LSAF
%lsaf_getuserauthproviders(sas_dsname=work.lsafGetUserAuthProviders);
Gets all of the user authentication providers available to the system. The providers are stored ...
external

LSAF
%lsaf_getuserlicensetypes(sas_dsname=work.lsafGetUserLicenseTypes);
Gets all of the user license types that are defined. The types are stored in a SAS data set.
external

LSAF
%lsaf_getuserproperties(lsaf_userid=, sas_dsname=work.lsafGetUserProperties);
Gets all of the properties for the specified user. The properties are stored in a SAS data set.
external

LSAF
%lsaf_isuserlocked(lsaf_userid=);
Indicates whether a user account is locked.
external

LSAF
%lsaf_lockuser(lsaf_userid=);
Locks a user account.
external

LSAF
%lsaf_resetpassword(lsaf_userid=, lsaf_newpassword=);
Resets the password for a user account.
external

LSAF
%lsaf_setuserdefaultauthenticator(lsaf_userid=, lsaf_password=);
Sets the default authenticator for a user account.
external

LSAF
%lsaf_setuserextauthenticator(lsaf_userid=, lsaf_authenticatorid=, lsaf_authenticatorname=);
Sets the external authenticator for the user account. To change a user account back to a ...
external

LSAF
%lsaf_unlockuser(lsaf_userid=);
Unlocks a user account.
external

LSAF
%lsaf_updateuserinfo(lsaf_userid=, lsaf_displayname=_lsaf_updateuser_donotupdate_, lsaf_email=_lsaf_updateuser_donotupdate_, lsaf_accounttype=_lsaf_updateuser_donotupdate_, lsaf_firstname=_lsaf_updateuser_donotupdate_, lsaf_lastname=_lsaf_updateuser_donotupdate_, lsaf_department=_lsaf_updateuser_donotupdate_, lsaf_phone=_lsaf_updateuser_donotupdate_);
Updates the general user account information.

Deprecated. Replaced by lsaf_updateuserproperties in this release, and will be deprecated in future release. *;
external

LSAF
%lsaf_updateuserproperties(lsaf_userid=, sas_dsname=);
Updates the editable properties of a user account using a SAS data set as input.
external

LSAF
%lsaf_userexists(lsaf_userid=);
Indicates whether a user account exists.

Macro Detail

%lsaf_createuser(lsaf_userid=, lsaf_displayname=, lsaf_email=, lsaf_accounttype=, lsaf_password=, lsaf_firstname=, lsaf_lastname=, lsaf_department=, lsaf_phone=);

[ Exposure: external ]
Creates a user account.

Syntax:
%LSAF_CREATEUSER(LSAF_USERID=lsaf-userid, LSAF_DISPLAYNAME=lsaf-displayname,
LSAF_EMAIL=lsaf-email, LSAF_ACCOUNTTYPE=lsaf-accounttype, LSAF_PASSWORD=lsaf-password,
<, LSAF_FIRSTNAME=lsaf-firstname, LSAF_LASTNAME=lsaf-lastname,
LSAF_DEPARTMENT=lsaf-department,LSAF_PHONE=lsaf-phone>);

          
History:
   2013-10-30
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The user identifier of the account.
lsaf_displayname - - Required - The display name of the account.
lsaf_email - - Required - The email address of the account.
lsaf_accounttype - - Required - The account type. Valid values:
        - INTERACTIVE
        - NON_INTERACTIVE
        Default: None
lsaf_password - - Required - The password for the account.
lsaf_firstname - - Optional - The first name of the user for the account.
lsaf_lastname - - Optional - The last name of the user for the account.
lsaf_department - - Optional - The business unit for the account.
lsaf_phone - - Optional - The phone number of the user for the account.
File: lsaf_createuser.sas
First available in version: 1.3

%lsaf_deleteuser(lsaf_userid=);

[ Exposure: external ]
Deletes a user account.

Users who have logged in are not eligible for deletion and can only be deactivated.

Syntax:
%LSAF_DELETEUSER(LSAF_USERID=lsaf-userid);

          
History:
   2013-10-30
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The user identifier of the account.
File: lsaf_deleteuser.sas
First available in version: 1.3

%lsaf_encryptpassword(lsaf_password=);

[ Exposure: external ]
Encrypts the password for a user account.

The returned encrypted password can be used as a valid password to log in to SAS Life
Science Analytics Framework. The encrypted password is invalid for the user interface log in
to SAS Life Science Analytics Framework. The value of the encrypted password is written to
the SAS log file.

Syntax:
%LSAF_ENCRYPTPASSWORD(LSAF_PASSWORD=lsaf-password);

          
History:
   2016-09-26
initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_password - - Required - The password.
File: lsaf_encryptpassword.sas
First available in version: 1.5

%lsaf_getallusers(sas_dsname=work.lsafGetAllUsers);

[ Exposure: external ]
Gets the metadata for all of the user accounts that are defined. The metadata is stored in a
SAS data set.

Syntax:
%LSAF_GETALLUSERS(<,SAS_DSNAME=SAS-data-set>);

          
History:
   2013-10-30
initial coding
   2016-08-26
rebrand as LSAF
   2016-12-07
added account license type
   2019-11-01
update to handle a blank SAS output file.
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
sas_dsname - - Optional - The name of the output SAS data set to contain the metadata
        for the users, specified as libref.dataset. The default value is
        WORK.LSAFGETALLUSERS. The data set contains a row for each user, sorted by the user
        ID, and columns with the following names:
        - userId: The unique login identifier for the account.
        - displayName: The display name for the account.
        - firstName: The first name of the user.
        - lastName: The last name of the user.
        - email: The email address for the user.
        - department: The business unit for the user.
        - phone: The phone number for the user.
        - isAccountActive: Indicates whether the account is active. Valid values:
        0=no, 1=yes.
        - accountLicenseType: The account license type.
        - isAccountLocked: Indicates whether the account is locked. Valid values:
        0=no, 1=yes.
        - accountActivationDate: The date on which the account becomes active, represented
        in Character format.
        - accountDeactivationDate: The date on which the account becomes inactive,
        represented in Character format.
        - accountLockedBy: The user identifier of the user who locked the account.
        - accountLockedDate: The date on which the account was locked, represented
        in Character format.
        - accountType: The type of account. Valid values: INTERACTIVE and NON_INTERACTIVE.
        - lastLogin: The date on which the account was last logged on to, represented in
        Character format.
        - loginAttempts: The current number of failed login attempts that are associated
        with the account. If the number exceeds the configured threshold, this account is
        locked. The counter is reset after a successful login.
        - passwordCreated: The date on which the current password was created, represented
        in Character format.
        - passwordExpiration: The date on which the current password expires, represented
        in Character format.
        - isPasswordExpired: Indicates whether the password has expired. Valid value:
        0=no, 1=yes.
        - dateAccountActivation: The date on which the account becomes active, represented
        in SAS DateTime format.
        - dateAccountDeactivation: The date on which the account becomes inactive,
        represented in SAS DateTime format.
        - dateAccountLocked: The date on which the account was locked, represented in
        SAS DateTime format.
        - dateLastLogin: The date on which the account was last logged on to, represented
        in SAS DateTime format.
        - datePasswordCreated: The date on which the current password was created,
        represented in SAS DateTime format.
        - datePasswordExpiration: The date on which the current password expires,
        represented in SAS DateTime format.
File: lsaf_getallusers.sas
First available in version: 1.3

%lsaf_getuserauthproviders(sas_dsname=work.lsafGetUserAuthProviders);

[ Exposure: external ]
Gets all of the user authentication providers available to the system. The providers are stored
in a SAS data set.

Syntax:
%LSAF_GETUSERAUTHPROVIDERS(<SAS_DSNAME=SAS-data-set>);

          
History:
   2019-12-11
initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
sas_dsname - - Optional - The name of the output SAS data set to contain the authentication
        providers, specified as libref.dataset. The default value is
        WORK.LSAFGETUSERAUTHPROVIDERS.
        The data set is sorted by name and contains the following columns:
        - providerId: The unique identifier of the authentication provider.
        - name: The name of the authentication provider.
        - description: The description of the authentication provider.
        - isPrimary: Indicates whether this is the primary authentication provider.
File: lsaf_getuserauthproviders.sas
First available in version: 2.3

%lsaf_getuserlicensetypes(sas_dsname=work.lsafGetUserLicenseTypes);

[ Exposure: external ]
Gets all of the user license types that are defined. The types are stored in a SAS data set.

Syntax:
%LSAF_GETUSERLICENSETYPES(<SAS_DSNAME=SAS-data-set>);

          
History:
   2019-12-11
initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
sas_dsname - - Optional - The name of the output SAS data set to contain the user license
        types, specified as libref.dataset. The default value is WORK.LSAFGETLICENSETYPES.
        The data set is sorted by name and contains the following columns:
        - licenseId: The unique identifier of the license.
        - name: The name of the license.
        - description: The description of the license.
File: lsaf_getuserlicensetypes.sas
First available in version: 2.3

%lsaf_getuserproperties(lsaf_userid=, sas_dsname=work.lsafGetUserProperties);

[ Exposure: external ]
Gets all of the properties for the specified user. The properties are stored in a SAS data set.

Syntax:
%LSAF_GETUSERPROPERTIES(LSAF_USERID=lsaf-userid <,SAS_DSNAME=SAS-data-set>);

          
History:
   2019-12-10
initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The identifier of the user.
sas_dsname - - Optional - The name of the output SAS data set to contain the properties
        for the user, specified as libref.dataset. The default value is
        WORK.LSAFGETUSERPROPERTIES. The data set is sorted by name and contains the
        following columns:
        - userId: The unique login identifier for the user.
        - name: The name of the property.
        - value: The value of the property.
        - displayName: The name of the property as displayed as a label within SAS Life
        Science Analytics Framework.
        - type: The type of the property. Valid values: STRING, DATE, and BOOLEAN.
        - isReadonly: Indicates whether the property cannot be modified. Valid values:
        - 0: No.
        - 1: Yes.
        - isExtended: Indicates whether the property is an extended attribute. Valid values:
        - 0: No.
        - 1: Yes.
        - isRequired: Indicates whether the property is required. Valid values:
        - 0: No.
        - 1: Yes.
File: lsaf_getuserproperties.sas
First available in version: 2.3

%lsaf_isuserlocked(lsaf_userid=);

[ Exposure: external ]
Indicates whether a user account is locked.

The SAS macro variable _lsafIsUserLocked_ is set to a value of 1, if the user is locked,
0, if it is not. In the event of an incorrect call to the macro that results in an error,
the return value of _lsafIsUserLocked_ is set to -1.

Syntax:
%LSAF_ISUSERLOCKED(LSAF_USEDID=lsaf-userid);

          
History:
   2019-12-16
initial coding
Expected Macro Variables:
_lsafIsUserLocked_ - Indicates whether the user account is locked.
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The unique identifier of the user account.
File: lsaf_isuserlocked.sas
First available in version: 2.3

%lsaf_lockuser(lsaf_userid=);

[ Exposure: external ]
Locks a user account.

The person who runs the macro must have the user account privilege Manage User Accounts.

Syntax:
%LSAF_LOCKUSER(LSAF_USERID=lsaf-userid);

          
History:
   2014-3-19
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The user identifier of the user account.
File: lsaf_lockuser.sas
First available in version: 1.4

%lsaf_resetpassword(lsaf_userid=, lsaf_newpassword=);

[ Exposure: external ]
Resets the password for a user account.

The person who runs the macro must have the user account privilege Manage User Accounts.
After the password has been successfully reset, the user can immediately log on with the new
password. But, the user is required to immediately change the password so that the password
remains known only to the user.

Syntax:
%LSAF_RESETPASSWORD(LSAF_USERID=lsaf-userid, LSAF_NEWPASSWORD=lsaf-password);

          
History:
   2013-11-04
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The user identifier of the account.
lsaf_newpassword - - Required - The new, temporary password.
File: lsaf_resetpassword.sas
First available in version: 1.3

%lsaf_setuserdefaultauthenticator(lsaf_userid=, lsaf_password=);

[ Exposure: external ]
Sets the default authenticator for a user account.

Syntax:
%LSAF_SETUSERDEFAULTAUTHENTICATOR(LSAF_USERID=lsaf-userid, LSAF_PASSWORD=lsaf-password);

          
History:
   2019-12-16
Initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The unique identifier of the user account.
lsaf_password - - Required - The unique password for the user account that overwrites the
        existing password. Valid password rules are enforced for this parameter.
File: lsaf_setuserdefaultauthenticator.sas
First available in version: 2.3

%lsaf_setuserextauthenticator(lsaf_userid=, lsaf_authenticatorid=, lsaf_authenticatorname=);

[ Exposure: external ]
Sets the external authenticator for the user account. To change a user account back to a
default state, call the %lsaf_setuserdefaultauthenticator macro.

Syntax:
%LSAF_SETUSEREXTAUTHENTICATOR(LSAF_USERID=lsaf-userid,
LSAF_AUTHENTICATORID=lsaf-authenticatorid,
<LSAF_AUTHENTICATORNAME=lsaf-authenticatorname>);

          
History:
   2019-12-16
Initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The unique identifier of the user account.
lsaf_authenticatorid - - Required - The unique identifier of the external authenticator.
        This value can be retrieved by calling the lsaf_getuserauthproviders macro.
lsaf_authenticatorname - - Optional - The user name known to the external authenticator.
File: lsaf_setuserextauthenticator.sas
First available in version: 2.3

%lsaf_unlockuser(lsaf_userid=);

[ Exposure: external ]
Unlocks a user account.

The person who runs the macro must have the user account privilege Manage User Accounts.

Syntax:
%LSAF_UNLOCKUSER(LSAF_USERID=lsaf-userid);

          
History:
   2014-3-19
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The user identifier of the user account.
File: lsaf_unlockuser.sas
First available in version: 1.4

%lsaf_updateuserinfo(lsaf_userid=, lsaf_displayname=_lsaf_updateuser_donotupdate_, lsaf_email=_lsaf_updateuser_donotupdate_, lsaf_accounttype=_lsaf_updateuser_donotupdate_, lsaf_firstname=_lsaf_updateuser_donotupdate_, lsaf_lastname=_lsaf_updateuser_donotupdate_, lsaf_department=_lsaf_updateuser_donotupdate_, lsaf_phone=_lsaf_updateuser_donotupdate_);

[ Exposure: external ]

Deprecated. Replaced by lsaf_updateuserproperties in this release, and will be deprecated in future release. *;

Updates the general user account information.

You must have either the user account privilege Manage User Account General Information or
Manage Users to update user account information.

Syntax:
%LSAF_UPDATEUSERINFO(LSAF_USERID=lsaf-userid, < LSAF_DISPLAYNAME=lsaf-displayname,
LSAF_EMAIL=lsaf-email, LSAF_ACCOUNTTYPE=lsaf-accounttype, LSAF_FIRSTNAME=lsaf-firstname,
LSAF_LASTNAME=lsaf-lastname, LSAF_DEPARTMENT=lsaf-department, LSAF_PHONE=lsaf-phone >);

If an optional parameter is not specified, no change to the existing user attribute value
is made. If the parameter is specified, the specified value is set on the user attribute.
Parameter values must conform to SAS Life Science Analytics validation rules.

NOTE: This macro will be deprecated in a future release and is replaced by
lsaf_updateUserProperties.

          
History:
   2014-03-27
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The user identifier of the account.
lsaf_displayname - - Optional - The user display name.
lsaf_email - - Optional - The user email address.
lsaf_accounttype - - Optional - The user account type. Valid values:
        INTERACTIVE | NON_INTERACTIVE
lsaf_firstname - - Optional - The first name of the user.
lsaf_lastname - - Optional - The last name of the user.
lsaf_department - - Optional - The business unit of the user.
lsaf_phone - - Optional - The phone number of the user.
File: lsaf_updateuserinfo.sas
First available in version: 1.4

%lsaf_updateuserproperties(lsaf_userid=, sas_dsname=);

[ Exposure: external ]
Updates the editable properties of a user account using a SAS data set as input.

The output data set from the lsaf_getuserproperties macro contains the necessary
variables and data needed as the input data set for the lsaf_updateuserproperties
macro. The column isReadonly indicates whether the property can be updated: 0 allows
updates, 1 does not. Modify the data set with any changes prior to calling
lsaf_updateuserproperties.
- Data in the input data set that do not correspond to a property of the user account
to update are ignored.
- Values that are specified for properties that are not editable are ignored.
- An input data value that is the same as the current property value is ignored and
does not update the property. No audit record is created for the property.

Syntax:
%LSAF_UPDATEUSERPROPERTIES(LSAF_USERID=lsaf-userid, SAS_DSNAME=SAS-data-set);

          
History:
   2019-12-17
initial coding
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
Parameters:
lsaf_userid - - Required - The unique identifier of the user account.
sas_dsname - - Required - The name of the SAS data set that contains the property
        values to set, specified as libref.dataset. The data set must contain at
        least the variables listed below. Additional variables are ignored.
        - name: The name of the property.
        - value: The value of the property.
File: lsaf_updateuserproperties.sas
First available in version: 2.3

%lsaf_userexists(lsaf_userid=);

[ Exposure: external ]
Indicates whether a user account exists.

The macro variable _lsafUserExists_ is set to 1, if the user exists, 0 if it does not.
In the event of an incorrect call to the macro that results in an error, the return value
of _lsafUserExists_ is set to -1.

Syntax:
%LSAF_USEREXISTS(LSAF_USERID=lsaf-userid);

          
History:
   2013-10-30
initial coding
   2016-08-26
rebrand as LSAF
Expected Macro Variables:
_lsafMsg_ - The return message.
_lsafRC_ - The return code.
_lsafUserExists_ - Indicates whether the user account exists.
Parameters:
lsaf_userid - - Required - The identifier of the user account.
File: lsaf_userexists.sas
First available in version: 1.3