topic Re: sas usage auditing and data lineage tracking in SAS Programming

sas usage auditing and data lineage tracking

NaamaGa — Tue, 12 Aug 2014 10:53:27 GMT

Hello,

What is the best option available to audit usage of SAS files and objects usage?

We have some "dark" areas in SAS server that we want to make sure nobody is using, before removing them.

Also, in case we see there is a usage in a SAS output file named A, how can we backtrack the origin and the program created this file? Are there any data lineage capabilities in SAS server?

Thank you

Re: sas usage auditing and data lineage tracking

Kurt_Bremser — Tue, 12 Aug 2014 11:37:01 GMT

SAS files keep no record of who was opening them for read. You can only keep a trail of updates by using the audit trail, AFAIK.

If you have that problem, you best consult your operating system's documentation on auditing. AIX, for instance, has a strong auditing subsystem that allows one to track all file access events for a given set of files.

But be aware that such auditing may have a severe impact on the performance of your system. And needs lots of disk space.

Re: sas usage auditing and data lineage tracking

jakarman — Tue, 12 Aug 2014 11:38:47 GMT

APM is SAS specific SAS Audit, Performance and Measurement package These can by configured on SAS services (non not servers)

On the OS level you have full control as it done by SIEM projects. (Security Information &Event management). This is done at server level.

Re: sas usage auditing and data lineage tracking

NaamaGa — Tue, 12 Aug 2014 11:49:33 GMT

Thank you. Does this package supports access audit to SAS output files?

What about data lineage?

Re: sas usage auditing and data lineage tracking

jakarman — Tue, 12 Aug 2014 12:09:24 GMT

The APM is meant the follow only thing as far seen by SAS processing.

You can follow everything as long the related event is audited. You are needing BI to analyse those events to you questions. In that you could solve data lineage.

The whole auditing is based on ARM (log4j) using the bi-di server approach.

Using a SAS base-foundation Arm is part of that, although I do not know how to activate those extensive loggings.
Anyway the OS auditing should be always better. Unless you are using OS group-accounts not knowing who is who.

Some weird idea of SAS it trying to overrule OS standards. ... no circumvention know to achieve that.

52078 - You can manipulate metadata-bound SAS data sets regardless of server authentication or permissions set on the file Knowing this and you can have external SAS processing (eg your backups/DR, managed file transfers) those logging-events should be get correlated to get the data-lineage complete.

Do you have used DI for building processes the logical data linage is part of the metadata.

Beware of dark areas as you should understand their functionality. One months quartely or even yearly jobs or event-based triggers can be really important. You will hardly see any usage. At the moment they are needed.....