This document shows how to remove older policy versions that are no longer needed.  You can do this with the dmsmgr utility.

Here is a policy created with 5 versions.

AC> list policy

(DMS__@localhost)

CATest#01

CATest#02

CATest#03

CATest#04

CATest#05

The command to use has the following syntax:

dmsmgr -cleanup -policy <policy name> -vcount <number of versions to keep> {-dms|dh} <DMS/DH name>

To keep only the last two versions of policy “CATest” the command to use would be the following:

C:\Users\Administrator>dmsmgr -cleanup -policy "CATest" -vcount 2 -dms DMS__

CA Access Control dmsmgr v12.61.1468 - dmsmgr utility

Copyright (c) 2010 CA. All rights reserved.

Successfully removed policy: CATest#01.

Successfully removed policy: CATest#02.

Successfully removed policy: CATest#03.

Operation completed successfully

Verified the removal:

AC> list policy

(DMS__@localhost)

CATest#04

CATest#05

Besides old policies one might be interested in removing old deployment information.  This is something that should be done a few times a year to keep the DMS/DH clean and tidy.

The following example will remove all DEPLOYMENT objects from the database that are older than 30 days:

dmsmgr -cleanup -deployment -days 30 -dms DMS__@

dmsmgr -cleanup -deployment -days 30 -dh DH__@

There might be a problem  if Deployment Audit contains information that is needed for auditing purposes.  But this is a very rare case which so far has never happened

Please be aware that that the dmsmgr –cleanup –policy does not remove the RULESET objects – just the POLICY objects.

AC> list ruleset

(DMS__@localhost)

CATest#01

CATest#02

CATest#03

CATest#04

CATest#05

The RULESET objects may be removed as follows:

AC> rr ruleset CATest#03 noexit

(DMS__@localhost)

Successfully deleted RULESET CATest#03

AC> rr ruleset CATest#02 noexit

(DMS__@localhost)

Successfully deleted RULESET CATest#02

AC> rr ruleset CATest#01 noexit

(DMS__@localhost)

Successfully deleted RULESET CATest#01