03-03-2015 03:54 AM
Hello, I would like to monitor which SAS users accessed a SAS table at a certain time of the day. Is there any SAS in-house functionality that makes this possible? I've looked at the object spawner logs, but they don't seem to reveal much. Thanks in advance!
03-03-2015 08:20 AM
For SAS 9.4, the SAS Environment Manager does this job for you. For other releases, there is the SAS Audit, Performance, Management package. See more on the topic at the SAS Audit, Performance, Management page.
03-04-2015 10:03 AM
Beginning with SAS 9.2TS2M3 + hotfix (see note below), there is a logger named "Audit.Data.Dataset.Open" available with the SAS Logging facility :
Of course, if you want to track a data set modification history specifically, then you can also enable the associated audit trail :
I suppose that the APM package or the Environment Chris is mentioning relies upon the above mentioned logger (?). It should work fine, Chris can be trusted .
However SAS has just announced that this tool is deprecated (not supported nor provided anymore) prior to release 9.4TS1M2 so be careful with such tool :
03-06-2015 02:27 AM
Thanks Ronan, good to know the APM is deprecated. The problem with that one is that it is designed to run with the code and data as being part of the configuration directory of SAS (below confic/Lev1/SASApp) .
This assumption of code and data in that only location makes it very hard to get it correct working when there separations on that level with ultipa App-servers (as with Orion-star the SAS education demo).
What is in the APM package are the log-settings form the logging frame-work. And than some sample reports. Those sample reports disappeared with the 9.4 version and the reference to the environment manager is made. Checking those ones seeing the similar kind of reports. We can assume safely that is based on that logging framework. question
The question of Phil is a nice one needing some more explanation on his needs.
When he is in a big organization or having questions as of some regulations it is different as having an installation for a very isolated not sensitive business process.
In the latter approach it is acceptable having the same person doing the development / testing / operations / auditing of the processes.
With regulations (big organizations) there is a requirement to have "segregation of duties". The person doing the operations is not allowed to do the auditing and these should have well segregated access(security).
Often there is some SoC Security operations center - Wikipedia, the free encyclopedia and several others for all daily processes.
The problem with a SAS environment these days is that it is not aligned with these common principles. The event-manager is a task set as having a single almighty sas-admin person.
03-06-2015 07:53 AM
Jaap makes a good point about the separation of concerns when it comes to the SAS environment -- that the SAS admin/expert is NOT always the same resource as the IT/operations expert. In SAS 9.4, the SAS Environment Manager facilitates that specialization better than the APM package did in prior releases.
For an overview and demo of the SAS Environment Manager, see this video session with Bob Bonham (on SAS' YouTube channel). In addition to the SAS Environment Manager interface, the relevant SAS events/activities can be exported for use in third-party monitoring tools.