Business Context
A banking institution is required by regulatory bodies (e.g., GDPR, SOX) to maintain a persistent daily archive of all user access rights. The objective is to store a physical copy of the Access Control Lists (ACLs) on a secure server path to ensure immutability and auditability in case of a security breach investigation.
About the Set : accessControl
Management of access rights and data security.
Discover all actions of accessControl Data Preparation
Setup of a 'Finance' Caslib with sensitive data and restricted permissions to simulate a real banking environment.
Copied!
| 1 | PROC CAS; |
| 2 | SESSION casauto; |
| 3 | caslib Finance path='/cas/data/finance' dataSource={srcType='path'}; |
| 4 | ACCESSCONTROL.updSomeAcsCaslib / caslib='Finance', acl={{permission='ReadInfo', principal='authenticatedUsers', principalType='group', grant=true}}; |
| 5 | RUN; |
Étapes de réalisation
1
Elevation of privileges to Superuser to authorize the global backup operation.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | |
| 4 | ACCESSCONTROL.assumeRole / adminRole='superuser'; |
| 5 | |
| 6 | |
| 7 | RUN; |
| 8 |
2
Execution of the backup action targeting a specific physical directory for long-term archiving.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | |
| 4 | ACCESSCONTROL.createBackup / path='/cas/backups/daily_compliance_2025'; |
| 5 | |
| 6 | |
| 7 | RUN; |
| 8 |
Expected Result
The action completes successfully. A directory named 'daily_compliance_2025' is created at the specified path, containing the serialized ACL files. The CAS log confirms the backup location.