Does ACF2 provide any utilities to assist Ruleset Clean Up?


Article ID: 209305


Updated On:


CA ACF2 - z/OS


We need to clean up rulesets in the RULES database on several LPARs.  These LPARs do not have the CA Cleanup utility.  How do we identify rulesets that haven't been used in a long time so we can delete them without the CA Cleanup utility?


Release : 16.0

Component : CA ACF2 for z/OS


ACF2 provides the Rule Cleanup Utility (ACFRULCU) that identifies rule lines that are no longer needed. The lines can be from logonids that no longer exist, roles that no longer exist, or UIDs that are no longer valid. You can also specify specific UIDs, logonids, or roles to remove from the targeted rules. You can use the utility for access rules, resource rules, and DB2 rules, and you can run the utility against the active databases or alternate databases.

There is nothing provided in ACF2 to identify rulesets that have not been used in a long time. You would need to use the Cleanup product.