Skip to Main Content
IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Status Functionality already exists
Workspace Db2 for z/OS
Created by Guest
Created on Mar 7, 2023

Apply security restriction in Db2 table only via database connector tools (but not from database objects)

There are few use cases where Db2 table access must be restricted only from DB connector tools(eg; SPUFI, QMF or DSE in IDz or any other DB visualizer) but not from the database object itself.

To explain further, we do have home grown tools(x1) used for MF development activities hosted in dev LPAR pointing to lower sub-system(i.e test) and one higher sub-system(i.e pseudo technical prod). Users accessing tool(x1) has both read/update/delete access that is being controlled by database RACF profiles from DBAs, it works perfect. At the sametime users could access the database directly outside of tool(x1) and might update particular data knowingly or unknowingly via SPUFI or QMF or other Db visualizer, it shows potential risk in someway. Did some analysis internally it seems there is no definitive solution yet to control such users accidently accessing those datas silently via such tools either.  This idea is all about new possibilities and evolution to impose security restrictions to overcome such issues from DB tools perspective but not from object perspective.
 

Needed By Quarter
  • Admin
    Janet Figone
    Reply
    |
    Apr 17, 2023

    Hello,

    Thank you for submitting this enhancement request.

    We are pleased to inform you this capability already exists. You can use the bind option, ENABLE or DISABLE or trusted context to control users access to specific connection type.

    We appreciate your input to the Db2 for z/OS development team. We also hope that you will continue to submit ideas for improvements as customer feedback is a key component to shaping the future direction of Db2 for z/OS.

    Sincerely,

    The Db2 for z/OS Team