Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories Runtime
Created by Guest
Created on Jul 19, 2012

Provide the capability for user to supply a SECLABEL during CICS sign-on

With DB2 V8, MLS (Multi Level Security) it is possible to provide ROW level security to data in DB2 tables via SECLABELs ( RACF Security Lables) .
Although CICS does not fully support multilevel security, you can use
it in a multilevel-secure environment if you take care in the configuration.



By activating the RACF SECLABEL class and defining a set of security labels for users and DB2 table rows, it is possible to then access the secured DB2 rows via CICS. It is not required to have MLACTIVE or MLS set/activated. (MLSACTIVE or MLS(FAILURES) are not turned ON) You can use DB2 row-level security without impact on the rest of the MVS system.

When a CICS User does a CICS sign-on, the DEFAULT SECLABEL will be associated by RACF with the ACEE for this USER.

For non terminal programs , such as PLT programs
if the PLTPIUSR parameter is not specified, the PLT programs are run
under the CICS region userid when the PLTPISEC=NONE option is defined.

In this case you need to define the CICS region userid with a DEFAULT SECLABEL as described above.

LIMITATION: In the current CICS design, a CICS user is not able to supply a SECLABEL value during sign-on to CICS. TSO sign-on does provide this ability. So a CICS user is limited to only one SECLABEL value which is coded in the DEFAULT SECLABEL of the RACF User profile. This FITs is opened to ask that CICS provides the user with the ability to supply a SECLABEL during sign-on to CICS.

Idea priority Medium
  • Guest
    Reply
    |
    Oct 5, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Transaction Processing
    Product - CICS Transaction Server

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - CICS Transaction Server

  • Guest
    Reply
    |
    Jan 28, 2015

    This requirement has been re-evaluated. Looking at current plans, it is not likely that this would be implemented in the next two CICS TS releases, so correspondingly this requirement is being rejected.