Enabling use of archived KDS records

Records in the CKDS, PKDS, and TKDS can be marked as archived. A service request to use the key material of an archived record will fail and an SMF 82 audit record is then logged. The administrator, in an effort to remove unused records from the key data sets, may mark records that appear to have not been used in a long time as archived.

To prevent an application failure due to a rarely used label being marked as archived, the administrator can enable the Key Archive Use control. All service requests using archived records succeed and a SMF 82 record is logged. The administrator can check the SMF records for archived records that have been used. The administrator can also cause a joblog message to be issued by enabling the KEYARCHMSG control in the options data set.

For example, to enable the key archive use control for all key data sets, enter the following commands:
RDEFINE XFACILIT CSF.KDS.KEY.ARCHIVE.USE
SETROPTS RACLIST(XFACILIT) REFRESH