IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

RACF

Showing 206

Reset the PASSASIS flag in the user profile back to 0.

When changing the Global password setting to Mixedcase but then subsequently backing out the change for whatever reason to NoMixedcase leaves the PASSASIS flag as 1 and does not reset it back to 0. While on Mixedcase some users might have changed ...
about 1 year ago in z/OS / RACF 1 Not under consideration

Make PassTicket Java library thread-safe

The segmentation error may occur when calling IRRRacf.jar to generate a PassTicket in Java. This happens when a Java service is under heavy load and PassTickets are generated concurrently. Could you enhance PassTicket generation in Java to be thre...
about 1 year ago in z/OS / RACF 0 Future consideration

Add a set of return codes in RACF r_secmgtoper documentation for empty non-boolean character fields

r_secmgtoper does not validate a field that has no field data in it, and creates an ALTUSER racf command with an empty field. The field is not suffixed with parenthesis to indicate the absence of field data. If the call is made without an EXECUTE ...
about 1 year ago in z/OS / RACF 0 Future consideration

RACF Password Settings need to include Complexity, Examples: 1. To prevent the use of 3 repeating or sequential characters. 2. Avoid specific words such as User Name / Name of Service. 3. Prevent the use of passwords obtained from previous breaches.

Audit requires ability for specific Complexity settings as listed in my Idea above and beyond RACF specific Password settings. Examples: 1. To prevent the use of 3 repeating or sequential characters. 2. Avoid specific words such as User Name / Nam...
about 1 year ago in z/OS / RACF 1 Future consideration

avoid WTOR ICH304D like WTOR ICH302D with XFACILIT IRR.DENY.SPECIAL.USER.ADDITIONAL.PASSWORD.ATTEMPTS.APPL.appl-name.

Following APAR OA63091 (with XFACILIT IRR.DENY.SPECIAL.USER.ADDITIONAL.PASSWORD.ATTEMPTS.APPL.appl-name.) issue of WTOR ICH302D "ICH302D REPLY Y TO ALLOW ANOTHER ATTEMPT OR N TO REVOKE USERID userid." can be avoided. I propose to extend this behav...
over 1 year ago in z/OS / RACF 2 Not under consideration

RACF database recovery utility

In the case of primary database in error with no backup database, after restoring a copy from dump, maybe we have lost some updates. In System Programmer's Guide we can find the following text: Your database is probably back-level. To bring...
over 1 year ago in z/OS / RACF 1 Future consideration

Anticipating RACF profiles that reaching maximum size

IRR411I message indicates when a profile reached the maximum output size that RACF can handle (65 535 bytes), but it is not possible to know the real size of a profile at a given moment to anticipate this situation. Would it be possible to impleme...
over 1 year ago in z/OS / RACF 1 Future consideration

Provide a way to programmatically determine if the RACF database is locked.

RACF database maintenance routinely updates the RACF database. When IRRUT400 is running and has the database locked during database backups, this can cause problems with these updates. If it can be determined if the database is locked, the updates...
over 1 year ago in z/OS / RACF 1 Not under consideration

An AD to ESM mapping mechanism for objects and actions with a RESTful API interface

All of the front-end and orchestration tools work off Active Directory authorizations. There is no connection between any AD entitlements and the resources on the mainframe environment. To prevent a man in the middle attack there is a need to crea...
over 1 year ago in z/OS / RACF 1 Future consideration

A mechanism that uses RACF protected ids (and equivalent for other ESMs) without storing them off platform to ensure they are secure

The automation solution will use a series of privileged interactive service accounts to fulfil user requests. Any solution to protect those ids e.g. OTP, ssh key pairs, needs to use the ESM to store the security credentials, They must not be store...
over 1 year ago in z/OS / RACF 0 Future consideration

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.