Hi Top-Secret Admins,
I'm busy to cleanup obsolet permissions and I find CLEANUP tool for eTrust Top Secret very useful for this task.
Nevertheless if a permission is not used for some time, it's not sure that the permission is not needed any more.
My consideration is, that if behind a particular (perhaps even 'masked') permission no ressource exists (any more), also the permission is very likely obsolet (except the ressource will exist (again) in the future).
For example: To check a "longer-not-used" permission to datasets, ISPF-LMDxxxx services can be used. If LMDINIT does not return datasetsname for a given pattern, this permission can be revoked with little-risk.....
- Does anyone have experience to check db2-ressources (e.g. DB2TABLE) and to cleanup permissions, if no ressource exists which corresponds to the pattern of the permission ?
- Are there tools to do this check?
- Could rexx+DSNREXX help to create a pragmatic solution?
- Is anybody interested to work together/share for a pragmatic solution?