Automating RACF Administration with PowerShell? Yes, I’m writing this post from the past as it is 2019 and certain technologies are not in my job description anymore like Faxing Solutions and Mainframe Administration. I guess its been one of those months. Recently I needed to automate some RACF Administration tasks. Naturally I wanted to perform this with my favourite scripting tool, PowerShell.
After much searching, I couldn’t find any references to anyone doing such a thing. Of course, its 2019 so who would need to do this? Anyway, I’ve come up with a solution that works for me, so I am posting it for anyone else that needs to reluctantly go down this path.
The key components are an x3270 client that supports scripting. Scripting with an HTTP daemon provides a rudimentary interface that allows orchestration from any language that can perform a web request, but in this post I detail using PowerShell.
To Telnet to a z/OS Host we can use any Telnet client. But ideally we want to use one that can connect and communicate using TN3270. There are serveral 3270 clients available but one of the most feature rich and open source is x3270. The Windows console version is wc3270.
The x3270 HTTP Scripting option provides the ability to send commands to the x3270 client via web requests. HTTP Rest support means we can then issue commands from anything that can make a web request. e.g PHP, Python, C# and my favourite PowerShell.
There are numerous sites providing documentation around RACF commands. If you haven’t had exposure to RACF or haven’t had to do it for 20 years, most of them are rather obtuse. One of the better sites summarising RACF commands is available from IBM here. It details all the common tasks you are probably looking to automate. Tasks such as User and Group administration.
An overview of the integration is provided below. The remainder of this post details each of these processes.
Download and install the wc3270 (Windows) client from the x3270 site here. I’m using the 64-bit Client so the installation path by default is c:\program files\wc3270
You will obviously need a RACF account to connect to z/OS that has the appropriate permissions to perform the tasks you are looking to automate. You will also need the FQDN or IP Address of the z/OS Host you are connecting to.
To start the wc3270 client and have it connect to your z/OS host in a mode that allows easy automation, use the command
wc3270 A:hostAddress|hostName -httpd localhost:port -trace -tracefile c:\tracefilepath
A list of the actions that can be sent via the HTTP Daemon are detailed in the x3270 Scripting Guide here. The key commands are;
e.g. http://127.0.0.1:6001/3270/rest/stext/query()
Success. We have connectivity from a Browser to the HTTP daemon to the wc3270 client to z/OS and back again.
How about providing login information that it is requesting? Below shows sending the text myUserID using
http://127.0.0.1:6001/3270/rest/stext/string(myuserID)
You will need to follow that up with ENTER to get the Password Prompt, submit your password and then Enter again and you will be logged on to your Mainframe. e.g
http://127.0.0.1:6001/3270/rest/stext/enter
http://127.0.0.1:6001/3270/rest/string(myPassword)
http://127.0.0.1:6001/3270/rest/stext/enter
To end the session, issue the Disconnect command.
http://127.0.0.1:6001/3270/rest/stext/disconnect
Now that we have the fundamentals in place lets automate this.
Here is an example PowerShell script to connect and list all users. There are a couple of functions that automate the tasks of;
and then the process of logging on and executing a command (Search CLASS (User)).
Update the beginning of the script with the details of your environment along with UserID and Password.
So, there you have it. Automating RACF Administration with PowerShell thanks to the x3270 Client along with the HTTP Daemon that allows us to utilise our favourite scripting tool to automate tasks on z/OS. Happy Mainframe scripting.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.
View Comments