Reserves an object (and all of its children) for update by only the current client session. Prevents an object (and all of its parents) from being checked out exclusively by another session if checkOutType=Shared. This is part of a transactional model for managing access controls.
| Parameter | Description |
|---|---|
| checkoutParent | Indicates whether to check out the parent object if the specified object does not exist. Default is FALSE. |
| checkOutType | Specifies the type of check-out. 'EXCLUSIVE' (default) allows only the current session to update the object. 'SHARED' prevents other sessions from getting an exclusive lock on the object or its parents. |
| ObjectSelector | Specifies the object to check out. The required sub-parameters depend on the objType. |
| objType="ACTION" | Used within ObjectSelector. Requires 'actionSet' and 'action' parameters. |
| objType="ACTIONSET" | Used within ObjectSelector. Requires the 'actionSet' parameter. |
| objType="CASLIB" | Used within ObjectSelector. Requires the 'caslib' parameter. |
| objType="COLUMN" | Used within ObjectSelector. Requires 'caslib', 'table', and 'column' parameters. |
| objType="TABLE" | Used within ObjectSelector. Requires 'caslib' and 'table' parameters. |
This code sets up a caslib and a table required for the examples. It also creates an access control to demonstrate the checkout functionality.
| 1 | PROC CAS; |
| 2 | caslib mycas path='/tmp/mycas' dataSource={srcType='path'} SESSION=true; |
| 3 | datastep.runCode / code='data mycas.cars; set sashelp.cars; run;'; |
| 4 | ACCESSCONTROL.updSomeAcs caslib='mycas' TABLE='cars' grants={{grant='select', group='public'}}; |
| 5 | RUN; |
This example demonstrates how to get an exclusive lock on the 'mycas.cars' table to prepare for updates. This prevents other sessions from modifying it.
| 1 | |
| 2 | PROC CAS; |
| 3 | ACCESSCONTROL.startTransaction; |
| 4 | |
| 5 | RUN; |
| 6 | ACCESSCONTROL.checkOutObject / objectSelector={objType='TABLE', caslib='mycas', TABLE='cars'}, checkOutType='EXCLUSIVE'; |
| 7 | |
| 8 | RUN; |
| 9 |
This example shows a complete transaction workflow. A shared checkout is used to prevent other exclusive locks while previewing the effect of a new access control rule. The transaction is then committed.
| 1 | PROC CAS; |
| 2 | /* Start a transaction to stage changes */ |
| 3 | ACCESSCONTROL.startTransaction; RUN; |
| 4 | |
| 5 | /* Get a shared lock on the caslib to prevent other exclusive checkouts */ |
| 6 | ACCESSCONTROL.checkOutObject / |
| 7 | objectSelector={objType='CASLIB', caslib='mycas'}, |
| 8 | checkOutType='SHARED'; |
| 9 | RUN; |
| 10 | |
| 11 | /* Add a new access control rule within the transaction */ |
| 12 | ACCESSCONTROL.updSomeAcs caslib='mycas' TABLE='cars' grants={{grant='delete', group='sasusers'}}; |
| 13 | RUN; |
| 14 | |
| 15 | /* Preview the effective access for a user */ |
| 16 | ACCESSCONTROL.whatIsEffective / |
| 17 | objectSelector={objType='TABLE', caslib='mycas', TABLE='cars'}, |
| 18 | principal='sasuser1'; |
| 19 | RUN; |
| 20 | |
| 21 | /* Commit the transaction to make the changes permanent */ |
| 22 | ACCESSCONTROL.commitTransaction; |
| 23 | RUN; |
The HR department is updating access policies for the 'Salary' column in the employee database. They need to ensure that during the update process (transaction), no other admin ...
An automated security bot is scanning for a temporary table named 'Audit_Log'. If the table does not exist yet, the bot needs to lock the parent Library (Caslib) to safely creat...
During a regulatory compliance audit, the 'sampling' action set must be kept stable. The auditor wants to ensure that no administrator creates an EXCLUSIVE lock (which would imp...