IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

RACF

Showing 211

Adding message indicates certificate replacement.

If RACDCERT ADD was issued against an existed certificate with same public key, it causes that your old/existing certificate to be replaced with the new one.But the output of RACDCERT ADD command doesn’t contains any info to indicate the replaceme...
over 2 years ago in z/OS / RACF 1 Future consideration

Improve Health Check for RACF_CERTIFICATE_EXPIRATION

We run ISKLM server on z/OS to maintain tape encryption keys. Expired certificates should stay in then keyring until they are not used anymore. Expired certificates possibly stay a long time in the keyring. RACF_CERTIFICATE_EXPIRATION becomes seve...
about 2 years ago in z/OS / RACF 2 Future consideration

Provide mechanism to view security environment of every address space in System.

Need utility to view security environment of address spaces. This should include as a MINIMUM the RACF user assigned to the address space.However, other items such as the readable items in the ACEE, atrributes (SPECIAL, OPERATIONS and so on), POE,...
over 2 years ago in z/OS / RACF 1 Not under consideration

Enhance SERVAUTH EZB.PORTACCESS SAF checks to capture the name of the REAL program calling for the port in an 80 record & ICH408I message

When something is abusing the port finding the calling program is not always that easy. So I think it should be possible for z/OS Comm Server itself to record that informaiton somewhere in the type 80 record. It would also be beneficial to add it ...
6 months ago in z/OS / RACF 1 Not under consideration

An AD to ESM mapping mechanism for objects and actions with a RESTful API interface

All of the front-end and orchestration tools work off Active Directory authorizations. There is no connection between any AD entitlements and the resources on the mainframe environment. To prevent a man in the middle attack there is a need to crea...
over 1 year ago in z/OS / RACF 1 Future consideration

Enhance IRRXUTIL/R_admin to support DIGTCERT/DIGTCERT

I would like to see the R_admin/IRRXUTIL interface enhanced to support the "non-standard" RACF classes DIGTCERT and DIGTRING, this would allow administrators to extract all digital certificate info using IRRXUTIL without needing to rely on using I...
over 1 year ago in z/OS / RACF 4 Not under consideration

Missing RACF Statistic (last connect date) when logging on with SESSION=OMVSSRV and SESSION=APPCTP

We need to monitor, if RACF users are active. So we verify the last connect date of user's default group every night. When last connect data is older than nn days, our night job will revoke this user profile. If the user still needs this profile, ...
about 3 years ago in z/OS / RACF 1 Future consideration

RACF Granular Control for encryption of basic and large format datasets

Allow RACF Dataset Profiles with an encryption key in the DFP segment to provide a flag for whether basic or large format datasets should be encrypted.
over 3 years ago in z/OS / RACF 0 Future consideration

List all SEGMENTS from LISTUSER or LISTGRP command

Using RACF Commands LISTUSER and LISTGRP there is no way to list all the segments on the User ID or Group without listing each segment name on the command. The request is to allow the use of ALL on the LISTUSER or LISTGRP command to list all segme...
over 3 years ago in z/OS / RACF 2 Not under consideration

Prevent the user to activate all RACF cdt classes trying to list the active options

The way RACF is designed today, it doesn't allow an user to filter sort of options it has in effect. For example, if I want to list only the active classes, there isn't a filter for that suggesting I should use SETROPTS LIST to list everything. Th...
over 4 years ago in z/OS / RACF 4 Not under consideration

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.