This is a detailed description of process to remove ROLEs no longer used after LOGONID cleanup.
Release : 16.0
Component : CA ACF2 for z/OS
The ACFRULCU utility can be used if a site is using roles. The ROLNXIST parameter detects any rule line in a $ROLESET rule set that specifies a non-existent user value. SItes can use ROLNXIST with ROLESYS to identify rule lines that contain a value for a non-existent role value.
Here are the parameter descriptions related to ROLE:
- ROLNXIST causes removal of all rule lines from the targeted rule sets that have a ROLE value that no longer exists. X(ROL) records can be identified by a SYSID. When using ROLNXIST against the active databases, the role records will be identified by the current SYSID. When using ROLNXIST against alternate databases, you must also specify ROLESYS to identify the SYSID of the X(ROL) records.
- ROLESYS(sysid) is required when you are processing rules in the alternate databases and have ROLNXIST specified). It specifies a one- to eight-character SYSID value that identifies the correct X(ROL) records being used on the system. Specifying the incorrect SYSID might remove the wrong rule lines.
More information can be found in section: 'ACFRULCU - Rule Cleanup Utility' of the ACF2 documentation.