Hi Riana,
SAS offers several ways to audit the access to its services. Your question seems to be related to the access to the data.
That is an excellent question, and one that is becoming more and more popular.
You have several options within the SAS Logging Facility ( http://documentation.sas.com/?docsetId=logug&docsetTarget=p1ux9lxccgetcgn1hmkhm64m3ud0.htm&docsetVer... ), where you can enable the logs in the Workspace server (or other SAS servers), which allows you to customise as much as you want to.
A good general option, if you have middle tier in your deployments, is to enable the EMI framework and then set up the Audit Performance and Measurement (APM) tools (optionally, also ARM for performance monitoring, and VAfeed, to load the data into your VA or VAAR web application). https://support.sas.com/rnd/emi/SASEnvMgr/EVSAF/index.html
At last, I would say that one of the best options is to purchase and configure the SAS Federation Server, which allows you to monitor and audit every single action on the data, plus you can control the authorisations (and row-level security) and the way users access the data (anonymity, encryption, masking, etc) http://support.sas.com/documentation/cdl/en/fedsrvag/70395/HTML/default/viewer.htm#n00upy9zp1orz4n10...
Also, if you have questions, perhaps you can contact your SAS account manager and then he/she will be able to pin-point you to the right person/organisation to help you with your requirements.
Hope it helps.
Kind regards,
Juan