Hi David,
there might be a hybrid solution that you might want to check out for bulk deleting user IDs with zSecure.
When you use option RA.U, you can specify the search arguments/filters that select the target user IDs that you want to 'bulk delete' using a batch job. When you enter appropriate selection filters, the display shows all user IDs that fit your filters in ISPF format.
Next, you can put a block delete line command "DD" in the first and last line of your list of selected user IDs to indicate that you want to delete all user IDs within the DD-block. If applicable, you can also use multiple DD-blocks and single D commands to delete single user IDs from your selection list like so:
On the next 'User Delete' panel, you can specify whether you also want to delete the resources (data sets, dataset profiles, RACF variables, catalog entries, etc.) that are associated with the user IDs that you want to delete.
After pressing Enter, you return to your user ID selection overview report. In the top right corner of your display, you see the message "Queued in CKRCMD". When you press F3, you access your CKRCMD work data set that contains the generated commands to delete the user IDs (and optionally their resources when you opted to also delete these resources). I would suggest that you eyeball the generated commands prior to issuing the "SUB" or "SUBMIT" command in the command line to generate a batch job to delete the user IDs.
Before deleting the user IDs, you might also want to create a RACF backup copy or zSecure Unload data set that can be used to recreate a user ID when there is a need to rebuild a user ID that you deleted.
Just my 2 cents.
------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
------------------------------
Original Message:
Sent: Mon February 19, 2024 02:12 PM
From: David Low
Subject: RA.4.4 Delete user via batch
We are migrating to RACF and zSecure and looking for a batch delete user solution. I'm aware of RACF utility IRRRID00 but I'm wondering if I can utilize zSecure instead. Is it possible to access some of the built-in product features such as RA.4.4 via batch job? I've searched around in CKR.SCKRCARL library but haven't found anything.
------------------------------
David Low
------------------------------