Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace z/OS
Categories RACF
Created by Guest
Created on Nov 1, 2022

An AD to ESM mapping mechanism for objects and actions with a RESTful API interface

All of the front-end and orchestration tools work off Active Directory authorizations. There is no connection between any AD entitlements and the resources on the mainframe environment. To prevent a man in the middle attack there is a need to create a solution that would link the ADLDS entitlements of a requesting user with the resources present on the mainframe environment. For example, user 12345678 is part of the ADLDS group ZZZ and that gives read access to dataset profile ABC.DEF.** The above would be a requirement for all IBM customers who want to use off platform tooling to automate processes on the IBM z platform in a secure manner
Idea priority High
  • Guest
    Reply
    |
    May 5, 2023

    IBM has engaged z/OS SMEs to discuss a tentative design implementation that can work to address the requirement and we will continue to post updates as needed/applicable.