IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Delivered
Workspace Application Discovery and Delivery Intelligence
Categories Application Discovery
Created by Guest
Created on Jul 22, 2019

RELATED IDEAS

ADDI AD Connect automation security model and user enhancements

Based on our evaluation/testing of IBM ADDI AD Connect automation, we have found that while technically feasible, i.e. we were able to connect ADDI server Build Configuration tool to the MF endeavor through the AD Connect listener and retrieve test code, there are security shortcomings that need to be address by IBM.

The main issue is that the AD Connect listener runs under one service ID, and for the automation test to run it was required to grant the service ID highest blanket access to endevor, which is deemed a security violation. IBM does not provide for entering a userid/password, human or machine, at the system/subsystem (or any other level in the process) other than as the service ID the listener runs under.

Since AD Connect automation is a powerful feature of ADDI project analysis setup, one that the bank has made a significant investment in providing, we've been asked to put together an RFE outlining the issues and proposed solution to remedy the security issues. Without these security enhancements we would not be able to implement AD automation within the bank.

Since the developers do not have access to the ADDI server to run AD Build Client or Build Configuration tool (which are already eclipse-based), the ideal situation would be if they could access this functionality directly through IDZ plugin and enter their Endevor credentials, for systems that they are granted permissions, to set up the ADDI project automation and perform builds. (see attached diagram)

There is also two existing related RFEs:
PMR ID:90742,004,000
RTC ID:321205
and
ID: 133466
RTC ID:319436

Would be happy to set up a call to discuss.

Idea priority Urgent
  • Guest
    Reply
    |     Oct 26, 2021

    Delivered in AD 6.0.1 We have enhanced our security implementation around AD Connect, instead of using one single ID to access the entire source system, we now have the option to use user's z/OS ID /Password to retrieve the source files that this ID is entitled to. This implementation is made available in AD Build Client and released to market as part of v6.0.1

  • Guest
    Reply
    |     Sep 10, 2019

    Thank you for taking the time to suggest an enhancement to our product. Many of our product enhancements result from feedback from our customers, so your input is always very important to us. Your request is currently in line with our product strategy and we have planned it for a future release of the product. Thank you for your suggestion and continued support.

  • Guest
    Reply
    |     Aug 20, 2019

    A preliminary evaluation of this request indicates that it is consistent with our business strategy. Further evaluation of this RFE is underway.

  • Guest
    Reply
    |     Jul 22, 2019

    Attachment (Description): Proposal for ADDI / Endevor integration and securityCode

    Build_Pipeline_...
    Build_Pipeline_ADDI_RFP (003).pdf
     Build_Pipeline_ADDI_RFP (003).pdf
    Open full size
    Build_Pipeline_ADDI_RFP (003).pdf

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.