Manage Group Usage with RACF

Two methods are available to determine the RACF Groups that a user needs.
cleanup121
Two methods are available to determine the RACF Groups that a user needs.
First, each RACF Group within the tracking database includes a USERLIST record. The USERLIST record identifies:
  • Every user who is connected to a Group
  • Date last used
  • Active Users
Second, each user within the tracking database includes:
  • A GROUPS record. This record identifies every group that is connected to the user.
  • Date of last use
  • Active groups
Example: Group Usage
In this example, user ASTRO2 has three connected Groups. Only the MARSPROF Group has been used. The Groups do not have to be monitored.
REFDATE USERID CLASS NAME ------- -------- -------- ---------------------------- 03321 MARSPROF GROUP MARS GROUP MARSPROF USERLIST ASTRO1 ASTRO2 03321 ASTRO3 03321 ASTRO2 USERID ASTRONAUT 2 ASTRO2 ROUPS STARPROF MARSPROF 03321 SUNPROF
Example: Universal Usage
When the UNIVERSAL attribute is assigned to a Group profile, users with a default connection (connect to the group with USE authority and no connect attributes) are no longer stored in the Group profile. Only users that have a connect attribute like group-SPECIAL, group-OPERATIONS, or a connect authority that exceeds USE are stored in the Group profile. CA Cleanup for RACF tracks Universal Groups for members that are explicit members within that group. This tracking includes only those users with the attributes like group-SPECIAL, group-OPERATIONS, or a connect authority that exceeds USE. General users that only have the USE attribute are not explicit members in a Universal Group, so are not tracked.