You might remember my post on Who's been using my CAS tables? where I wrote about the audit entries being created for access to CAS tables and how to read them. Recently I read in the documentation for Upcoming Critical Changes for SAS® Viya® Platform the section on Recording Audit Entries Disabled at Stable 2026.05. Does this mean, this information is no longer available?

Do not worry, we still have the same CAS access information available. We just need to read them using a different command. This article will provide the details needed to continue using these audit information.

What we will cover

• Introduction to activity records
• Audit records versus activity records
• Look at an activity record related to CAS
• Read the activity records related to CAS tables

Introduction to activity records

Activity records will be the successor for audit records. To get started on activity records, I do recommend that you read these posts: View activity records in SAS Viya and A New Lens on Platform Usage in SAS Viya. Activity records can now be listed using the sas-viya audit list-activities command.

Activity records related to CAS table access are available from the Stable 2026.03 release.

Audit records versus activity records

According to Recording Audit Entries Disabled, audit records will be disabled. You can reenable the creation of the audit records if you need this data. However it is recommended to switch to the activity records.

Here is a short intro from the documentation on audit records and activity records.

Audit records are created by the audit service when the service receives event messages from SAS applications and SAS services. This means you will get a lot of records.

Activity records track the interactions of users with SAS Viya applications. To create activity records, applications send activity events to the audit service. This means you will get less entries. This approach results in fewer entries being generated.

In the example below we use the sas-viya CLI to count the lines returned for (1) audit records and (2) activity records during the same time period. This is using default settings and not much is going on in this SAS Viya system. We assume the command output is text.

1. sas-viya audit list --limit 20000 --after 2026-04-24T14:00Z --before 2026-04-24T15:00Z | wc -l 413
2. sas-viya audit list-activities --limit 20000 --after 2026-04-24T14:00Z --before 2026-04-24T15:00Z | wc -l 74

We can see that 413 audit records are returned but only 74 activity records. So the activity records are less verbose.

Look at an activity record related to CAS

Let's look at an activity record from reading a CAS table. See below the SAS log from a program reading a CAS table:

Select any image to see a larger version.
Mobile users: To view the images, select the "Full" version at the bottom of the page.

Here is the detail information of the related activity record, the following command was used to display it. Note the --output fulljson option to get the complete json information.

sas-viya --output fulljson audit show-activity-info --id 4debf069-24a3-4008-9114-68b70dc796bb | jq

I have marked some information. For instance we have the action "read", information on objectName and objectType. We can see the sessionId of our CAS session is part of activity record. This helps for instance when you want to see all the operations done in a specific session. We have the uri which gives us the information on which CAS server this read action took place.

Read the activity records related to CAS tables

To read the activity records we use the sas-viya audit plugin with the list-activities command. The list and list-activities commands share some common options for filtering the returned items such as --action, --after, --before, --details, --application and quite a few more. There are also some new options, since activity records have new fields such as --object-name, --object-name-contains, --object-type, --object-type-contains and --service-name, --service-name-contains.

Reading the activity records is basically the same as outlined in my previous post. Here is an example. Note the application name is now "Cloud Analytic Service". Please do not forget to specify the --limit option, otherwise by default you will only get 50 records back.

sas-viya --output json audit list-activities --after 2026-04-29 --sort-by timeStamp --application "Cloud Analytic Service" --limit 10000 > activity-records.json

The “activity-records.json” file created by the command needs to be made available to the SAS environment where we later will run the SAS program to process the data. Please note you have to run the above command as an administrator to get all the activity records for all users.

As outlined in the previous post we can read activity-records.json file using a SAS program. You can find a sample program below which can be adapted to your needs.

/*
* read the json data
*/
libname ajson json "/home/christine/activity-records.json" noalldata;
proc copy in=ajson out=work;
run;

/*
* combine two tables
*/
proc sql;
create table work.cas_activity_records as
select
t1.ordinal_items,
t1.action,
t1.application,
t1.description,
t1.id,
t1.state,
t1.timeStamp,
input(t1.timeStamp, e8601dz35.) as timeStamp_sas format=e8601dz32.6,
t1.type,
t1.user,
t2.caslib,
t2.category,
t2.controllerHost,
t2.controllerPort,
t2.scope,
t2.sessionId,
t2.sessionUser,
t2.table,
t2.createTimestamp,
input(t2.createTimestamp, e8601dz35.) as createTimestamp_sas format=e8601dz32.6,
t2.sourceCaslib,
t2.sourceTable
from
work.items t1 left join work.items_properties t2
on (t1.ordinal_items = t2.ordinal_items)
;
quit;

Since the sas-viya audit list-activities command can only return a certain number of records, specified by --limit option, a value of 10000 just worked fine. We might need to call the command several times to cover a certain time period. Find below an example of a shell script which will call the the command as many times as needed and combine intermediate results into one json file. You can use the --after and --before to specify a date range. The same SAS program shown above can be used to read the combined json file.

#!/bin/bash

#
# some option values for the sas-viya command
#
LIMIT=1000
START=0
AFTER=2026-04-01

# location of intermediate files
TMP_RESULTS=$HOME/cas-activity-results

# final result file
FINALRESULT=$HOME/cas-activity-all.json

mkdir -p $TMP_RESULTS

#
# go into the loop at least once
#
CONTINUE=true
while [ "$CONTINUE" = "true" ]
do
TMP_JSON=$TMP_RESULTS/activity$START.json
echo "NOTE: TMP_JSON" $TMP_JSON
sas-viya --output json audit list-activities --after $AFTER --service-name cas --limit $LIMIT --start $START --sort-by timeStamp > $TMP_JSON
if grep -q "There are no audit records that match the specified parameters." "$TMP_JSON"; then
CONTINUE=false
echo "NOTE: No records found"
else
nItems=$(jq '.items | length' $TMP_JSON)
echo "NOTE: nItems" $nItems
if [ "$nItems" == "$LIMIT" ]; then
START=$(($START + $LIMIT))
echo "NOTE: continue" $START
else
CONTINUE=false
echo "NOTE: stop loop"
fi
fi
done

#
# combine all the intermediate json files into one
#
jq -s '.' $TMP_RESULTS/activity*.json > $FINALRESULT

#
# clean up tmp results
#
rm -r $TMP_RESULTS

Summary

The new activity records provide essentially the same information as we have in the audit records for CAS related actions. Please note that CAS audit activity records contain information for action done on the in-memory tables. Operations like saving an in-memory table to the caslib physical storage as a file or deleting a file in a caslib is not tracked.

Find more articles from SAS Global Enablement and Learning here.