DATA Step, Macro, Functions and more

SAS Program for Internal account password expiry Notification

Reply
Regular Contributor
Posts: 151

SAS Program for Internal account password expiry Notification

Hello Friends,

 

Can any one please help me with below request.

 

Is there any sas program which Notifies us  when the sas internal account password expires if we set the

the password expiry to limited time in Metadata.

 

your help would be greatly appreciated.

 

 

Thanks in advance

Respected Advisor
Posts: 4,173

Re: SAS Program for Internal account password expiry Notification

Posted in reply to sasprofile

There is nothing OOTB as far as I know but you can always query SAS metadata and implement your own process.

 

Below SAS sample code which should give you a start.

data metaUsers;
  length metaUser $20;
  input metaUser:$20.;
  datalines;
sasdemo
sastrust
;
run;

options metaserver="*****"
	metaport=8561
	metauser="sasadm@saspw"
	metapass="*****"
	metarepository="Foundation";


data sample(drop=_:);
  set metaUsers;
  length uri $256 AccountExpirationDate $26 UseStdExpirationDays $1;

  _rc1=metadata_getnasn("omsobj:Person?@Name='"||strip(metaUser)||"'",
                          "InternalLoginInfo",
                          1,
                          uri);
  if (_rc1>0) then 
    do;
      _rc2=metadata_getattr(uri,"AccountExpirationDate",AccountExpirationDate);
      _rc2=metadata_getattr(uri,"UseStdExpirationDays",UseStdExpirationDays);
    end;
run;

Using above code run as a daily job you then could compare the result with the current system date and send out alerts based on some criteria (i.e. expiration within the next 5 working days).

 

Be careful with SAS Managed accounts and follow the guidelines of how to change passwords there.

Managed Passwords

Passwords for a few service accounts require special coordination because these passwords are included in configuration files. To update these passwords, use the SAS Deployment Manager.

 

https://support.sas.com/documentation/cdl/en/bisecag/69827/HTML/default/viewer.htm#p13mipjyz9eh9bn14...

 

I would also exclude at least one admin account like sasadm@saspw from any expiration and lockout policies to never ever loose admin access.

 

 

Ask a Question
Discussion stats
  • 1 reply
  • 177 views
  • 0 likes
  • 2 in conversation