IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

My ideas: RACF

Showing 233

Give pyRACF similar resources and priority to ZOAU

With Python gaining popularity on z/OS and a new generation of z/OS System Administrators coming onto the platform with prior Python experience, it is important that crucial subsystems like RACF delivers data in JSON format and gives access to qua...
about 2 months ago in z/OS / RACF 1 Under review

Add sudo command into the base install USS security

Integrating sudo like Linux has would improve security by being able to use superuser privileges on a case-by-case basis rather than having all of your commands be superuser authorized. We'd also be able to set restrictions and timeouts in the sud...
9 days ago in z/OS / RACF 0 Submitted

Create a SMF security violation for failures on BPX.SUPERUSER so installations can use it to detect possible hacks or attacks.

Please refer to case: TS017997103 for additional information Our intent was to audit the usage of the "su" command, and subsequent access granted once a user has switched user. Primarily we want to audit the "su" to ROOT userid. Thinking we could ...
4 days ago in z/OS / RACF 0 Submitted

Remove DES as an option for password encryption for newer releases of RACF

Please can you consider removing DES as an option in RACF in a future release of z/OS & RACF, to force sites to upgrade to KDFAES. I teach a lot of Auditors about Mainframe Security and they are very surprised to learn that DES is still a thin...
5 days ago in z/OS / RACF 0 Submitted

Listuser command allows for 'enumeriation' of valid userids

As seen below. When one does a "LU <EXISTING USER>" you get the message : "NOT AUTHORIZED TO LIST IBMUSER"When the user it not present on the system, you get the message "UNABLE TO LOCATE USER ENTRY NOTHERE" It would be better if the reply i...
4 months ago in z/OS / RACF 0 Future consideration

ACEE Modification Detection events to SMF

Having an ACEE modification event generate an SMF record would be helpful to an organization's SOC team or any SIEM solution. Today the only way to generate an actionable alert is to roll your own automation and build an actionable event based on ...
5 months ago in z/OS / RACF 0 Future consideration

RACF should prioritize checking certificates with longer validity periods in the keyrings.

Opening a new idea (RFE) since IBM changed the status of ZOS-I-4249 to Not under consideration Why is it useful: Let's consider an example: CustomerX provides a new subCA to Visa for installation as a trusted entity because one of their subCAs, sa...
3 months ago in z/OS / RACF 13 Under review

Desirable new feature: GROUP revoke inactive days and consequently new user inactivity policy

We have set SETROPTS INACTIVE(60) and this is applicable for all users. However, we have some specific users with the requirement not to be revoked after 60 days but more than this value. So, Inactivity should be helpful to be defined as group att...
3 months ago in z/OS / RACF 3 Not under consideration

Simple documented configuration of passphrase complexity rules

I am familiar with IRRPHREX option. However, I would like a simpler option that is managed and displayed in SETROPTS. I don't need extensive customizability, I really only need to enforce minimum length of 15 rather than 9. I can do it with IRRPHR...
4 months ago in z/OS / RACF 3 Not under consideration

RACF REST API

It would be really useful if RACF or z/OSMF provided an optional extension of sorts where you could check if profiles, users, and so on exists in RACF as well as get general information about the security setup either through a REST API and/or a P...
about 1 month ago in z/OS / RACF 0 Under review

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.