08-18-2014 05:41 AM
our company wants report about SAS users and theirs last logon time to the SAS.
I was sure that kind info is saved in user Metadata. But it seems that I was wrong.
Next sas code gets attributes and values from user metadata and there is no info about logons:
length attr $256 value $256;
/* Walk through all the attributes on object. */
rc=metadata_getnatr("omsobjerson?@Name='sasdemo'", n, attr, value);
if (rc>0) then put n= attr= value=;
n=1 attr=UsageVersion value=1000000
n=2 attr=Title value=internal user
n=3 attr=PublicType value=User
n=4 attr=Name value=sasdemo
n=5 attr=MetadataUpdated value=05Feb2014:11:00:30
n=6 attr=MetadataCreated value=30Sep2013:12:11:39
n=7 attr=LockedBy value=
n=8 attr=DisplayName value=SAS Demo User
n=9 attr=Desc value=do not change
n=10 attr=ChangeState value=
n=11 attr=Id value=A53Y8E2X.AN000003
So I am a bit confused. The only way I found - process ObjectSpawner logs. But this looks like bad workaround because logs may be archived or deleted after period ends(year).
Is there anybody has idea about this topic?
08-18-2014 06:21 AM
Your question is very common as result of regulator guidelines. There will be probably a policy having the roots in ISO/IEC 27002.
In that case the question is SIEM (Security Information Event Monitoring) related. The bad news is SAS is not aware of this ...
The good news is SAS has a lot to do most of it. The ugly is you have to do a lot of work.
You can get information out of SAS-metadata using de export tools as described in the bisecag (Appendic A mduscec macro).
This will give you only information what is defined there not at the OS-level. The mentioned macro-s are meant for synchronization.
All SAS services access can get monitored by doing appropriate log-analyes, see SAS Audit, Performance and Measurement package
These log analyses can give information what is happening inside sas processes (login & executing)
When the reason of the question is just a licensing verification or preparing to evaluate sas with an other tool this will do.
The possible remote connect and sas base/founfation usage can be kept out of sight (not logged) .
When the question is a little bit different and the want to know who has accessed data that can SAS-users are using.
Then it becomes more difficult. All users that can access the system aside using sas can also possible see data.. OS controls and OS monitoring will become a very important topic.
03-27-2016 04:00 PM