08-12-2014 06:53 AM
What is the best option available to audit usage of SAS files and objects usage?
We have some "dark" areas in SAS server that we want to make sure nobody is using, before removing them.
Also, in case we see there is a usage in a SAS output file named A, how can we backtrack the origin and the program created this file? Are there any data lineage capabilities in SAS server?
08-12-2014 07:37 AM
SAS files keep no record of who was opening them for read. You can only keep a trail of updates by using the audit trail, AFAIK.
If you have that problem, you best consult your operating system's documentation on auditing. AIX, for instance, has a strong auditing subsystem that allows one to track all file access events for a given set of files.
But be aware that such auditing may have a severe impact on the performance of your system. And needs lots of disk space.
08-12-2014 07:38 AM
APM is SAS specific SAS Audit, Performance and Measurement package These can by configured on SAS services (non not servers)
On the OS level you have full control as it done by SIEM projects. (Security Information &Event management). This is done at server level.
08-12-2014 08:09 AM
The APM is meant the follow only thing as far seen by SAS processing.
You can follow everything as long the related event is audited. You are needing BI to analyse those events to you questions. In that you could solve data lineage.
The whole auditing is based on ARM (log4j) using the bi-di server approach.
Using a SAS base-foundation Arm is part of that, although I do not know how to activate those extensive loggings.
Anyway the OS auditing should be always better. Unless you are using OS group-accounts not knowing who is who.
Some weird idea of SAS it trying to overrule OS standards. ... no circumvention know to achieve that.
52078 - You can manipulate metadata-bound SAS data sets regardless of server authentication or permi... Knowing this and you can have external SAS processing (eg your backups/DR, managed file transfers) those logging-events should be get correlated to get the data-lineage complete.
Do you have used DI for building processes the logical data linage is part of the metadata.
Beware of dark areas as you should understand their functionality. One months quartely or even yearly jobs or event-based triggers can be really important. You will hardly see any usage. At the moment they are needed.....