This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,
Post an idea
Upvote ideas that matter most to you
Get feedback from the IBM team to refine your idea
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
IBM Employees should enter Ideas at https://ideas.ibm.com
While IBM Db2 Administration Tool for z/OS did provide the means for changing the GRANT, the default in the configuration tool was PUBLIC.
IBM Db2 Administration Tool is now changed to default to no GRANT processing.
This change is made by
APAR PH62395 and is now available.
The National Institute of Standards and Technology, NIST, has published standard 800-53 on Privileged Access Management and Least privilege. With the principle of Least Privilege, one grants users the minimum level of access necessary for their job functions, restricts access to sensitive information and critical systems, and segregates roles to maintain checks and balances.
Of particular interest to database tools is the GRANT provision for permitting access to specific assets by a person’s role. In a world where dynamic SQL is pervasive, the expedient thing is to GRANT SELECT (i.e. read) access to system tables to PUBLIC. This, however, breaks the least privilege standard by allowing ANYONE with access to the database system to query those tables. Under a secure system, even metadata can be sensitive and must be treated as such.
IBM Db2 Tools product teams always strive to comply with the concept of Least Privilege.
For example, IBM Db2 Administration Tool enables the installer to specify the authid(s) that should be granted access to the SYSIBM.SYSxxxAUTH tables and which authid(s) should be granted access to the remaining Db2 catalog tables. NONE can be specified if no GRANTs should be generated during install i.e. if the installation is using RACF security or wants to control the access by other means (e.g. Grant management in Db2 Administration Tool).