Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace z/OS
Categories ICSF
Created by Guest
Created on Aug 22, 2017

Allow ICSF to use a caller supplied ACEE and STOKEN on RACROUTE authorization requests

ICSF provided callable service CSFACEE to allow the requestor to supply a security environment using a RACF ENVR, to be used by ICSF when performing authorization checks rather than the default ACEE. But that does not help in environments, like Db2, which create and provide an ACEE to be used for performing authorization checks. It is performance prohibitive to create an ENVR from the ACEE each time an exit is called and performs an ICSF callable service request. And it is complex and error prone for an exit to try to create, cache, and reuse ENVRs on subsequent invocations of the exit.

Please provide an authorized callable service interface similar to that used by Db2 when calling the RACF/DB2 external security routine. The Db2 interface passes an ACEE address and a STOKEN for the address space that the ACEE resides in to be used. The ACEE and an ALET, created using the STOKEN when necessary, is then used to do authorization checks by performing RACROUTE REQUEST=FASTAUTH macro invocations. You can find the source for the RACF/DB2 external security routine on any system that has RACF installed in dataset SYS1.SAMPLIB(IRR@XACS), and then see how the external security routine performs authorization requests using the ACEE and ALET.

Idea priority High
  • Guest
    Reply
    |
    Dec 20, 2022
    This item is unlikely to be given high enough priority to be placed into the product plan. If you feel that this requirement is needed, please resubmit or create a new updated request.
  • Guest
    Reply
    |
    Aug 6, 2020

    Not in our immediate plans, but remains on our product backlog.