Business Context
An automated security bot is scanning for a temporary table named 'Audit_Log'. If the table does not exist yet, the bot needs to lock the parent Library (Caslib) to safely create the table and apply immediate restrictions, preventing race conditions where another user might create an insecure table with the same name.
About the Set : accessControl
Management of access rights and data security.
Discover all actions of accessControl Data Preparation
Setup the Caslib, ensuring the specific table 'Audit_Log' does NOT exist yet.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | caslib audit_lib path='/tmp/audit_lib' dataSource={srcType='path'} |
| 4 | SESSION=true; |
| 5 | TABLE.dropTable / caslib='audit_lib' TABLE='Audit_Log' quiet=true; |
| 6 | |
| 7 | RUN; |
| 8 |
Étapes de réalisation
1
Start transaction for the security bot.
Copied!
| 1 | PROC CAS; ACCESSCONTROL.startTransaction; RUN; |
2
Attempt to checkout 'Audit_Log'. Since it doesn't exist, 'checkoutParent=TRUE' triggers a lock on 'audit_lib'.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | ACCESSCONTROL.checkOutObject / checkoutParent=TRUE, objectSelector={objType='TABLE', caslib='audit_lib', TABLE='Audit_Log'}; |
| 4 | |
| 5 | RUN; |
| 6 |
3
Create the table and secure it within the safe parent-lock context.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | datastep.runCode / code=' |
| 4 | data audit_lib.Audit_Log; |
| 5 | Timestamp=datetime(); |
| 6 | |
| 7 | run; |
| 8 | '; |
| 9 | ACCESSCONTROL.commitTransaction; |
| 10 | |
| 11 | RUN; |
| 12 |
Expected Result
The system detects the absence of 'Audit_Log' and automatically locks the 'audit_lib' Caslib instead. The table is then created safely within the locked environment.