Page 1 of 1

RACF User ID Management Question

PostPosted: Tue Oct 26, 2010 12:55 am
by spassx
Hello: I have a quick question: Is there a way to reconfigure RACF to not reuse a User ID that at any time was assigned to a person, even if the User account was deleted? Thank you.

Re: RACF User ID Management Question

PostPosted: Tue Oct 26, 2010 12:00 pm
by enrico-sorichetti
NO.
once a userid is deleted RACF forget about it....
if You have a forcing need of remembering past/gone userids
the only way is to just revoke them,
for a deeper cleaning delete all the segments and the groups associations
You will have lots of clutter in Your racf database anyway

the request seems a bit illogic from a good sense point of view
it would be like throw away the garbage and keep a copy of it

Re: RACF User ID Management Question

PostPosted: Tue Oct 26, 2010 6:04 pm
by spassx
Thank you.

Re: RACF User ID Management Question

PostPosted: Tue Oct 26, 2010 11:08 pm
by dick scherrer
Hello,

If your system currently allows a "new" user to "inherit" stuff from some previous user, you have a major security problem. . . Well, imho. . .

Many (most) systems that i've supported assign the "Next" id to a new user so there is no issue with re-using an "old" id. It simply isn't done.

Re: RACF User ID Management Question

PostPosted: Wed Oct 27, 2010 6:39 am
by steve-myers
Once a userid has been deleted it's completely gone. RACF has no way to remember the userid. Rather than delete userids, most sites REVOKE the IDs of the dearly departed (or possibly the not so dearly departed). This way the data sets and RACF access profiles related to the users do not also have to be deleted.