Issuing DROP USER Before and After SDEL Execution
The first time you issue a DROP USER statement for a user identifier, the identifier is flagged for logical deletion. To delete all privileges associated with each logically deleted user, you execute the SDEL task in each system of the domain and against each dictionary in the system that contains security definitions. (The system dictionary and each application dictionary with an SQL catalog component contain security definitions.) Then you reissue the DROP USER statement to physically delete the user from the user catalog.
Note: If the SDEL task has been defined as an autotask and is invoked at startup, all dictionaries are processed if a logically deleted user is found. If SDEL is invoked manually, each dictionary must be processed separately.
For more information about the SDEL task, see the CA IDMS System Tasks and Operator Commands Guide.
If you physically delete a user before running SDEL on all systems, follow these steps:
Implicitly Revoking Privileges
When you drop a user, you implicitly revoke all privileges that have been granted to the user.
The following DROP USER statement removes the definition of user sue from the user catalog and removes user sue from any group to which user sue was assigned:
drop user sue;
|
Copyright © 2014 CA.
All rights reserved.
|
|