A standardized JSON interface for RACF that enables seemless exploitation by programming languages that have a foreign language interface for C/C++ and native JSON support.

Description

As automation becomes more and more prevalent, the need to manage the security environment programmaticaly increases. On z/OS that means managing a security product like the IBM Resource Access Control Facility (RACF). RACF is the primary facility for managing identity, authority, and access control for z/OS. There are more than 50 callable services with assembler interfaces that are part of the RACF API. The complete set of interfaces can be found here.

While there are a number of languages that can be used to manage RACF, (from low level lnaguages like Assembler to higher level languages like REXX), the need to be able to easily exploit RACF management functions using existing indurstry standard programming languages and even programming languages that don't exist yet is paramount. The SEAR project is focused on making RACF management functions available to all programming languages that have native JSON support and a foreign language interface for C/C++. This will make it easier to pivot to new tools and programming languages as technology, skills, and business needs continue to evolve in the forseeable future.

Minimum z/OS & Language Versions

All versions of z/OS and the IBM Open Enterprise SDK for Python that are fully supported by IBM are supported by SEAR.

• z/OS Product Lifecycle
• IBM Open Enterprise SDK for Python Product Lifecycle

Dependencies

• R_SecMgtOper (IRRSMO00): Security Management Operations.
  • More details about the authorizations required for IRRSMO00 can be found here.
• R_Admin (IRRSEQ00): RACF Administration API.
  • More details about the authorizations required for IRRSEQ00 can be found here.
• RACF Subsystem Address Space: This is a dependency for both IRRSMO00 and IRRSEQ00.
  • More information can be found here.
• z/OS Language Environment Runtime Support: SEAR is compiled using the IBM Open XL C/C++ 2.1 compiler, which is still fairly new and requires z/OS Language Environment service updates for runtime support.
  • More information can be found in section 5.2.2.2 Operational Requisites on page 9 in the Program Directory for IBM Open XL C/C++ 2.1 for z/OS.

Installation

💡 Note: You can also Download & Install SEAR from GitHub

python3 -m pip install pysear

Build from source

Alternatively to installing from Pip, SEAR can be built from source on a z/OS system. SEAR uses a CMake build system, and can be built via a two-step process.

First, configure the build environment:

cmake -S . -B build --toolchain cmake/ibm-clang.cmake

This will generate the build environment in a directory named build. Then the project can be built:

cmake --build build

Build artifacts are located within the build directory.

Help

• GitHub Discussions

Maintainers

• Bobby Tjassens Keiser
• Emma Skovgård

Authors of RACFu

This is a fork of RACFu

• Leonard Carcaramo: lcarcaramo@ibm.com
• Elijah Swift: Elijah.Swift@ibm.com
• Frank De Gilio: degilio@us.ibm.com
• Joe Bostian: jbostian@ibm.com