IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Under review
Workspace GDPS
Created by Guest
Created on Aug 28, 2025

RELATED IDEAS

Disable the capability to set the safeguarded copy expiration date

It is possible to delete LCP safeguarded copies by changing the expiration data to the actual date. 

This means that if somebody has been able to get the authorization to change the expiration date. He or she will be able to delete safeguarded copies. 

We (including our auditors) expect safeguarded copies to be really immutable and protected from being deleted. 

So the possibility to change the expiration date should be disabled. 

Idea priority High
  • Guest
    Jun 12, 2026

    Thanks for your view on this.


    Within ABN AMRO we had an audit and the auditors are pretty clear about this. If the experation date of a SGC can be changed (whether by one or by dual control or whatever), it is not immuttable anymore. So there needs to be some way to make them completely immutable. With a backdoor or whatsoever, we will never get a positive advise from our audit department.


    therefor we request to implement this idea. Or if IBM has another way of accomplishing this, it is fine for us as well.

    Reply
  • Guest
    May 25, 2026
    We understand your restated requirement to be that no improper or malicious human action should be able to cause the release of a safeguarded copy. But you also agree that copies cannot exist forever, and that there must be an exception process to handle situations that arise due to (for example) the finite nature of storage. Unfortunately, any exception process would need to be initiated by a human, or by automation according to rules configured by a human. In the end, no matter what the mechanism, there is a trusted human in control, and the potential for that trust to be abused. A key response to "zero trust" challenge is to require multiple approvals such that no single user can accomplish a malicious act on their own. GDPS has implemented dual control as a mitigation here, but you believe that can be defeated by a single RACF superuser. Given that, isn't your real requirement to be able to secure your RACF database? The potential harm from unrestricted RACF access to any resource is arguably a far greater business risk than premature expiration of a Safeguarded copy. Also, note that the DS8K has the capability today to set a guaranteed minimum number of captures which will be enforced by the storage system either from the user expiring them or by setting the volumes write inhibit if there is a volume/pool out of space situation. This setting can only be changed by IBM support so the client themselves cannot do this.
    1 reply
  • Guest
    Apr 26, 2026
    Given that the DS8K disk subsystem capacity is limited, what is the auditor's specific criteria of immutability?
    1 reply
  • Guest
    Sep 15, 2025

    The feedback from our Auditors is that if you can delete a Safeguarded copy immediately by changing die expiration date it is not really an immutable copy.

    Yes dual control is helping by mitigating deleting in the normal proces/way of working. e.g. prevent people for making mistakes. But if the z/OS - RACF environment has been compromised (somebody has been able to get superuser credentials) having Dual Control defined in the same security environment does not prevent against malicious actions I think.

    Reply
  • Guest
    Sep 5, 2025
    the GDPS LCP Mgr feature provides role based security (RBS), field level security in profiles, and dual control. why isn't dual control sufficient?
    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.