Restore a USER or GROUP that is in the process of being deleted

Document ID : KB000024838
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

In a CA IDMS system, Users and Groups can be defined in the catalog for internal security validation. They can be added & deleted; the deletion is a multi-step process.

Question: 

If you have started deleting a user or group from the catalog, and realize you need to restore their functionality, how can that be done?

Environment:  

This applies to any CA IDMS CV in an operating system.

Answer: 

The process to delete a USER or GROUP from the CA IDMS system is three steps:

  1. DROP USER/GROUP in OCF or with an IDMSBCF job. 
  2. Run SDEL. 
  3. DROP USER/GROUP again.

If it is realized after the first DROP step that it was done in error, or that the wrong USER or GROUP was deleted, it is possible to effectively restore the USER or GROUP. There is no way to undo the deletion, or to reverse that process. That USER or GROUP is now considered "logically deleted" and when SDEL runs it will delete all privileges associated with the USER or GROUP.

However, if you do the second DROP and then CREATE USER/GROUP again before the SDEL, the new definition will automatically re-inherit all of the privileges granted to the USER or GROUP originally. That will save the time and effort of re-granting all of desired privileges.

Additional Information:

Syntax for adding and deleting Users & Groups can be found in the IDMS Security Administration Guide.

 

 Details about the SDEL command can be found in the CA IDMS System Tasks and Operator Commands Guide.