02-21-2014 07:26 AM
I need to generate list of users who are all using my datasets, Iam using SAS EG 4.3 installed under UNIX OS.
if any body opened dataset created by me, i need to include the user. I came to know using audit, we could do this.
But i dont want to create audit on all my datasets, Is there any way to generate list of users who opened my dataset.
Please assist me in this.
02-21-2014 09:12 AM
With AIX, auditing can be done on a per-file basis. Which UNIX do you work on?
02-26-2014 09:05 AM
Thank you Kurt,
Which Unix? i didn't get you.
I believe auditing per-file basis may be difficult to create, your comment please?
is there any function, onopen(), where we do have in other programming languages.
02-26-2014 11:46 AM
THink you might have to define what you mean by "open". Do you mean read?
All of the following could read a SAS data set file:
a user uses EG and double-clicks a dataset defined in the metadata to view records, that could be opening.
a programmer runs a reporting procedure (PROC PRINT) on a dataset
a user runs a web report
a programmer runs a data step
Are you in a BI server world with data sources defined in metadata?
It's possible you could turn on some sort of enhanced logging, e.g. http://support.sas.com/rnd/emi/APM_main/index.html
02-27-2014 11:08 PM
in all Above cases User id should be tracked.
For your question Are you in BI server world with data sources defined in metadata?
Yes, all data sources defined in Metadata.
02-28-2014 11:06 AM
Since all data sources are defined in metadata (and all clients will be accessing them through metadata, I assume?) then I would definitely check out the APM link (and related user group papers).
Looks like the usage reports are pretty nifty, can report on usage of data steps, procedures, cubes, stored processes, etc etc.
Haven't played with it myself.
Of course if there are OS options as well, they are certainly worth pursuing.
02-27-2014 01:56 AM
You said "I am using SAS EG 4.3 installed under UNIX OS". Since EG is a windows-only program, you most probably meant that SAS itself is installed on a UNIX server. I was referring to the brand of UNIX on the server (Linux, HP-UX, AIX, Solaris).
I only have sysadmin experience with AIX (IBM's UNIX), where auditing of events on a per-object (file) basis is possible.
02-28-2014 01:07 AM
Since I'm not familiar with auditing in Linux, I suggest you contact your sysadmin to set this up.
AFAIK, there is no way in SAS to record read accesses to SAS data sets.
02-28-2014 06:10 PM
As the is an auditing question on files you should ask yourself or being asked
-1 What ways are there to access sensitive data?
SAS (Eguide AMO Web SAS-code), SFTP Putty TSM LSF
-2 What are the involved identities accessing the data with that related tool
-3 Who is capable on bypassing normal security controls and is that monitored?
Having the data sandboxed at OS-level (well secured) on OS-level will help to pinpoint auditing only those account can access data
As you are the data-creator you can decide to create that data monitored (sudo) with a high-priviledged account.
The remaining possible access to those files are the isolated account granted to have that right.
When the only possible access by those users is SAS BI/DI server you can use SAS-logging as been mentioned.
When other options are available you are condemnd to use the OS options.
Linux is just a Unix type like IOS or Android. Major streams are Rhel-6 and Suse-10 (HP-UX AIX and many more).
Every type is different at some points, but a lot is equal. Google for that eg Redhat:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security_Guide/Red... chapter 7, file auditing.
Although SAS could play a big role in analyzing those logs, there is competitor in the market. Splunk is selling their tools for iso27002 compliancy and they are getting accepted by auditors (security world) with the goal analyzing those logs.