Skip to Main Content
IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Status Not under consideration
Workspace Db2 for z/OS
Created by Guest
Created on May 18, 2018

DENY Remote Connetions to DB2 if not from a permitted combination of System AuthId and Location/IPAddress with wildcarding

Running DB2 11 NFM.

We are trying to ALLOW a remote connection to DB2 on z/OS from ONLY specific combinations of User ID and IP Address via a DB2 mechanism that can be modified dynamically.

Simply looking for a way to DENY a connection from remote IP Address or IP Address range if not using a specific User ID that was intended for use from that IP Address range.

Wildcarding the selection criteria would be needed as well to cover an IP Address range.

I am trying to use functionality available within DB2 for this and can not seem to find a way to accomplish this.

I have considered using:

Roles and Trusted Context - no wildcarding, if no match would still get a 'normal' connection rather than deny the connection. Could we perhaps add keywords to the Trusted Context definition to DENY if no match found rather than getting a 'normal' connection.

Monitoring Connections using Profiles - does allow wildcarding, no control to DENY a connection if no match found.

Resource Limit Facility - no wildcarding, only works for some Dynamic SQL. No direct control to DENY a connection so would need to set ZERO Service Units somehow for the ID if no matching 'specific' rows found using ID and IP combination.

Thanks for your consideration.
  • Admin
    Janet Figone
    Reply
    |
    Jan 8, 2020

    Thank you for submitting this enhancement request. Db2 for zOS development reviewed it and determine the requested capability is already supported in the z/OS Security Server using the SERVAUTH class.

    Sincerely,

    Db2 for z/OS development