IBM Z Software
This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Sorry to see this get declined--in our shop, we support several business units, some of which use HPO=NO (and therefore use the OOB DFHSIT6$ as the base SIT), and others which use HPO=YES. While we could theoretically apply a usermod to the DFHSIT6$ source, setting HPO=YES, we would still need another flavor of DFHSIT with HPO=NO. Would like to suggest a possible RACF/ESM resource that would alleviate the integrity controls concern, thereby making it less of an issue to allow override of the HPO parm.
Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - Servers and Systems Software
Product family - Transaction Processing
Product - CICS Transaction Server
For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Transaction Processing
Product - CICS Transaction Server
We have no plans to provide a preassembled SIT with HPO=YES coded. Use of HPO potentially allows CICS® application programs to bypass all MVS™ integrity controls. If you decide to use HPO, ensure that the application programs used on your CICS system meet your own installation's integrity requirements. So this is the reason that it is not allowed as a SIT override, but has to be coded in the SIT. The assembled SIT has to go into an authorised library and so this is one guard against inadvertant or malicious activation of the HPO option. Supplying a reassembled SIT in SDFHAUTH effectively would bypass that guard and would the same as allowing HPO= as an override.
Use of HPO does some with a warning. This is what it says in the Infocenter:
Use of HPO potentially allows CICS® application programs to bypass all MVS™ integrity controls. If you decide to use HPO, ensure that the application programs used on your CICS system meet your own installation's integrity requirements.
So this is the reason that it is not allowed as a SIT override, but has to be coded in the SIT. The assembled SIT has to go into an authorised library and so thiss is one guard againsst inadvertant or malicious activation of the HPO option. Supplying a reassembled SIT in SDFHAUTH effectively would bypass that guard and would the same as allowing HPO= as an override.