IBM Z Software
This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
This RFE is satisfied by CICS TS 5.4 which is generally available from today June 16th 2017.
For more information see the announcement letter https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&supplier=897&letternum=ENUS217-113
CICS TS 5.4 provides a read-only form of CEDF called CEDG and a read-only form of CEDX called CEDY.
This RFE is satisfied by CICS TS 5.4 which was announced on May 16th 2017 with a planned general availability date of June 16th 2017.
For more information see the announcement letter https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&supplier=897&letternum=ENUS217-113
CICS TS 5.4 provides a read-only form of CEDF called CEDG and a read-only form of CEDX called CEDY.
This is something we would like to address. The RFE is being moved into 'Planned for Future release' status. Please note:
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
For a read-only EDF, modifying storage and the EIB would be disabled, NOOPing the command would be disabled, abending the the task would be disabled, invoking CECI and CEBR (although CEBR browses a queue, it also allows purge of a queue which should be disallowed) would be disabled. The only input from a screen that would be accepted would be to specify STOP conditions when using EDF.
A question that arises is how would be activated?
One option would be to have new transaction ids, so perhaps CEDG would be the read-only form of CEDF and CEDY could be the read-only form of CEDX. That way you can use transaction-attach security and specify which userids are allowed to attach CEDF and which are allowed to attach CEDG etc.
Another option would be to keep the same CEDF and CEDX transaction ids, but to have an additional security check. Today EDF does two TRANSATTACH security checks, ie to check the userid is allowed to attach CEDF and then a second check to check that CEDF is allowed to attach the user transaction. What if there was a third security check, this time using TRANSACTION resource security rather than TRANSATTACH. Transaction resource security is normally used for resource checks when doing EXEC CICS INQUIRE/SET TRANSACTION commands. This third security check would be something you opt in to, ie by default CEDF would be read/write. However if you defined a profile that had READ access to transactions CEDF and CEDX this could be the trigger for CEDF and CEDX to run in read-only mode. The idea would be you would allow anyone to attach CEDF and CEDX but assign all userids (except the privileged few), to have read access to CEDF and CEDX. Hence everyone except a privileged few can only run the read-only version in production. Test regions that run with security would need to use different profiles to allow use of read/write CEDF in test..
Any thoughts/comments ?
Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - Servers and Systems Software
Product family - Transaction Processing
Product - CICS Transaction Server
For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Transaction Processing
Product - CICS Transaction Server
Hi,
Yes this is a production system. Now we dont use CEDF at production but we want to allow if only CEDF can be read only .
And we don't have pre-prod environment. Sometimes is not possible to create same problem at the TEST systems.
Because of we want to allow to use CEDF in order to help our developers .
Actually this process was under our control .
When a developer want to use CEDF he comes into our office during working hours. We use dedicated 3270 screen and we use a special userid/password for CEDF which is known only our CICS system programmer. Non working hours developer open a ticket to get the temporary pasword to use CEDF.
Hi Adem,
Can you give me a bit more details on the use case ? Is this a production system ? If so, why do allow use of CEDF at all on a production system ?
Thanks,
John Tilling