With CA Cleanup for ACF2, how long should a site wait before running the reports and cleaning up unused(unreferenced) objects?

Document ID : KB000100026
Last Modified Date : 21/06/2018
Show Technical Document Details
Introduction:

 
Question:
With CA Cleanup for ACF2, how long should a site wait to before running the reports and cleaning up unused(un-referenced) objects?
Answer:
CA recommends the following when using CA Cleanup for ACF2. 
  • Running the CA Cleanup main task all the time. Access from before the installation is unknown. 
  • Scheduling regular updates of the CA Cleanup database to keep it in synch with the CA ACF2 databases. This can be daily or weekly depending on the security system change. 
  • Performing the scheduled updates with the AT5#DBU utility *ALL* function. 
  • Waiting several months before removing unused security records CA Cleanup tracks unused. 
  • CA ACF2 database records over time and should run through critical processing periods such as month, quarter, and year end. 
  • Running the CA Cleanup reports without removing the unused security records to analyze the reports. This allows you to familiarize yourself with the reports and their capabilities. 
  • A phased approach to implementation. An attempt to cleanup all three CA ACF2 databases at one time produces an unmanageable number of obsolete security file entries. Begin with a small batch of CA ACF2 rule sets or logonids. 
Sites can wait a couple of months for the tracking data to build a base of tracking data and then run the reports to analyze the referenced and unreferenced security file entries(rules and logonids). Sites can always run the reports sooner to get a feel on how the security entries are being tracked for both referenced and unreferenced entries to fine tune the report parameters to obtain the desired tracking information.