ACF2 certificates deleted when user is deleted
search cancel

ACF2 certificates deleted when user is deleted

book

Article ID: 262041

calendar_today

Updated On:

Products

ACF2

Issue/Introduction

Certificates and keyrings are deleted when a user is deleted - is this correct or a bug?

                
                                                     

Environment

Release : 16.0

Resolution

It is correct that certificates and keyrings will be deleted when a user that owns the keyring and certificates is deleted. 

When you create a certificate that has a HLQ the same as a logonid it gets "associated" with that logonid.

List a logonid ..

ACF
LIST logonid PROFILE(ALL)
END

You will see something like this...
USERA                           USERA  USERA                         
                     COMPANY() DEPT() IDNUM() LEVEL() LOCATION() OLDLID()   
                     OWNER() OWNTYPE() POSITION() PROJECT() SITE()          
CERTDATA /USERA.CERT                                                     
                     CERTNSER(0000000000000001) ISSUERDN(CN=USERA)        
                     KEYSIZE(2,048) LABEL(USERA.CERT) SERIAL#(00)         
                     SUBJDN(CN=USERA) TRUST                               
Certificate is connected to the following key rings:                        
Key ring record: USERA.RING                                               
Key ring name:                                                              
USERA.ring                                                                
                                                                            
KEYRING / USERA.RING                                                      
                     DEFAULT(USERA.CERT) RINGNAME(USERa.ring)           
The following certificates are connected to this key ring:                  
CERTDATA record    Label                             Usage                  
-----------------  --------------------------------  --------               
USERA.CERT       USERA.CERT                      PERSONAL               
                                                                            
OMVS / USERA       HOME(/u/usera) OMVSPGM(/bin/sh) UID(55,609)          

When you delete the logonid record it will also delete all profile records that are also owned by the user, including certificates and keyrings.