IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace IBM i
Categories Security
Created by Guest
Created on May 31, 2025

RELATED IDEAS

Adopted authority to SFTP connections

Hello team, since a couple of days we are fighting with the SFTP connections, what is the problem? For BATCH process, there is no problem because you can use the "user profile" for the submission but... for interactive transactions, the sftp connection uses the user profile that execute the action and... if you have 200 users doing that, you should have to create the "/home/id/.ssh" 200 times for each connection... we tried with a group profile but the interactive transaction does not use the group profile properties, always uses the ID logged/running the transaction.

So, the idea is... to use the Adopted authority concept but for SFTP connections... if we create only ONE user profile for SFTP connections, and the CLP program that execute the .SH file is compiled with that user profile, use the same user profile for the SFTP connection and does not use the id interactive logged... 

It is possible? Or is something like that possible?

Thank you!

Idea priority Low
  • Guest
    Dec 18, 2025
    IBM does not intend to provide a solution to this Idea at this time, so it is being closed.
    The cost to implement this suggestion would be high, and there is a work-around using the profile handle support as noted in other responses.

    IBM Power Systems Development
    Reply
  • Guest
    Jul 30, 2025
    IBM has received your Idea and is evaluating it. IBM will provide a response after evaluation is complete.

    IBM Power Systems Development
    Reply
  • Guest
    Jul 15, 2025

    I'd like to agree with the suggestion you have already received, this is something we have implemented often and with great success.

    Using the option to "Swap User profile" (Profile Handles) should work seamlessly in this implementation, and you will be able to lock it down better in 7.6 with the new functionality to restrict Impersonation (yet another name for the same thing, Swap user Profile, user profile handles, etc)

    The main thing you should be mindful of, from a security Point of View, is ensuring you swap back to the original user profile asap, including during application abends and or user-requested termination (SysReq Option 2)

    TTFN Brad
    The Friendly Techie
    Steve Bradshaw
    IBM Champion, Member of CEAC, TD of i-UG.co.uk and Friendly Techie at RowtonIT.com

    Reply
  • Guest
    Jun 16, 2025

    Have you looked at using user profile handles and building that into a wrapper of your SFTP process?
    https://www.ibm.com/docs/en/i/7.4.0?topic=programs-example-using-profile-handles

    The QWTSETP API was mentioned in a code400.com thread some years ago specifically addressing an SFTP issue.

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.