Overview

In SAS Viya, only the following actions are audited for report objects by default:

• Create
• Update
• Delete
• Read (on failure)

In addition, by default, the auditing task extracts audit records only for report objects that are stored in folders with Read granted to All Authenticated Users. By default, this includes only the /Products folder and the /Public folder. This means that audit records for report objects that are stored in folders that do not grant Read access to All Authenticated Users are not extracted at all. No audit records for successful read actions against those report objects are captured.

This SAS KB article explains how to perform the following tasks: 

• Enable audit records for successful reads on report objects to be captured.
• Extract audit records for any report in the environment, regardless of their folder location.

Before You Begin

• There are two basic steps: enabling read actions for reports, and enabling folder access for the audit user.
• A "read" action is more than simply opening a report in SAS Visual Analytics or in SAS^® Report Viewer. For example, in SAS Report Viewer, the thumbnails that render for the list of Recent reports all count as "read" actions for the user. This is true even if that user never actually opened the reports in SAS Visual Analytics or SAS Report Viewer at that time. One way to differentiate between "reads" when a user physically opens a report and "reads" from the system is to use the RemoteAddress field in the Audit table. For any report object that displays "read" actions for SAS Visual Analytics reports, add a filter such that RemoteAddress does not equal the IP address of your SAS Viya server. It is recommended you add this filter to specific report objects rather than to the entire Audit data source because other audit records, such as table reads, always have the IP address of the SAS Viya server.
• Because many more read actions are recorded and extracted, there could be a negative performance impact. It is important to monitor system performance after completing these steps. If you encounter performance issues that might be related to enabling broader audit access, then undo the changes that you made in the Enable All Read Actions for Auditing section.
• Rules must be created in SAS^® Environment Manager to give the audit user (sas.ops-agentsrv) folder access. It is recommended you provide a description when creating these rules. A description makes it easier to filter the list of rules if you later need to adjust any rule for auditing that you have created.

Enable All Report Read Actions for Auditing

1. Log on to SAS Environment Manager as an Administrator.
2. Navigate to Configuration ► All Services► Audit service.
3. Edit the properties in the sas.audit.record section.
4. Add a new property under the application section:
   • Name: reports.action.read.state
   • Value: all
     
     
      
5. Click Save to save changes. Within 30 seconds these changes should take effect.

Expand Folder Access for Auditing

1. Log on to SAS Environment Manager as an Administrator.
2. Navigate to Rules.
3. Create a new rule with the following fields (for any field not explicitly mentioned, leave the default):

• Object URI: The folder that should be accessible to audit
• Container URI: The same folder specified in Object URI. This enables access to all subfolders.
• Principal: sas.ops-agentsrv   
  • This user must be manually typed into the field. It is safe to ignore the warning that the user cannot be validated. 
• Rule Type: Grant
• Permissions: Read
• Description (optional but recommended): Enable access for auditing purposes

4. Click Save.
5. Repeat these steps for any additional folders that you would like to be accessible to the audit process.