CA Cleanup for RACF: Tracking File Considerations in a Multiple LPAR environment

Document ID : KB000055247
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

When implementing CA Cleanup for RACF in an environment with more than one LPAR, there are a few things to consider in order to ensure optimal usage and functionality of the Cleanup tool. Below are some typical environment configurations with recommendations on tracking file setup based on security database sharing and RACF Remote Sharing Facility (RRSF) enablement.

Resolution:

Environment 1:

SYSA and SYSB share one security database, no RRSF.

  • It is recommended to use one shared tracking file.

    The use of two tracking files is supported but not common. Using two tracking files may be used in the situation where GRS/MIM cannot be used to propagate enqueues. This setup, however, is not recommended since there is additional overhead with maintaining, reporting on and reloading multiple tracking files. If using two tracking files, always report using both tracking files as input because this is actually one security system.

Environment 2:

SYSA and SYSB have separate security databases, RRSF connected.

  • Do not use a single shared tracking file!

    Report using both tracking files as input because this is one logical security system. Use the IRRDBU00 output from whatever system is considered "master".

Environment 3:

SYSA and SYSB have separate security databases, no RRSF.

  • Do not use a single shared tracking file!

    As long as separate security databases are in use, the only way to accurately track referenced or unreferenced items is by having one tracking file per security database. Report separately because these are two distinct security systems.