CA recommends the following when using CA Cleanup for ACF2.
- Running the CA Cleanup main task all the time. Access from before the installation is unknown.
- Scheduling regular updates of the CA Cleanup database to keep it in synch with the CA ACF2 databases. This can be daily or weekly depending on the security system change.
- Performing the scheduled updates with the AT5#DBU utility *ALL* function.
- Waiting several months before removing unused security records CA Cleanup tracks unused.
- CA ACF2 database records over time and should run through critical processing periods such as month, quarter, and year end.
- Running the CA Cleanup reports without removing the unused security records to analyze the reports. This allows you to familiarize yourself with the reports and their capabilities.
- A phased approach to implementation. An attempt to cleanup all three CA ACF2 databases at one time produces an unmanageable number of obsolete security file entries. Begin with a small batch of CA ACF2 rule sets or logonids.
Sites can wait a couple of months for the tracking data to build a base of tracking data and then run the reports to analyze the referenced and unreferenced security file entries(rules and logonids). Sites can always run the reports sooner to get a feel on how the security entries are being tracked for both referenced and unreferenced entries to fine tune the report parameters to obtain the desired tracking information.