For a very long time mainframe was a monolith and ACF2 (or any other ESM) just was a standalone entity managed by ACF2/mainframe specialists.
In the last years things have changed a lot, mainframe became an integrated server in our IT environment and is no longer the monolith it used to be.
Nowadays users are typically managed by Identity management products. Somehow these products need to interact with your ESM. SCIM is very popular but unfortunately it is "not that easy" to use SCIM to manage ACF2 users.Wouldn't it be nice to have a standard SCIM interface to mainframe? At least I think it would.Modernization is important (let's be honest, sometimes mainframe does have a PR problem) and so is integration (let's talk the same language across different platforms).
When it comes to interfacing with ACF2 we are used to do assembler programming.But (at least in our company) assembler programmers are scarce (we only have a handfull of them), on the other hand we have a small army of PL/1 programmers. So we decided to convert our ASM programs to PL/1 whenever it is possible. However, we noticed that even newer functionalities (like XROL/XROLTB) are only available for assembler, so at least for us that's a bit unfortunate.
In addition to that it is not that easy to use the APIs in PL/1 without any samples, so it is a bit of trial and error.
(I would be very grateful if someone could share some Cobol or PL/1 sample to obtain a userid/list of userids).
Moral of the story : 1. make it easier to integrate MF as part of your company security landscape (with industry standards like SCIM) 2. make it easier to interact with ACF2 (APIs should be well documented, with samples and not only in assembler)