IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Submitted
Workspace IBM i
Categories Security
Created by Guest
Created on May 29, 2025

RELATED IDEAS

Enhance Security of QUSEADPAUT system value and USEADPAUT in general

This is similar in intent to https://ideas.ibm.com/ideas/IBMI-I-4498 

In support of 'deny by default' security principle, arrangements should be made to only generate programs and service programs with  USEADPAUT(*YES), when A) explicitly requested and B) by users explicitly authorized to do so.  Even authorized users would have to explicitly state they wanted *YES and the default would still be *NO.   Several ways this could be accomplished are below: 

One or more new values for the QUSEADPAUT system value could be added and the default changed for new installs using one or more of the following proposed settings: 

1. *DENIED  -- No user on the system can cause programs to inherit adopted authority-- (This would be useful for a production LPAR where no program creation is expected to occur.  All program creation is done on a development LPAR) 

2. *FCNUSG -- A  new function usage id (QIBM_SET_USEADPAUT_YES) which drives which users are authorized to create/modify programs with USEADPAUT(*YES)  (which would also allow for *ALLOBJ users to optionally be permitted.)  Maybe at upgrade time IBM auto-migrates from *AUTL method to function usage method as that is the modern way to do this kind of thing.   Being *ALLOWED via this function usage would still not cause USEADPAUT *YES by default. 

The CRT commands for *PGMs and *SRVPGMs could have a new USEADPAUT parm (*YES/*NO/*SYSVAL) which defaults to *SYSVAL.   If the *FCNUSG if the QIBM_USEADPAUT_DEFAULT_YES part of this idea (see next paragraph) is included, then the default should be *FCNUSG.

A separate new function usage (QIBM_USEADPAUT_DEFAULT_YES) where only *ALLOWED users will have the default creation option be *YES.  It probably makes sense to restrict the *ALLOBJ setting for this function usage to *NOTUSED in alignment with deny by default.   This will be useful for existing dev ops build infrastructures that rely on the old default of *YES.    If a user is *ALLOWED for QIBM_USEADPAUT_DEFAULT_YES but not for QIBM_SET_USEADPAUT_YES they would either get a failure or it would drop to *NO with a message that the QIBM_USEADPAUT_DEFAULT_YES could not be honored. 

 

 

Idea priority High

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.