Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace z/OS
Categories RACF
Created by Guest
Created on Apr 29, 2022

RACF ability for NO-Special-users to remove MFA from user.

We need to implement emergency procedure for MFA-users to allow access without MFA.

If somebody get a call in the middle of the night, and drop the phone in the toilet before loging in … we have a serious problem.

We have no Security Officers on call to set User in Pairring Mode or to remove MFA from user.

Shutting down the MFA-task could be a solution as we have defined PWFALLBACK on all users, but this would affect all other user that try to login.


We would prefer that the Online operator was able to temporarely remove MFA-segment from user (ALU xxxx NOMFA), but this requires SPECIAL in RACF, and that is not acceptable.

A solution would be to make change to RACF, providing a solution that allow to permit certain users to manipulate MFA-segment.
It could maybe be implemented via Profile in Facility Class like IRR.PASSWORD.RESET allowing users to Reset other users password-count.

Idea priority High
  • Guest
    Reply
    |
    Jun 21, 2022
    This item is unlikely to be given high enough priority to be placed into the product plan. As an alternative, it would be possible to have a user with group-special access to limit the scope to the desired users.