Automatically removing unused connects

You can automatically generate the applicable remove commands to remove unused connects in a single step using the Access Monitor Remove Connects option (AM.8.3). Using the automated process offers several significant benefits:
  • Automatic generation of the remove commands based on user-specified selection criteria.
  • Automatic generation of a recovery command file to restore connects that have been removed if required.
  • You do not have to visually inspect every connect to be removed.
  • You can generate multiple remove commands in a single operation.
Note: zSecure Access Monitor does not collect access information for UNIX directories and files inside zFS and HFS files systems. RACF® connect groups that are only used for access to UNIX files are therefore not detected as being used. Such RACF groups are included in the command files for connect removal. Before running the generated commands, verify that no connections required for access to UNIX files are removed.

When you use the automatic connect removal process, USE level group-connections with default group-attributes that have not been used during the recorded period are deleted. The Advanced selection criteria allow selection on the connection of the user to the group and selection on the usage dates of the connect. In the absence of any selection criteria, all unused group connections are selected for deletion.

Note:
  • When using the automatic removal process, you must also specify a matching CKFREEZE file in the data sources that you specified using SETUP FILES (see SE.1 SETUP - Input files). Without a matching CKFREEZE file, either the recovery file might be incomplete, or the connect removal file might contain incorrect commands.
  • Automatic connect removal works only when exactly one RACF data source is selected in SETUP FILES. In the current implementation, it is not possible to create recovery files for multiple RACF databases. If more then one RACF data source is selected, an error message is issued.
  • When using a RACF database (either active or a copy) in option AM.8.3, you cannot access it through the zSecure server. If you must use the zSecure server, you can use only a zSecure UNLOAD file of the RACF database.

For details on generating the remove and recovery commands, see Generating remove (delete) and recovery commands.