With CA Cleanup for ACF2, how long should a site wait before running the reports and cleaning up unused(unreferenced) objects?
Document ID :
Last Modified Date :
Show Technical Document Details
CA Cleanup for ACF2
Agent Technology for z/OS and OS/390:AWAGNT
With CA Cleanup for ACF2, how long should a site wait to before running the reports and cleaning up unused(un-referenced) objects?
CA recommends the following when using CA Cleanup for ACF2.
Running the CA Cleanup main task all the time. Access from before the installation is unknown.
Scheduling regular updates of the CA Cleanup database to keep it in synch with the CA ACF2 databases. This can be daily or weekly depending on the security system change.
Performing the scheduled updates with the AT5#DBU utility *ALL* function.
Waiting several months before removing unused security records CA Cleanup tracks unused.
CA ACF2 database records over time and should run through critical processing periods such as month, quarter, and year end.
Running the CA Cleanup reports without removing the unused security records to analyze the reports. This allows you to familiarize yourself with the reports and their capabilities.
A phased approach to implementation. An attempt to cleanup all three CA ACF2 databases at one time produces an unmanageable number of obsolete security file entries. Begin with a small batch of CA ACF2 rule sets or logonids.
Sites can wait a couple of months for the tracking data to build a base of tracking data and then run the reports to analyze the referenced and unreferenced security file entries(rules and logonids). Sites can always run the reports sooner to get a feel on how the security entries are being tracked for both referenced and unreferenced entries to fine tune the report parameters to obtain the desired tracking information.
Was this information helpful?