It only took me 30 minutes to do so!
I was creating some RACF definitions for a product, and being a good citizen,I wanted to have a script which cleans up after me, and deletes anything I defined. This all worked fine, except for trying to delete a RACF group. For example
DELGROUP PKIGRP3
IKJ56702I INVALID GROUP, PKIGRP3
ADDGROUP PKIGRP3
IKJ56702I INVALID GROUP, PKIGRP3
Hmm the message is not helpful – PKIGRP3 >IS< valid.
IKJ56702I INVALID invalid data
Explanation: The user entered invalid data.
I had a mini project to find out why it was not being deleted. If I list the group it gives
LG PKIGRP3
INFORMATION FOR GROUP PKIGRP3
SUPERIOR GROUP=SYS1 OWNER=COLIN CREATED=21.315
NO INSTALLATION DATA
NO MODEL DATA SET
TERMUACC
NO SUBGROUPS
USER(S)= ACCESS= ACCESS COUNT= UNIVERSAL ACCESS=
IBMUSER USE 000000 NONE
CONNECT ATTRIBUTES=NONE
REVOKE DATE=NONE RESUME DATE=NONE
If I remove the userid from the group the delete group works
REMOVE IBMUSER GROUP(PKIGRP3)
READY
DELGROUP PKIGRP3
READY
Easy when you know why.
Having to remove all of the users from a group before deleting the group means I cannot just have code to delete the userids I had created, and delete the groups I created. I’ve raised an RFE on this.
ColinPaice 