IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace IBM i
Categories Application Development
Created by Guest
Created on Jul 24, 2020

RELATED IDEAS

Granting *USE access for programmers for all users

We recently migrated to a power 8 box with V7R3 and we discovered that the programmers cannot invoke a STRSRVJOB for a regular user (non-programmer, no special authorities) job in the system. Support says to log in as QPGMR or grant *USE on the target profile that the programmer is suppose to invoke the STRSRVJOB.

I have two concerns on this:
1. We don't use QPGMR as a programmer profile to be granted access for all programmers as we cannot identify specifically who used the account so we don't advise granting access for programmers to use QPGMR.
2. We don't grant *USE for programmers to users as that will create a maintenance and security nightmare.
- For one, *USE access for programmers on users means we have to change all over 1000 users in our system to add *USE authority for all the programmers.
- Secondly, *USE access for programmers allows programmers to submit job with the USER profile ID that they have *USE access to. This is a security nightmare.


Use Case:

No sure what to type here. This used to work without any issue with V7R1 and now it is an issue for us.


Idea priority Medium
  • Guest
    Reply
    |     Apr 15, 2021

    The help text is not correct.. .It will be corrected in a future release

    Start Service Job - Help

    The Start Service Job (STRSRVJOB) command starts the remote service
    operation for a specified job (other than the job issuing the
    command) so that other service commands can be entered to service
    the specified job. Any dump, debug, and trace commands can be run
    in that job until service operation ends. Service operation
    continues until the End Service Job (ENDSRVJOB) command is run.

    Restrictions:

    o This command is shipped with exclude (*EXCLUDE) public authority
    and the QPGMR, QSYSOPR, QSRV, and QSRVBAS user profiles are
    shipped with private authorities to use this command.

    o You must have use (*USE) authority to the user profile of the
    job being serviced.

  • Guest
    Reply
    |     Jul 26, 2020

    This rather sounds there was some steps missing in migration. In general, the current security settings on a *fresh install* of IBM i are not that bad. Setting *USE to all user profiles might not be a good idea, especially for programming related objects. Consider you're an audited company and your auditor knows his job.

    Have your security rules and settings checked before granting *USE to all.

  • Guest
    Reply
    |     Jul 24, 2020

    What you're asking IBM to do will also create a maintenance and violate the security model. I recommend taking a look at QPGMR user's group and assign your existing users to the same user groups as this profile and going forward when creating new programmer level users clone the QPGMR profile.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.