Implementing Cleanup for Top Secret : The First Steps

Document ID : KB000055201
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following document discusses the planning stage after installing and activating Cleanup for CA Top Secret.

Solution:

You have just installed and activated Cleanup for CA Top Secret. What next?

Cleanup tracks unused security records over time. We recommend waiting a minimum for 30 days before removing unused security records. In the meantime, Cleanup reports can be set up and run without removing the unused security records.

  1. Create a report for PROFILEs

  2. Create a report for Acids

  3. Create a report for Resources

An attempt to clean up an entire security file at one time will produce an overwhelming and unmanageable number of obsolete security file entries. Therefore, a phased approach is recommended. These reports will help you plan a phased approach.

The sample JCL below will report on all profiles that have been unreferenced for 15 days via PARM='UNREF=15'

//S1 EXEC PGM=ETCL#RPT,REGION=4M,PARM='UNREF=15'
//DBASE DD DISP=SHR,DSN=CAI.ETCL.DB
//*
//SYSPRINT DD SYSOUT=*
//SORTWK01 DD UNIT=3390,SPACE=(CYL,15)
//SORTWK02 DD UNIT=3390,SPACE=(CYL,15)
//INCLUDE DD *
CLASS(PROFILE) NAME(*)
/*

The sample JCL below will report on all acids that have been unreferenced for 15 days via PARM='UNREF=15'.

//S1 EXEC PGM=ETCL#RPT,REGION=4M,PARM='UNREF=15'
//DBASE DD DISP=SHR,DSN=CAI.ETCL.DB
//*
//SYSPRINT DD SYSOUT=*
//SORTWK01 DD UNIT=3390,SPACE=(CYL,15)
//SORTWK02 DD UNIT=3390,SPACE=(CYL,15)
//INCLUDE DD *
CLASS(USERID) NAME(*)
/*

The sample JCL below will report on resources that have been unreferenced for 15 days via PARM='UNREF=15'.

//S1 EXEC PGM=ETCL#RPT,REGION=4M,PARM='UNREF=15'
//DBASE DD DISP=SHR,DSN=CAI.ETCL.DB
//*
//SYSPRINT DD SYSOUT=*
//SORTWK01 DD UNIT=3390,SPACE=(CYL,15)
//SORTWK02 DD UNIT=3390,SPACE=(CYL,15)
//INCLUDE DD *
CLASS(resourceclass) NAME(*)
/*

These reports should be run on a periodic basis for tracking and comparison purposes. Comparing them will show that Cleanup is working.

Since Cleanup was just installed, there will not be enough sufficient tracking information for a 90, 180 or 365 day report. So, the 'UNREF=nn' should be updated each time with the number of days since Cleanup was activated, until you have enough tracking information. This will allow to you familiarize yourself with creating reports and its output.

Each report may be a considerable size. Grouping the Profiles, Resources and Userids into smaller groups via the CLASS control card sub-parameter NAME is recommended.

The sample JCL below will report on resources that belong to the OTRAN resource class that start with 'CE' and have been unreferenced for 15 days.

//S1 EXEC PGM=ETCL#RPT,REGION=4M,PARM='UNREF=15'
//DBASE DD DISP=SHR,DSN=CAI.ETCL.DB
//*
//SYSPRINT DD SYSOUT=*
//SORTWK01 DD UNIT=3390,SPACE=(CYL,15)
//SORTWK02 DD UNIT=3390,SPACE=(CYL,15)
//INCLUDE DD *
CLASS(OTRAN) NAME(CE)
/*

The sample JCL below will report on all PROFILEs that start with 'SYS', which are system programmers Profiles that have been unreferenced for 15 days.

//S1 EXEC PGM=ETCL#RPT,REGION=4M,PARM='UNREF=15'
//DBASE DD DISP=SHR,DSN=CAI.ETCL.DB
//*
//SYSPRINT DD SYSOUT=*
//SORTWK01 DD UNIT=3390,SPACE=(CYL,15)
//SORTWK02 DD UNIT=3390,SPACE=(CYL,15)
//INCLUDE DD *
CLASS(PROFILE) NAME(SYS)
/*

The sample JCL below will report on all acids that start with 'ABC' that have been unreferenced for 15 days via PARM='UNREF=15'.

//S1 EXEC PGM=ETCL#RPT,REGION=4M,PARM='UNREF=15'
//DBASE DD DISP=SHR,DSN=CAI.ETCL.DB
//*
//SYSPRINT DD SYSOUT=*
//SORTWK01 DD UNIT=3390,SPACE=(CYL,15)
//SORTWK02 DD UNIT=3390,SPACE=(CYL,15)
//INCLUDE DD *
CLASS(USERID) NAME(ABC)
/*

This approach will assist in the planning of a phased clean up of the security file. By breaking up the unused security records into smaller groups, the clean up of the security file will be more manageable. This allows for testing after each phase and quick recovery, if necessary.

Please see the Cleanup for CA Top Secret Implementation Guide for more details about reporting program ETCL#RPT.