SAS Admin
Article Administration How to Change Internal Account Server Level Policies for SAS Management Console
SAS internal accounts have universal default Account policies and knowing them is important. These account policies may be customized and in organizations with multiple SAS administrators it may be important to set them per security policies and to avoid lockouts; if warranted.
SAS refers to internal account those with the /<id/>@saspw format. An example would be sasadm@saspw (Unrestricted ID)
Default Internal Account Policies
| Internal Account Attributes | Details |
|---|---|
| Accounts | Don't expire |
| Default Password Length | Six (6) Don't expire and no special requirements for alpha numeric or mixed case or symbol |
| Password Reuse Policy | Last 5 passwords are unusable |
| Account Lock Policy | 3 failed attempt locks account for 60 minutes, however an administrator may unlock. |
| Forced Password Change Policy | Password do not expire, however, where policy is changed, a Forced Password Change is enforced when:
|
Review Current Settings
To examine current settings log in to SAS Management Console. Use an ID that has administrator privilege or SAS Management Console: Advance privilege.
Steps
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image1.png)
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image2.png)
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image3.png)
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image4.png)
Change Internal Account Policies
On your server, navigate to the omaconfig.xml file which is typically in your ../Config/Lev1/SASMeta/MetadataServer/
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image5.png)
Figure 4 Use any Text editor or XML editor to open file
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image6.png)
Syntax & element Rules (to Change a Policy or Implement)
Rules
- Options are case sensitive
- Usable Values are T (alias 1 or Y) or F (alias 0 or N) where T is True and F is False
Available Elements Table
| Element | Detail |
|---|---|
ChangeDelayInMinutes="number" | specifies the number of minutes that must elapse between password changes. This applies only when you are resetting your own password. |
MinLength="number-of-characters" | specifies the minimum length for passwords |
MixedCase="T | F" | specifies whether passwords must include at least one uppercase letter and at least one lowercase letter. To enforce this requirement, specify T. |
NumPriorPasswords="number" | specifies the number of passwords that are maintained in each account's password history. A user cannot reuse a password that is in the user's account history |
InactiveDaysToSuspension="number" | specifies the number of days after which an unused account is suspended. A value of 0 prevents suspensions due to inactivity. |
LockoutDurationInMinutes="number" | specifies the number of minutes for which an account is locked following excessive logon failures |
NumFailuresForLockout="number" | specifies the number of consecutive unsuccessful logon attempts that cause an account to be locked. We recommend that you do not specify 0, because doing so can make your system vulnerable to password guessing attacks. |
DigitRequired="T | F" | specifies whether passwords must include at least one digit. To enforce this requirement, specify T |
ExpirationDays="number" | specifies the number of days after a password is set that the password expires. A value of 0 prevents passwords from expiring |
ExpirePasswordOnReset="T | F" | specifies whether a forced password change occurs on first use and after an administrative password reset. To disable this requirement, specify F. |
HashPasswords="SHA256-10000 | SHA256 | MD5" | specifies how the internal account password is stored in the metadata
|
Sample Element Addition in OMACONFIG.XML
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image7.png)
How to Implement Override Server Level Policies on Per User w Internal Account Basis
- Log on to SAS Management Console as Administrator
- In Plug-Ins select User Manager, Uncheck Show Groups and Show Roles
- Select the user who needs updated policies → Right Click → Properties
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image8.png)
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image9.png)
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image10.png)
 SAS Admin - How to Change SAS Internal Account Server Level Policies/media/image11.png)