IBM Mainframe Forum

Hello: I have a quick question: Is there a way to reconfigure RACF to not reuse a User ID that at any time was assigned to a person, even if the User account was deleted? Thank you.

NO.
once a userid is deleted RACF forget about it....
if You have a forcing need of remembering past/gone userids
the only way is to just revoke them,
for a deeper cleaning delete all the segments and the groups associations
You will have lots of clutter in Your racf database anyway

the request seems a bit illogic from a good sense point of view
it would be like throw away the garbage and keep a copy of it

Thank you.

Hello,

If your system currently allows a "new" user to "inherit" stuff from some previous user, you have a major security problem. . . Well, imho. . .

Many (most) systems that i've supported assign the "Next" id to a new user so there is no issue with re-using an "old" id. It simply isn't done.

Once a userid has been deleted it's completely gone. RACF has no way to remember the userid. Rather than delete userids, most sites REVOKE the IDs of the dearly departed (or possibly the not so dearly departed). This way the data sets and RACF access profiles related to the users do not also have to be deleted.