Joined: 04 Feb 2022
Location: United States
|I need some help developing a solution to a bp request. We currently have an IBM DB2 table in Production which houses records of user IDs (human and nonhuman), systems they exist on, creation date, revoke status, installation data, etc. A RACF DB data dump is scheduled nightly on all lpars, all dumps are transferred to one Production system and consolidated into a master file which is then loaded into the table.
The bp has asked us to figure out a way to make this information "live" or as close as possible. my idea is to find a way to have the system cause an update in response to either a RACF revoke/resume command or system policy (too many invalid passwords triggering revoke).
My first idea was to have the bp request a specific ID to be updated and trigger a mass LU to all lpars, but that seems like a terrible way to manage this process.
My latest idea is to trigger a facility class addmem list to keep track of all revoked users, then a scheduled batch job to retrieve all facility class profiles to Production and update the tables based on the addmem list.
We own serveral Vanguard tools if that's a viable direction. I'm not looking for someone to completely solve this puzzle, but if anyone has any interesting ideas, I'm more than open to any possibilities which would send me down a research rabbit hole.
Thanks in advance!