Since SAS 9.4 M0 there has been an option to close inactive clients (Inactive client timeout).   See the documentation here: https://go.documentation.sas.com/?docsetId=biasag&docsetTarget=n11016intelplatform00srvradm.htm&docsetVersion=9.4&locale=en   ... View more

The "Metadata Server: User Administration" has no explicit capabilities that you will see in the SAS Managemenr Console User Manager Capabilities tab. It, along with the other "Metadata Server: *" roles" has implicit capabilities that are hard coded into the software and cannot be modified by SAS customers. However, as I mentioned in a previous comment, there can be interactions with other permission settings in metadata and it might be those that are causing your problems.   What is contained in the Permission Pattern tab in your Foundation repository ACT (usually named "Default ACT"). My repository ACT, which has not been modified from the original post-install state, contains the following:   * PUBLIC: -RM,-WM,-WMM,-CM,-R,-W,-C,-D,-I,-S,-U,-CT,-DT,-AT,-A,-X * SAS Administrators: +RM,+WM,+CM,+A * SAS System Services: +RM,+WM * SASUSERS: +RM,+WM,+CM   BTW you mentioned no ACT and no modifications done to the "Metadata Server: User Administration" role. In the default post-install state it should have an ACT applied (SAS Administrator Settings) and an explicit permission (PUBLIC: -WM). If it does not have those then that suggests that it has been modified, if only to remove those protections. ... View more