Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories General TM
Created by Guest
Created on Sep 8, 2014

DFSCMTI FUNC=ICMD should provide command authorization checking

Hello,

I would like to submit an enhancement request for the IMS DFSCMTI macro interface to provide an option to invoke IMS Command security when using DFSCMTI FUNC=CMD/ICMD. This enhancement is related to IBM Service request number: 67573,227,000.

Our product issues IMS commands internally using the DFSCMTI FUNC=ICMD and FUNC=CMD interface from a program running in the IMS Control region. A few of our mutual customers have requested an option to associate a UserId and invoke IMS Command security when issuing IMS commands from our product. I was hoping that using the DFSCMTI keywords USERID= along with AUTHED=NO will provide this option, but as explained to me in IBM Service request number: 67573,227,000 this is not the case.

Our customers would like to have the option to invoke the same level of IMS command security (controlled by DFSPBxxx parameters ISIS, AOIS and CMDMCS) when issuing IMS commands from our product (DFSCMTI FUNC=ICMD) that is provided by IMS when issuing commands using other methods.

From the Service request:
“The call to DFSCCMD0 is always bypassed... the DFSCMTI0 module is "downstream" from where DFSCCMD0 would be called.
.
Specifically, the comments in the AOI command controller module DFSICLC0 describe how commands from the ICMD DL/I call are processed:
.
AN AOI APPLICATION, RUNNING UNDER ITS PST, MAKES A 'ICMD' CALL. DFSCPY50, THE AIB CALL ROUTER GETS CONTROL AND INVOKES DFSCMD60 TO PROCESS THE 'ICMD' CALL. DFSCMD60 ENQUEUES AN AWE TO DFSCMTI0.
.
The DFSCMD60 module calls DFSAOSC0 to do ICMD authorization checking. That authorization could be any combination of RACF or the DFSCMD00 exit. It will only enqueue the AWE to DFSCMTI0 if authorization passes. By using the DFSCMTI macro, you are making a call directly to DFSCMTI0 and so you are bypassing the authorization. The AUTHED=NO parameter causes the AWEHAUTH flag to be reset in the AWE, and the only affect of that I see is for the CTBJAUTH flag in the CTB in turn to be rest. The only place I see that flag checked is in DFSICLW0 which processes online
DBRC commands. ”

Perhaps you can introduce a new keyword to the DFSCMTI interface that would cause the processing to call DFSAOSC0 to do ICMD authorization checking.

Thank you,
Nevena Stoimirov

Idea priority Medium
  • Guest
    Reply
    |
    Apr 6, 2015

    Dear Nevena Stoimirov:

    Thank you for submitting this IMS enhancement request.
    After giving the request a comprehensive review, we have determined that we cannot include it as a candidate in an upcoming release because it is not consistent with the product architecture and our strategy for future releases.

    As a consequence we have, unfortunately, rejected this request.

    We appreciate your input to the IMS development team. We also hope that you will continue to submit ideas for improvements as customer feedback is a key component to shaping the future direction of IMS.

    Sincerely,
    Poonam Chitale