After a logonid/userid is no longer valid and has been deleted from system, can this information still be retrieved?
search cancel

After a logonid/userid is no longer valid and has been deleted from system, can this information still be retrieved?

book

Article ID: 13078

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

After an ACF2 logonid has been deleted from the ACF2 database, can this information still be retrieved? 

Environment

Component: ACF2MS

Resolution

If the logonid was deleted using the ARCHIVE INTO operand then yes, the deleted logonid information is still available.

ACF2 for z/OS provides the ARCHIVE INTO operand when deleting a logonid.  This specifies that ACF2 for z/OS is to build
the commands that can be used to recreate the logonid in the specified data set.  The format of the command with these operands is: 

DELETE logonid ARCHIVE INTO('your.site.dataset') 

(Refer to the CA ACF2 z/OS Administration Guide for additional optional parameters/operands.) 

The 'your.site.dataset' can be an existing PDS with RECFM=FB, LRECL=80, and any valid BLKSIZE value.
If the 'your.site.dataset' does not exist, it will be dynamically allocated as a PDS with RECFM=VB, LRECL=255, and BLKSIZE=3665.
The "logonid" value will be the member name added to this data set.


Example:
DELETE user001 ARCHIVE INTO('TEST.ARCHIVE.LOGONIDS') 


The resulting member USER001 in TEST.ARCHIVE.LOGONIDS contains:

/*ARCHIVE ...<< comment identifies who issued the DELETE >> ...

ACF                                                           

SET LID                                                       

 INSERT USER001  -                                             

 PASSWORD(USER001) -                                          

 . . . . .

END            

 

Where the '. . . . .' are the other logonid fields that were specified for the logonid before it was deleted.
Note that you may need to change the password value to meet your site password restrictions defined
in the GSO PSWD record.  Some logonids, like STC logonids, will not have any password. 

This INSERT command information can be used directly by a security administrator or can be specified
in a batch job (ACFBATCH or IKJEFT01) to add the logonid back into the CA ACF2 for z/OS logonid database.

Additional Information

The ACF2 LIST command also supports the ARCHIVE option which can be executed prior to the DELETE execution:

Example:
LIST user001 ARCHIVE INTO('TEST.ARCHIVE.LOGONIDS')

Powered by Wolken Software