Business Context
The IT Security team needs to build a dynamic dashboard to visualize 'Who can access what' in real-time without parsing external log files. They require the ACLs to be loaded directly into memory as CAS tables to join them with employee metadata tables (e.g., Department, Role) for immediate anomaly detection (e.g., 'Intern' role accessing 'Executive' tables).
About the Set : accessControl
Management of access rights and data security.
Discover all actions of accessControl Data Preparation
Creation of multiple dummy tables with varying permissions to generate a complex ACL structure.
Copied!
| 1 | PROC CAS; |
| 2 | caslib HR path='/cas/data/hr' dataSource={srcType='path'}; |
| 3 | TABLE.loadTable / caslib='casuser' path='cars.sashdat' casout={caslib='HR', name='Salaries'}; |
| 4 | ACCESSCONTROL.updSomeAcsTable / TABLE={caslib='HR', name='Salaries'}, acl={{permission='Select', principal='HR_Managers', principalType='group', grant=true}}; |
| 5 | RUN; |
Étapes de réalisation
1
Elevation to Superuser role.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | |
| 4 | ACCESSCONTROL.assumeRole / adminRole='superuser'; |
| 5 | |
| 6 | |
| 7 | RUN; |
| 8 |
2
Triggering the backup with the 'tables' flag to redirect output to memory instead of disk.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | |
| 4 | ACCESSCONTROL.createBackup / tables=true; |
| 5 | |
| 6 | |
| 7 | RUN; |
| 8 |
3
Verification step: Fetching the content of the generated 'table_acs' table to validate the data availability.
Copied!
| 1 | |
| 2 | PROC CAS; |
| 3 | |
| 4 | TABLE.fetch / TABLE={name='table_acs'}; |
| 5 | |
| 6 | |
| 7 | RUN; |
| 8 |
Expected Result
No files are written to disk. Instead, standard CAS tables (e.g., 'caslib_acs', 'table_acs') appear in the active caslib. The 'table.fetch' command displays the permissions set during the Data Prep phase.