Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories Open Access DB
Created by Guest
Created on Mar 7, 2017

Improved Access Controls around IMS data

As we look at the idea of accessing IMS data via SQL through ODBM, we see some rather glaring Security issues that could expose us to, that would be addressed using a similar concept to what DB2 is doing with Roles & Trusted Context and AUTH tables. Access today in IMS is primarily restricted by PSB, which works fine with traditional access methods using DL/I calls through COBOL or PL/1 programs. With the concept of accessing IMS data through ODBM, through a GUI tool similar to what you would think of to be like Data Studio that can provide the ability to perform ad-hoc queries and updates, that model has some limitations.

With a tool like this, we would likely have a single PSB that would have all segments of a database or several databases for a given application, so at that point everyone using the tool would have access to everything in the database. To get more granular you'd have to create PSB after PSB with different segments and have the application be smart enough to know what PSB to use for what user, which would be a maintenance nightmare when you are talking about potentially hundreds of users across many areas.

With DB2 we can restrict individual people to what specific tables they should have access to, we would like the same capability in IMS at a segment level, not having to create a unique PSB for each person. Doing a GRANT is DB2 can be performed in seconds, getting a PSB changed is typically weeks.

Additionally, we would like the concept of a Trusted Context, so that when access it granted we can say that it can only be used through that Context, which is typically going to be the IP Address of the app servers that our tool is running on. That will prohibit those individuals from using the access via other tools that don't have the same controls and audit trails.

Idea priority Urgent
  • Guest
    Reply
    |
    Feb 27, 2019

    Hi Greg,
    Thank you for your interest in keeping IMS a vital and successful product. Software development has continuously evolved during IMS's lifetime, and so has IMS itself. We have kept pace with, adopted, and implemented many industry standard best practices within our organization, including Continuous Delivery, Design Thinking, and Agile.

    When choosing new features to add from the list of requirements in our backlog, we assess which will bring the most value to as many clients as possible and prioritize those.

    At this time, after reviewing this request for enhancement and assessing its potential value, we have decided to reject it. We think it’s a great idea but we are rejecting RFE 102007 because we don’t feel we can deliver it within the next 18-24 months which is the goal we have set for RFE deliverables as part of our IMS Gold program.. You are welcome to resubmit this RFE at a later date and we will reconsider.

    We appreciate your input to IMS, and we hope that you will continue to submit ideas for improvements as customer feedback is a key component to shaping the future direction of IMS.
    Thank you.
    Sincerely,
    Deepak Kohli - deepakk@us.ibm.com