If you delete the generic profile or the resources that control enveloping in the RACFEVNT class (defined in Step 1), you disable enveloping. However, when you delete these resources, RACF® does not automatically delete your existing envelopes, nor can you directly delete them using the RACF commands. If you want to remove existing envelopes from user profiles to minimize the size of your RACF database, perform the following steps.

To temporarily disable enveloping, do not perform these steps. Instead, issue SETROPTS NOCLASSACT(RACFEVNT) NORACLIST(RACFEVNT). This command disables LDAP change notification and enveloping without removing existing envelopes. To resume enveloping, issue SETROPTS CLASSACT(RACFEVNT) RACLIST( RACFEVNT).

To temporarily disable enveloping without removing existing envelopes and without disabling LDAP change notification, follow only Step 2 of the following steps. However, before doing so, make note of the access list entries or consider copying the access list to a new profile for later use. For example, issue: RDEFINE RACFEVNT STASHPROF FROM(PASS*.ENVELOPE)

Perform the following steps to prepare RACF to systematically delete (during an interim time period that you determine) each existing envelope when the user's password or password phrase is changed. These steps show command examples using generic profiles. If you defined individual resource names when you implemented enveloping, modify the commands shown.