Python command-line tools that call the SAS Viya REST APIs - for SAS administrators.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit of code Dec 6, 2018 Initial commit of code Dec 6, 2018 Initial commit of code Dec 6, 2018 Added and (#5) Jan 14, 2019 add as an example of developing a tool Dec 18, 2018 fixed crlf issue Dec 18, 2018

Python Tools for SAS Viya

The pyviyatools are a set of command-line tools that call the SAS Viya REST API's from python. The tools can be used to make direct calls to any rest-endpoint (like a CURL command) or to build additional tools that make multiple rest calls to provide more complex functionality. The tools are designed to be used in conjunction with the sas-admin command line interfaces(CLI).

Getting Started


You can find the SAS Open API's documented:

Some other useful links


The tools requires either python 2 or python 3.

The following python libraries are used:


Please use the installation intructions in the file


The pyviya tools use the sas-admin auth CLI to authenticate to Viya. To use the tool you must create a profile and authenticate.

This process is documented in the SAS Viya Administration guide here:
Viya 3.3:
Viya 3.4:

Creating a Profile and Logging on

The tool will automatically use the default profile.

  1. To create a profile as a SAS Administrator logon to the machine that contains the Viya CLI's
  2. Run /opt/sas/viya/home/bin/sas-admin profile init and when prompter enter the base endpoint of your Viya server for example: You may enter your personal preference at the other prompts.
  3. After you create the profile there are two options to authenticate
  • Run /opt/sas/viya/home/bin/sas-admin auth login to authenticate to Viya enter the userid and password of the SAS Administrator when prompted.
  • Create an .authinfo file in your home directory with your userid and password and use to authenticate with the credentials in the file (you can use different authinfo files with the -f option)

The CLI allows for multiple profiles. To use a profile other than the default profile, for example newprofile

  1. Create a named profile sas-admin --profile newprofile profile init
  2. Logon with the named profile sas-admin --profile newprofile auth login
  3. Set the SAS_CLI_PROFILE environment variable to the name of the profile
  • LINUX: export SAS_CLI_PROFILE=newprofile
  • WINDOWS: set SAS_CLI_PROFILE=newprofile
  1. When the SAS_CLI_PROFILE is set the tool will use the profile stored in the variable
  2. To revert to using the default variable reset the environment variable

The tools are self-documenting, for help on any tool call the tool passing -h or --help.

python <pathtotool><> -h

Available Tools


callrestapi is a general tool, and the building block for all the other tools.

callrestapi will call the Viya REST API and return json or optionally a simplified output. It can call any viya REST method. (Like a curl command).

usage: [-h] -e ENDPOINT -m {get,put,post,delete} [-i INPUTFILE] [-a ACCEPTTYPE] [-c CONTENTTYPE] [-o {csv,json,simple}]

You must pass a method and endpoint. You can optionally pass json, content type headers or the -t flag to change output from json to basic text.

List of some of the Additional Tools Available

Additional tools provide more complex functionality by combining multiple calls to the callrestapi function, and post-processing the outpuit that is returned.

  • getfolderid returns the id of the folder based on the full folder path
  • deletefolder deletes a folder based on the full folder path
  • deletefolderandcontent deletes a folder and any reports that are stored in the folder
  • movecontent moves the content from a source to a target folder
  • getconfigurationproperties lists the name/value pairs of a configuration
  • testfolderaccess tests if a user or group has access to a folder
  • creates a binary backup job
  • creates an authentication domain
  • list authorization rules subset on a principal and/or a uri
  • use an authinfo file to authenticate to the CLI
  • update preferences for a user or group of users
  • Load a set of userids and passwords to a Viya domain from a csv file
  • Create a set of Viya folders from a csv file
  • Explains access for a folder, object or service endpoint
  • Return path of folder, report, or other object in folder
  • lists members of a folder, recursively if desired

Check back for additional tools and if you build a tool feel free to contribute it to the collection.


The example calls assume you are in the directory where you installed the tools. If you are not you can prepemd the directory to the filename, for example /opt/pyviyatools/ If you are using the tool on windows the syntax is:


The following examples are Linux.

# Login to Viya using default authinfo file ~/.authinfo

# Login to Viya using an authinfo file
./ -f ~/.authinfo_geladm

#return all the rest calls that can be made to the folders endpoint
./ -e /folders -m get

#return the json for all the folders/folders
./ -e /folders/folders -m get

#return simple text for all the folders/folders
./ -e /folders/folders -m get -o simple

#rest calls often limit the results returned the text output will tell you returned and total available items
#in this call set a limit above the total items to see everything
./ -e /folders/folders?limit=500 -m get -o simple

#return the json for all the identities
./ -e /identities/identities -m get

#return the json for all the identities output to a file
./ -e /identities/identities -m get > identities.json

#refresh the identities cache
./ -e /identities/userCount -m get
./ -e /identities/cache/refreshes -m post

# pass the folder path and return the folder id and uri
./ -f /gelcontent

# delete a folder based on its path
./ -f /gelcontent

#return a set of configuration properties
./ -c sas.identities.providers.ldap.user -o simple

#create a domain using createdomain
./ -t password -d test -u sasadm -p lnxsas -g "SASAdministrators,HR ,Sales"

#Update an existing domain to add credentials from a csv file
./ -d LASRAuth -f /tmp/myusers.csv

csv file format
no header row
column1 is userid
column2 is password
column3 is identity
column4 is identity type (user or group)

For example:

#create a domain using callrestapi. Last part of endpoint is domain name ./ -e /credentials/domains/<newdomain> -m post -i domain.json

INPUT JSON must be formatted as the endpoint expects. Example:

"id": "<newdomain>",
"type": "password"

#test folder access
./root/admin/pyviyatools/ -f '/gelcontent' -p Sales -m read -s grant -q

#return basic content using accept response type
./ -m get -e /identities/users/sasadm -a "application/"

# Display all sasadministrator rules
./ --p SASadministrators -o simple

# Display all rules that contain SASVisual in the URI
./ -u SASVisual -o simple

# Create folders from a CSV file
./" -f /tmp/newfolders.csv

FORMAT OF CSV file folder path (parents must exist), description
/RnD, Folder under root for R&D
/RnD/reports, reports
/RnD/analysis, analysis
/RnD/data plans, data plans
/temp,My temporary folder
/temp/mystuff, sub-folder

# Update the theme for the user sasadm
./ -t user -tn sasadm -pi OpenUI.Theme.Default -pv sas_hcb

#Explain direct and indirect permissions on the folder /folderA/folderB, no header row. For folders, conveyed permissions are shown by default.
./ -f /folderA/folderB

#As above but for a specific user named Heather
./ -f /folderA/folderB -n Heather -t user

#As above with a header row
./ -f /folderA/folderB --header

#As above with a header row and the folder path, which is useful if you concatenate sets of results in one file
./ -f /folderA/folderB -p --header

#As above showing only rows which include a direct grant or prohibit
./ -f /folderA/folderB --direct_only

#Explain direct and indirect permissions on a service endpoint. Note in the results that there are no conveyed permissions. By default they are not shown for URIs.
./ -u /SASEnvironmentManager/dashboard

#As above but including a header row and the create permission, which is relevant for services but not for folders and other objects
./ -u /SASEnvironmentManager/dashboard --header -l read update delete secure add remove create

#Explain direct and indirect permissions on a report, reducing the permissions reported to just read, update, delete and secure, since none of add, remove or create are applicable to a report.
./ -u /reports/reports/id --header -l read update delete secure

#Explain direct and indirect permissions on a folder expressed as a URI. Keep the default permissions list, but for completeness we must also specify -c true to request conveyed permissions be displayed, as they are not displayed by default for URIs.
./ -u /folders/folders/id --header -p -c true

# Get folder path for an object (can be a folder, report or any other object which has a folder path)
./ -u /folders/folders/id
./ -u /reports/reports/id

# Return list of members of a folder identified by objectURI
./ -u /folders/folders/id

# Return list of all members of a folder identified by objectURI, recursively searching subfolders
./ -u /folders/folders/id -r


The most common problem is an expired access token. You may see a message like:

{"errorCode":0,"message":"Cannot convert access token to JSON","details":["traceId: 6bca23b2b3a2cfda","path: /folders/folders"],"remediation":null,"links":[ ],"version":2,"httpStatusCode":401}

To fix the problem generate a new access token /opt/sas/viya/home/bin/sas-admin auth login

To see the current setup, including python and package versions, environment variable settings, profile information and current user. Run


If you get this error : Login failed. Error with security certificate.

Set the environment variable for the SSL certificate file. For example: export SSL_CERT_FILE=/opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem

If you get this error: Raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))

Set the environment variable for the SSL certificate file. For example: export REQUESTS_CA_BUNDLE=/opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem

Developing with the existing functions

The file contains a set of generic functions that make it easy to build additional tools.

callrestapi is the main function, called by many other programs and by the callrestapi program to make the REST calls. It accepts as parameters:

  • reqval: the request value which is the rest endpoint for the request
  • reqtype: the type of REST request, get,put, post, delete
  • acceptType: optinal accept type content header
  • contentType: optional content type content header
  • data: optionally a python dictionary created from the json for the rest request
  • stoponerror: whether the function will stop all further processing if an error occurs (default 0 to not stop)


We welcome your contributions! Please read for details on how to submit contributions to this project.


This project is licensed under the Apache 2.0 License.