Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Categories Other
Created by Guest
Created on Aug 17, 2015

CICS EDF Tool - Read Only Mode

The CICS Execution Diagnostic Facility (EDF) is a tool to debug CICS application programs, that use the CICS application programming interface (API).
EDF runs as a CICS transaction that can be invoked using the CEDF transaction identifier. Most of the changes that can be made with EDF tool involve changing information in memory. The EDF allows changing the working storage of the programs and most fields in the EIB and COMMAREA.
Itaú bank uses CICS in an environment to proccess credit cards services. Because of the highly critical business involved, there are many control standards established to ensure the security and prevent frauds. Itaú has polices that prohibit the use of EDF in a production environment.
On the other hand, the production CICS environment has around of 850.000 Programs, 370.000 Transactions and executes 17.000.000.000 tasks per month, where the EDF tool would be extremely useful to diagnostic problems and errors in application programs, quickly and in a more efficient manner.

IBM RFE:
There is a RFE ID=28078 created on 01/11/2012 requesting a CEDF in a Read Only form, but there are only two votes a favor including Itaú Bank.

Request:
To be in compliance with the current polices and enjoy the EDF benefits, Itaú Bank has requested changes in EDF to provide a way to use the tool in a Read Only form, where it is not possible changing information in memory.

Suggestion:
This change can be as a parameter in CEDF Transaction that can be turned on/off or a new Transaction as it exists today with the other CICS tool CEDA and CEDC Transactions.

Idea priority Medium
  • Guest
    Reply
    |
    Jun 16, 2017

    This RFE is satisfied by CICS TS 5.4 which is generally available from today June 16th 2017.
    For more information see the announcement letter https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&supplier=897&letternum=ENUS217-113

    CICS TS 5.4 provides a read-only form of CEDF called CEDG and a read-only form of CEDX called CEDY.

  • Guest
    Reply
    |
    May 16, 2017

    This RFE is satisfied by CICS TS 5.4 which was announced on May 16th 2017 with a planned general availability date of June 16th 2017.
    For more information see the announcement letter https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&supplier=897&letternum=ENUS217-113

    CICS TS 5.4 provides a read-only form of CEDF called CEDG and a read-only form of CEDX called CEDY.

  • Guest
    Reply
    |
    Feb 9, 2016

    This is something we would like to address. The RFE is being moved into 'Planned for Future release' status. Please note:
    IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

  • Guest
    Reply
    |
    Jan 5, 2016

    For a read-only EDF, modifying storage and the EIB would be disabled, NOOPing the command would be disabled, abending the the task would be disabled, invoking CECI and CEBR (although CEBR browses a queue, it also allows purge of a queue which should be disallowed) would be disabled. The only input from a screen that would be accepted would be to specify STOP conditions when using EDF.

    A question that arises is how should it be activated?

    One option would be to have new transaction ids, so perhaps CEDG would be the read-only form of CEDF and CEDY could be the read-only form of CEDX. That way you can use transaction-attach security and specify which userids are allowed to attach CEDF and which are allowed to attach CEDG etc.

    Another option would be to keep the same CEDF and CEDX transaction ids, but to have an additional security check. Today EDF does two TRANSATTACH security checks, ie to check the userid is allowed to attach CEDF and then a second check to check that CEDF is allowed to attach the user transaction. What if there was a third security check, this time using TRANSACTION resource security rather than TRANSATTACH. Transaction resource security is normally used for resource checks when doing EXEC CICS INQUIRE/SET TRANSACTION commands. This third security check would be something you opt in to, ie by default CEDF would be read/write. However if you defined a profile that had READ access to transactions CEDF and CEDX this could be the trigger for CEDF and CEDX to run in read-only mode. The idea would be you would allow anyone to attach CEDF and CEDX but assign all userids (except the privileged few), to have read access to CEDF and CEDX. Hence everyone except a privileged few can only run the read-only version in production. Test regions that run with security would need to use different profiles to allow use of read/write CEDF in test..

    Any thoughts/comments ?

  • Guest
    Reply
    |
    Oct 5, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Transaction Processing
    Product - CICS Transaction Server

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - CICS Transaction Server

  • Guest
    Reply
    |
    Sep 3, 2015

    This is something we would like to investigate. It is a candidate for a future release.