Skip to Main Content
IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Status Not under consideration
Workspace OpenPages Ideas
Components Other
Created by Guest
Created on Mar 29, 2019

DB Roles Assigned to openpages and opworkflow Violate Hardening Requirements

Per previous communications with IBM the openpages and opworkflow (sevice accounts IDs) require the following roles: PENDING_TRANS$
DBA_2PC_PENDING
DBA_PENDING_TRANSACTIONS
DBMS_SYSTEM V$XATRANS$
OP_DATAPUMP_DIRECTORY
SELECT_CATALOG_ROLE RESOURCE

Issues: all these roles have some privileges that normally against hardening guideline to secure the Oracle DB server.

For example:
The RESOURCE role grants a user the privileges necessary to create procedures, triggers and types within the user's own schema area. The privileges includes- create cluster, create procedure, create sequence, create table, create trigger, type.

SELECT_CATALOG_ROLE role allows user to see the data dictionary view where it contains all schema in the db, space allocation, values for column, privileges and roles of the users. If a malicious user has this role, he or she can collect as much information as he or she needs about the db server through data dictionary.

The risk - Granting privileges to the roles will grant users in the role system privileges or object privileges, it increase the attacking surface, and the risk of getting system compromised. Two IDs are service accounts. They may not be monitored as much as regular users or subject to stricter controls (password expiry for example), if they are compromised, the accounts can gain usual information about the DB and proceed to do further damage.