I am attempting to clean up my RACF DB of permissions that have not been used in a year.    I started with AM.3 (PERMIT) and I can run a report of permissions that have been used before but have no activity in a year.     But I also see permissions that have never been used that need to be cleaned up as well.   However using the TSO screens I can query on the create date of the profile.   But that does not help, since the profile could have been created years ago, and the permission was granted last week.   I don't want to delete recently provisioned access.

Do we have the ability on AM.3 to display the date the permission was granted to the profile?

Update 5/1/23:  Will still like a reply from IBM if possible if the solution for a permission create date already exists, however we think we have developed a process to take the profile in the Access Monitor data and "mine" the data in Command Logger to see if the permission was granted within x number of days to determine if the permission was granted recently.

------------------------------
Linnea Sullivan
------------------------------

Blunt answer: Nope.

RACF doesn't record the PERMIT date anywhere. You would indeed need to correlate with the CKXLOG or with the Command Verifier CAT(Command Audit Trail).
And sorry for the delayed response.