accessControl

createBackup

#set_accesscontrol#security#admin#caslib#admin_required

Description

The createBackup action is a crucial administrative tool within the accessControl action set. It allows a CAS administrator to create a backup of the access control lists (ACLs) for various CAS resources, such as caslibs, tables, and action sets. This backup can be saved to a specified path on the CAS server's file system or, alternatively, be created as a set of in-memory CAS tables. This functionality is essential for disaster recovery, migration, and auditing of security settings. Executing this action requires administrator privileges.

proc cas; accessControl.createBackup / path="string", tables=boolean ; run;
Settings
ParameterDescription
pathSpecifies the absolute directory path on the CAS controller's file system where the backup files will be stored. This parameter is required unless the `tables` parameter is set to true.
tablesA boolean that, when set to `true`, directs the action to create the backup as a set of in-memory CAS tables instead of writing to the file system. These tables can then be manipulated or saved using other CAS actions. The default is `false`.
Data Preparation View data prep sheet
Setting Up Sample Data and Access Controls

Before backing up access controls, we first need some data and controls to exist. The following code sets up a new session, creates a caslib named 'mycaslib', loads a sample table 'cars', and then applies a simple 'read' permission for all authenticated users on that table. This provides a concrete set of access controls to be backed up in the examples.

Copied!
1PROC CAS;
2SESSION casauto;
3caslib mycaslib path='/cas/data/sample_acls' dataSource={srcType='path'};
4TABLE.loadTable / caslib='casuser' path='cars.sashdat' casout={caslib='mycaslib', name='cars', promote=true};
5ACCESSCONTROL.updSomeAcsTable / TABLE={caslib='mycaslib', name='cars'}, acl={{permission='read', principal='authenticatedUsers', principalType='group'}};
6RUN;

Examples

This example demonstrates the standard use of the `createBackup` action. It backs up all current access controls to a specified directory on the CAS server controller. A SAS administrator role is required. The path must be accessible by the CAS server process.

SAS® / CAS Code Code awaiting community validation
Copied!
1PROC CAS;
2ACCESSCONTROL.assumeRole / adminRole='superuser';
3ACCESSCONTROL.createBackup / path='/cas/backups/access_controls_backup_20251127';
4RUN;
Result :
The action will create a set of files containing the access control information within the `/cas/backups/access_controls_backup_20251127/` directory on the CAS controller. A success message is returned in the CAS log, and the results will indicate the location and status of the backup.

This example shows how to use the `tables` parameter to create the backup as a collection of in-memory CAS tables instead of physical files. This is useful for programmatic inspection, auditing, or manipulation of the access controls directly within the CAS session. The resulting tables (one for each type of access control, e.g., caslib_acs, table_acs) are loaded into the active caslib.

SAS® / CAS Code Code awaiting community validation
Copied!
1PROC CAS;
2ACCESSCONTROL.assumeRole / adminRole='superuser';
3ACCESSCONTROL.createBackup / tables=true;
4TABLE.tableInfo / caslib='casuser';
5RUN;
Result :
The action does not write any files. Instead, it creates several tables in the user's active caslib (typically 'casuser'). The results will list the names of these newly created tables, such as 'caslib_acs', 'table_acs', etc. The subsequent `table.tableInfo` action confirms the presence of these tables in the caslib.

FAQ

What is the purpose of the `createBackup` action?
What are the parameters for the `createBackup` action?
What is the function of the `path` parameter?
How does the `tables` parameter affect the backup process?
Copyright © WeAreCAS 2023-2025