Summary of steps for deleting groups

This summary presents the steps required by RACF® and related IBM® licensed program products to delete groups from RACF. Your installation might require additional steps, depending on your security policy and the products you have installed.
  1. Determine if the group is a universal group by using the LISTGRP command, and look for the UNIVERSAL attribute.
  2. If the group is not a universal group, use the output of the LISTGRP command to list the members and remove them from the group.

    You can use the REMOVE command to do this. If the user is the owner of any group data set profiles, specify the new owner on the OWNER operand of the REMOVE command. Before removing a user from the user's default connect group, you must first connect the user to a new group (CONNECT command), and then change the user's default connect group to the new group (ALTUSER command).

  3. If the group is a universal group, use the remove ID utility (IRRRID00) to remove all members from the group.

    The LISTGRP command might not list all members of a universal group. For information, see Processing universal groups

  4. Find all data sets associated with this group (that is, the group name is the high-level qualifier of the data set name) and perform the following steps:
    1. Delete or rename (with a new high-level qualifier) the group's group data sets. If you rename or delete a data set that is protected by a discrete profile, the discrete profile is also renamed or deleted.

      Tip: You can do this using the DATA SET LIST utility of ISPF.

    2. Identify all of the remaining (generic) data set profiles, create new ones modeled on them if needed, and delete the remaining profiles.

      Important: Make sure that you do not delete an old profile unless it is no longer needed.

      Tips:
      1. You can use the following SEARCH command to identify the group's data set profiles: 
        SEARCH MASK(groupname.) CLIST('LISTDSD DA(' ') ALL')

        As specified, the CLIST operand generates a CLIST that you can run to list all of the information in the data set profiles. This can help you assess whether to use the profiles as models.

      2. You can use the FROM operand on the ADDSD command to create new profiles modeled on the old profiles.
  5. To research the following steps, use the IRRRID00 utility to list the occurrences of the group name in the RACF database. For information, see Using the RACF remove ID (IRRRID00) utility.
  6. For each subgroup of the group to be deleted, change the subgroup's superior group to an existing group. 
    ALTGROUP subgroupname SUPGROUP(new-superior-groupname)
  7. If the group is the owner of any profiles (the group's group name was specified on the OWNER operand), change the owner of the profiles to a new group or user.

    Tip: Use the appropriate command for changing profiles, such as ALTUSER, ALTGROUP, ALTDSD, or RALTER.

  8. Remove the group from any access lists in which the group's group ID is specified.

    Tip: Use the DELETE operand on the PERMIT command.

  9. After all occurrences of the group name are deleted from the RACF database, use the DELGROUP command to delete the group profile.