IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace IBM i
Categories RDi (Rational Developer for i)
Created by Guest
Created on Sep 23, 2011

RELATED IDEAS

RD Power Security Issues

User not authorized to SAV* and FTP commands should be able to see all the application source members, but COULD NEITHER change them NOR transfer them to any other system/partition.


Use Case:

Real Scenario from customer environment
- QSECURITY = 40
- user HOTLINE (*PGMR , *SPLCTL as its only special authority) is not authorized to SAV* and FTP commands.
- source file library with public authorithy *EXCLUDE, QPGMR *EXCLUDE, user HOTLINE *USE
- source files: same authority as the library
The objective is that user HOTLINE could see all the application source members, but COULD NEITHER change them NOR transfer them to any other system/partition.
With ADTS this objective is achieved: user HOTLINE can save single or multiple source members on other libraries on the SAME system, but NOT on other systems.

If user HOTLINE logs on such partition via RDPower - RPG and Cobol Development Tools for i, he can only browse source files, but LPEX allows him to use option Save as .., so any source file can be transferred not only to any library on the same system, but to any other system/partition which user HOTLINE is connected to and is authorized to.
Even worse: from the Remote System view or from the Object Table, user HOTLINE can select as many members as he wants, perform a mass copy of them (mouse right click--->Copy), then paste them on any other system/partition where user HOTLINE may have full authorities.


Idea priority High
  • Guest
    Reply
    |     Sep 14, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Programming Languages
    Product - Developer for Power Systems

    For recording keeping, the previous attributes were:
    Brand - Rational
    Product family - Design & development
    Product - Developer for Power Systems

  • Guest
    Reply
    |     Dec 16, 2011

    Thank you for taking the time to suggest this enhancement to our product.  Many of our product enhancements result from feedback from our customers, so your input is always very important to us. Although we feel that requests to enhance Security are very important, we do not have plans to address this particular request.
    Again, thank you for your suggestion and continued support!

  • Guest
    Reply
    |     Nov 23, 2011

    I'm not sure this is realistic. If you give someone *USE authority to your source members, you cannot prevent them for copying those sources elsewhere.
    For instance,
    - An Emulator macro could automate cut and paste
    - Create a DDM to the source on the other partition and copy from there
    - Use remote SQL
    - When opened in LPEX, a local copy is made in the workspace on the PC.

  • Guest
    Reply
    |     Oct 25, 2011

    This RFE is consistent with our strategy and product roadmap and IBM is continuing to evaluate.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.