RACF Administration, Reporting, and Custom Programming

Streamline RACF® reporting, application writing, and custom administration while automating the entire security administration process with ERQ.

What is ERQ?

Enhanced RACF Management

Today’s enterprise data centers trust the IBM® Z mainframe to process millions of transactions per day and the IBM Resource Access Control Facility (RACF) to manage user access to critical resources. While these provide a strong foundation for data and user management, utilizing them requires a specific skillset acquired over a lengthy amount of time with a great deal of training. With a limited number of personnel to manage complex RACF administration, ensuring information is protected from unauthorized disclosure, modification, or destruction – an essential component of data security – becomes even more of a challenge. ERQ: Easy RACF Queryprovides seasoned and novice RACF users a more streamlined and comprehensive approach to commanding their RACF than the use of RACF alone would allow.

Automate RACF, Maximize Resources

As a sister solution of ERA, ASPG’s RACF security risk assessment and auditing tool, ERQ provides custom security administration, reporting, and application writing for RACF. While ERA creates a decipherable repository of RACF security-related events for auditing purposes, ERQ allows an end user to automate and simplify the entire RACF administration process by effortlessly navigating, issuing commands, assigning delegations, and running reports on both the live and archived RACF database.  Automating recurring administration functions allows for greater compliancy adherence, identity governance, system security, process efficiency, and maximization of IT resources and personnel. Through the utilization of ERQ, end users are able to harness the full power of RACF despite limited output resources and RACF knowledge.

Download Product Brochure

ERQ Benefits


    Complement or replace standard third party reporting and administration packaged solutions


    ISPF variables & tables provide front-end for command procedures


    Write applications without needing a systems programmer or knowing CARLa or COBOL


    Easily write custom procedures and applications in CLIST and REXX


    Directly interface with IBM’s Health Checker and homegrown health check systems and reports to diagnose RACF issues


    API interface allows for quick, easy creation of custom RACF applications


    Process Residual IDs and easily ALTER, CLONE, DELETE, LIST and/or REPLICATE profiles


    Dynamically swap among up to four sets of RACF data to generate robust reports


    RACF information stored in a VSAM database for convenient access and for input for ERQ services


    List parsing for access to real-time RACF profile information without needing to utilize additional module functions or exec logic


    Format, edit, and execute RACF commands without hard coding in CLIST or REXX procedures or using ISPF skeleton members


    Supports newest IBM Z mainframe password rules and additional password characters outlined in APAR OA43999

How it Works

Manage, Delegate, Generate, Report

ERQ is an ISPF-driven solution which enhances RACF’s native functionality, particularly its delegation and authorization capabilities. RACF administration is simplified through ERQ’s ability to quickly and easily manage user IDs, delegate user privileges, generate complex commands, and run customized reports. ERQ builds all the necessary commands to carry out a desired function before presenting them to the user for optional editing and simple execution via the RUN command. These line commands include key functionalities, such as CLONE, DELETE, LIST, REPLICATE, CHANGE OWNER, CHANGE NOTIFY, REMOVE NOTIFY, AND REMOVE CONNECTION, and can be executed with a single key stroke. Commands can be manually or automatically executed, and ERQ administrators may format, edit, or execute commands without requiring ISPF skeleton members or hardcoding in CLIST and REXX procedures. Support for Universal Groups and PROTECTED or RESTRICTED user attributes is available, as well as the processing of Residue IDs.

Efficient Administration for Improved RACF Health

In addition to fully utilizing RACF’s functionality, ERQ’s assists with eliminating RACF database clutter and vulnerabilities created from inefficient or inexperienced administration of RACF. Cleaning and tailoring the RACF database improves efficiency and security by helping to ensure the data managed by RACF does not include orphaned references to unused items in the database. Assisting with this issue is ERQ’s RACF Health Checker which integrates with IBM’s Health Checker for z/OS as well as homegrown health checker systems to assist system operators with the discovery and diagnosing of RACF issues. Once issues are identified, clean-up tasks are streamlined with the click of a button thanks to ERQ’s comprehensive administration.

ERQ’s seamless integration, straightforward interface, and in-depth analysis make it the tool of choice for RACF administration and reporting.

Who Uses ERQ

RACF to the Power of Easy

ERQ enables administrators to write custom applications and procedures more efficiently while allowing parties other than systems programmers and administrators to utilize these customizations with little to no training. ERQ provides a library of sample executable applications that the user can easily modify to fit their environment’s needs with requiring knowledge of sophisticated programming languages, such as CARLa, CARLa Auditing and Reporting Language, and COBOL, Common Business Oriented Language. In fact, ERQ operators no longer need to memorize, look up, or store complex RACF commands as ERQ allows for easy formatting, editing, and executing of customized RACF commands in real-time.

Decades of Expertise in One Product

Designed and developed for RACF administrators by RACF administrators with decades of continuous hands-on experience, ERQ includes all of the online functions necessary to automate the entire security administration process, including many options not found in other third party tools.  Without ERQ, the multitude of tasks faced daily by RACF administrators would greatly impact productivity, particularly when considering temporary employees and third parties who also have IDs. ERQ’s thorough reporting features greatly assist with security and compliance administration tasks as well, with standard reports covering users, groups, connects, data sets, and resources. By utilizing ERQ, your organization can rest assured a qualified RACF operator is always readily available should a security priority arise since RACF-related tasks can be managed by a larger group of end users. 

Quickly and easily generate customizable reports to assess and audit RACF events, and easily identify RACF security violations and security-related changes with ERA.


Interested in trying ERQ? Request a free trial today.

Request Trial
arrow drop cross