After a logonid/userid is no longer valid and has been deleted from system, can this information still be retrieved?

Document ID : KB000013078
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

After an ACF2 logonid has been deleted from the ACF2 database, can this information still be retrieved? 

Answer:

If the logonid was deleted using the ARCHIVE INTO operand then yes, the deleted logonid information is still available.

CA ACF2 for z/OS provides the ARCHIVE INTO operand when deleting a logonid.  This specifies that CA ACF2 for z/OS is to build the commands that can be used to recreate the logonid in the specified data set.  The format of the command with these operands is: 

DELETE logonid ARCHIVE INTO('your.site.dataset') 

(Refer to the CA ACF2 z/OS Administration Guide for additional optional parameters/operands.) 

The 'your.site.dataset' can be an existing PDS with RECFM=FB, LRECL=80, and any valid BLKSIZE value.  If the 'your.site.dataset' does not exist, it will be dynamically allocated as a PDS with RECFM=VB, LRECL=255, and BLKSIZE=3665.  The "logonid" value will be the member name added to this data set.

Example:

DELETE user001 ARCHIVE INTO('TEST.ARCHIVE.LOGONIDS') 

The resulting member USER001 in TEST.ARCHIVE.LOGONIDS contains:

/*ARCHIVE ...<< comment identifies who issued the DELETE >> ...

ACF                                                           

SET LID                                                       

 INSERT USER001  -                                             

 PASSWORD(USER001) -                                          

 . . . . .

END            

 

Where the '. . . . .' are the other logonid fields that were specified for the logonid before it was deleted.  Note that you may need to change the password value to meet your site password restrictions defined in the GSO PSWD record.  Some logonids, like STC logonids, will not have any password. 

This INSERT command information can be used directly by a security administrator or can be specified in a batch job (ACFBATCH or IKJEFT01) to add the logonid back into the CA ACF2 for z/OS logonid database.  

 

Additional Information:

CA ACF2 for z/OS Administration Guide