Based on our development setup and recent findings regarding the IBM ADDI component, we have identified several areas where enhanced automation capabilities would significantly improve our onboarding process and overall user experience:
1. RBAC and Workspace Management:
Currently, Role-Based Access Control (RBAC) for Active Directory groups is applied at the workspace level. To align with our security model—where users should only access ADDI projects corresponding to their GitHub repository permissions—we require a one-to-one mapping between application code and ADDI workspaces. This necessitates the creation of a separate workspace for each application codebase. As confirmed by IBM support, workspace creation is only possible via the administrative GUI and is not automatable at this time. Given that we have over 600 mainframe applications (with the potential for ongoing growth), manual workspace creation is not scalable.
2. Initial Installation and Configuration:
The initial installation of ADDI is a manual process. While some aspects of subsequent installations can be semi-automated using a configuration file generated from the first install, critical steps such as database setup and configuration still require manual intervention through the GUI.
3. Cross-Application Analysis:
Our use case also requires the ability to perform cross-application analysis outside of a single workspace, which is currently limited by the workspace-centric design.
4. Encoding Support Beyond CP1252 for Mainframe/EBCDIC source codes in IBM ADDI:
We have observed that the product currently requires files to be in Windows-1252 (CP1252) encoding for successful processing and analysis. This presents a significant challenge, as mainframe solutions primarily use EBCDIC encoding for source code and copybooks. The need to manually convert EBCDIC-encoded files to CP1252 introduces additional steps, increases the risk of data loss or corruption, and complicates automation and onboarding processes. This is especially impactful at scale, where hundreds or thousands of files may be involved.
Request: We formally request that IBM consider enhancing ADDI to fully support:
Full automation of workspace creation and configuration (including RBAC assignment) via API or CLI.
Fully scriptable and automatable installation and configuration processes, including database setup.
Improved support for cross-application analysis that is not restricted by workspace boundaries.
Enhance ADDI encoding support to natively handle EBCDIC-encoded files, or at minimum, provide robust and automated conversion utilities as part of the onboarding workflow. This would align the product more closely with mainframe systems, reduce manual intervention, and improve the overall user experience for mainframe development teams.
5. Currently, System Admin Access is not supported at our organization as it's a highest privilege access on SQL Server Database. It's considered a risk and we need a different DB permission to support ADDI at scale with least privileges required possible. Create Database for each ADDI project won't be allowed for platform teams managing ADDI as Create is a permission only DBA's can execute.
These enhancements would enable us to onboard applications at scale, maintain security alignment with our GitHub RBAC model, and provide a more seamless experience for end users.
6. Password should be encrypted in the Dex file used for ldap and client connections. It's currently in plain text.
7. To support automations, ADDI Build/Config CLIs should provide clear logs when the process is executing. The behavior is not consistent with the UI as when using CLIs for automation no logs appear so it's difficult to troubleshoot, diagnose any issues. This stops from achieving multiple users building simultaneously.
8. When doing a sync from the mainframe for the common datasets, copybooks etc. using build config there should be some logic to only partial sync what is not available not resync everything completely. This is as because of the volume of datasets it's cpu intensive and doesn't finish the process completely while rewriting everything as pe the current logic.
Please let us know if further details are needed, or if there are any existing solutions or workarounds we may have overlooked.
Please share with us the timeline for product enhancement as soon as they are available.
Thank you.
