After an ACF2 logonid has been deleted from the ACF2 database, can this information still be retrieved?
If the logonid was deleted using the ARCHIVE INTO operand then yes, the deleted logonid information is still available.
ACF2 for z/OS provides the ARCHIVE INTO operand when deleting a logonid. This specifies that ACF2 for z/OS is to build
the commands that can be used to recreate the logonid in the specified data set. The format of the command with these operands is:
DELETE logonid ARCHIVE INTO('your.site.dataset')
(Refer to the CA ACF2 z/OS Administration Guide for additional optional parameters/operands.)
The 'your.site.dataset' can be an existing PDS with RECFM=FB, LRECL=80, and any valid BLKSIZE value.
If the 'your.site.dataset' does not exist, it will be dynamically allocated as a PDS with RECFM=VB, LRECL=255, and BLKSIZE=3665.
The "logonid" value will be the member name added to this data set.
DELETE user001 ARCHIVE INTO('TEST.ARCHIVE.LOGONIDS')
The resulting member USER001 in TEST.ARCHIVE.LOGONIDS contains:
/*ARCHIVE ...<< comment identifies who issued the DELETE >> ...
INSERT USER001 -
. . . . .
Where the '. . . . .' are the other logonid fields that were specified for the logonid before it was deleted.
Note that you may need to change the password value to meet your site password restrictions defined
in the GSO PSWD record. Some logonids, like STC logonids, will not have any password.
This INSERT command information can be used directly by a security administrator or can be specified
in a batch job (ACFBATCH or IKJEFT01) to add the logonid back into the CA ACF2 for z/OS logonid database.
The ACF2 LIST command also supports the ARCHIVE option which can be executed prior to the DELETE execution:
LIST user001 ARCHIVE INTO('TEST.ARCHIVE.LOGONIDS')