Blogs

Blogs

Finding audit bliss in SAS Web Report Studio

3
By Topics | SAS Administrators

For many organizations, having traceability for members of staff accessing and leveraging customer data is a key requirement. There is the obvious security focus when leadership teams think about traceability, but there are additional uses for audit data within the organization:

  • Using it to identify potentially broken work practices and processes
  • Identifying key content from a business perspective
  • Understanding which users are likely to be affected by underlying changes to data or updates and upgrades to software

For customers who use SAS Web Report Studio (WRS) 4.3 under SAS 9.3, the auditing functionality is provided out of the box. No need for administrators to make any elaborate configuration changes, it just works right away. WRS is leading from the front in terms of its of ease of use and simple set-up.

With this fact in mind, I want to show the steps to access the audit data. For more information on this topic (which is referred to as "Key User Action"), read the latest version of the SAS® 9.3 Intelligence Platform Web Application Administration Guide. The documentation provides descriptions of the key user action codes (there are currently 13) and how to set up the roll-over attributes of the key user logs.

Figure 1 and Figure 2 show typical header information and user event data found in the Key User Action logs:

Figure 1. The header information within the Key User Actions log files.

Figure 2. A snippet of the event data within the Key User Action log files.

There are three quick steps required to look inside the logs and see the audit and event related information:

  1. Identify the location and names of the relevant log files are kept.
    • By default the directory location is \config\Lev1\Web\Logs
    • The archive logs have the default name format "SASWebReportStudio4.3_KeyActions.log_yyyymmdd_hrmmss", e.g., SASWebReportStudio4.3_KeyActions.log_20130129_221231
    • The live, or current, log is named SASWebReportStudio4.3_KeyActions.log
  2. To minimise the risk of losing the original log files, you should make a copy of the original log file.
    • Copy SASWebReportStudio4.3_KeyActions.log_20130129_221231
    • Rename the copy to SASWebReportStudio4.3_KeyActions31Jan2013Midday.XML
  3. Open up a SAS Display Manager Session which and submit the relevant code (See sample in Figure 3):
    • Use a LIBNAME statement to point to the XML based data in the log.
    • Create an XML table called Event (via PROC DATASETS)
    • Create a SAS dataset to use in further processing.

    IMPORTANT NOTE. If you are required to access a log file before it has been archived, i.e. the log file is in active use, then ensure that once you have made a copy of the log file, make sure to edit the copy to add at the bottom of the log file the closing tag . If the tag is not added, you will receive an error message when running the libname statement below.

Figure 3. The SAS code used to read the Key User Action log file.

libname myxml2 xml 
'C:\sas93\config\Lev1\Web\Logs\SASWebReportStudio4.3_KeyActions31Jan2013Midday.XML';

proc datasets library=myxml2;
quit;

data wrsaudit31012013;
set myxml2.Event;
run;

With the SAS data set created, it is then possible to view the relevant information or perform further actions, for example, having the access and reporting on key user actions built into an automated process using proven data integration and business intelligence practices.

Figure 4 shows an example of the user activity available in the Key User Action log:

  • The SASTRUST account being used to logon into SAS Web Report Studio at "System Start Up" time
  • The users Stuart, Rob and Erwan all logged on and logged off to WRS during the course of the working day
  • Stuart saved a report ProdSaleWRSReport (because Stuart only saved the report but did not open it, you may be able to infer he is actually the report creator)
  • Rob saved a report CLASS_WRSReport (because Rob only saved the report but did not open it, you may be able to infer he is actually the report creator)
  • Erwan opened the ProdSaleWRSReport and saved the report as ProdSaleWRSReport1.

Figure 4. A snippet of the SAS data set (wrsaudit31012013) that gets created from reading in the Key User Action log file.

I hope we will see increased use of this auditing framework on other SAS client applications (Web or desktop based).

Tags audit and traceability SAS Administrators SAS Web Report Studio
Share

About Author

Simon Williams

Senior Manager

Simon Williams is a Senior Manager in the Global Enablement and Learning (GEL) Team within SAS R&D's Global Technical Enablement Division. Simon has worked for SAS for 12 years. Simon's focus is to develop recommended practices in the areas’ of technical architecture, deployment, administration, data management and business intelligence.

3 Comments

  1. Pingback: Capturing the number of logins per SAS user - SAS Users Groups

  2. Raj on

    Hi Simon,

    Your post is very informative, the SASWebReportStudio_KeyActions.log indeed provide important information. We are using SAS V 9.2/WRS 4.3 at our site and have extended the code to read the current as well as the archived logs to obtain statistics like the number of users logged in per month/ number of reports each user has accessed,etc.

    However the challange remains to obtain the same statistics from other web applications like BI Dashboards etc., please let us know if it is possible at all in 9.2.

    Regards,
    Raja

    Reply

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Top