IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS
Categories RACF
Created by Guest
Created on Mar 6, 2018

RELATED IDEAS

Interface for RACROUTE-Calls from REXX/Cobol/PLI

Need for a standard interface for RACROUTE-Calls, to check authorizations for datasets and resssources from 3GL-Languages like Cobol, PL/I or REXX or even Java.

Implementation in different ways:
- checking for own authorizations
- checking the authorization of another user (should be authorized with SURROGAT-checking)
- checking with/without SMF-writing

Idea priority Low
  • Guest
    Reply
    |     Jun 7, 2023
    This item is a valid requirement but unlikely to be given high enough priority to be placed into the product plan. If this requirement is high value, please re-open it, or open a new requirement.
  • Guest
    Reply
    |     May 16, 2018

    Thank you for the response. We understand and agree with the requirement. Implementation is not committed. One possibility is providing a callable service that could be invoked from a high-level language and/or provide a java front-end.

  • Guest
    Reply
    |     May 1, 2018

    yes, the program runs APF-authorized from a linklist-library, but do not ask me, if in supervisor-state or with system key, I don't know it. The z/OS system-programmer did the programming.
    For checking the access-right for another userid there is used USERID=. We use it for checking the right of a technical user, witch is used for the process.
    So we need the interface in different ways:
    - evaluate the own access right to a specific profile with a specific access-level without logging (maybe you can check the application-data of the profile, if this profile is allowed to be checked without logging)
    - evaluate the own access-right to a specific profile with a specific access-level with normal logging
    - evaluate the access-right to a specific profile with a specific access-level for another userid (this should include an additional check for an surrogat-right for the foreign userid)
    Hopefully this will answer your questions.

  • Guest
    Reply
    |     Apr 30, 2018

    Thank you for the response. As you mention checking access 'without error message', we presume you are referring to the LOG=NONE option on RACROUTE VERIFY. Is your program running APF-authorized, system key 0???7, or in supervisor state? That is required for that option. Similarly, remember a program must be running authorized to check the access of another user (VERIFY ACEE= or USERID= parameters). Is that your intended usage?

  • Guest
    Reply
    |     Apr 20, 2018

    We habe 2 different kind of profiles in our own class.
    One type of profile are used inside ISPF-Panels with PANEXIT to control the visibility of information on the panels. For this kind of Access-Checking we need only the check-function of RACROUTE VERIFY, without writing error-Messages.
    The other profiles control the right to do something in the application. The Application is written in Cobol, parts are written in PLI.
    We use an assembler-programm with parameters for class, profile, access-right and type.
    We want to add some new functionality, probably written as an web-application in java. Therefore I mentioned Java too.
    The main-application is still Cobol, PLI and ISPF. So we still need it for old-fashioned Host-Applications.

  • Guest
    Reply
    |     Apr 16, 2018

    Thank you for submitting this requirement. Since you mention java, are you aware of class PlatformAccessControl ? Would this satisfy your requirement?
    https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.0.0/com.ibm.java.zsecurity.api.70.doc/com.ibm.os390.security/com/ibm/os390/security/PlatformAccessControl.html

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.