Managing user ID inactivity by using Carla

The following CARLa program identifies inactive user IDs through checking the last connect date of users. In this particular example, you test the “last_connect_date” field for last connect dates older than 100 days. The “last_connect_date” field stores the most recent date that the user ID entered the system by using a RACINIT (logging on with a password). In addition, you exclude some exceptions from the reporting, which become important when you perform the exercise.

CARLa program example:

Sample output:

Exercise:

The objective of this exercise is to identify inactive user IDs, revoke them, and place them under a central RACF administration group for later processing.

Use the CARLa sample shown above. Generate RACF commands to perform the following actions for user IDs that have a “last_connect_date” that is at least 90 days old.

Make sure that your commands are written to the CKRCMD work data set by using the FILE=CKRCMD or DD=CKRCMD specification.

1. Revoke the user ID.
    
2. Add the following text in the field installation data: “- Revoked due to none use -”.
    
3. Connect the user ID to RACF group DELETE with connect owner DELETE.
    
4. Change the default group and owner of the user ID to group DELETE.
    
5. Exclude any user IDs with a default group of OMVSGRP.

Sample output of the generated RACF commands:

 

 

View Suggested samples and answers

 

Continue with Deleting inactive IDs

 

© Copyright IBM Corp. 2012, 2020

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.