IBM Data and AI Ideas Portal for Customers
Hide about this portal


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Add a new idea Subscribe
Status Delivered
Workspace Spectrum Symphony
Components Version 7.1
Created by Guest
Created on Sep 24, 2015

RELATED IDEAS

[Security and Access Control][CE] [Security] - Symphony should immediately reflect changes in Active Directory

See this idea on ideas.ibm.com

The current Active Directory behavior in Symphony 7.1 is flawed. Feedback from support is that the expected practice is after a new user or group is added to AD or an existing user is added to an existing group that the cluster should be restarted in order to acquire the changes to Active Directory. This is not correct and is unrepresentative of the manner in which other AD based security models work. For example it is not necessary to restart a file server or SQL server when a user is added into an AD group. Similarly, e-mail systems (such as Lotus Notes) can use AD groups to maintain distribution lists that can be updated without requiring a restart of the server software.
The purpose of Symphony AD integration is to enable IT support staff (who do not have knowledge or experience of Symphony) to grant or revoke Symphony access to a user based on that user's membership of groups to which the Symphony administrator has assigned appropriate roles within the cluster. This enables security to be centrally managed by IT support staff in line with most other IT systems. For the design behavior to require a cluster restart following an AD change, this forces the Symphony administrator to be involved in what should be a routine operation.
The other principal issue with the design behavior is that a cluster restart is an invasive operation that requires coordinating a period of downtime within the business. For a dynamic organisation where users may need to be added at short notice during a busy time for the cluster this represents a problem, forcing the Symphony administrator to assign roles directly to the user within the cluster.
It is clear that Symphony is capable of eventually reflecting AD changes without a cluster restart, however these changes can take anything from a hour to some days to register. This behavior needs to change such that AD changes are reflected in Symphony within seconds and without any additional actions or commands required on the cluster itself.

  • Guest
    Reply
    |     Dec 21, 2017

    This is implemented in Symphony 7.2.0.2 release. Changes in AD authentication server can be refreshed and loaded periodically with configurable interval.

  • Guest
    Reply
    |     Mar 7, 2017

    This RFE's Headline was changed after submission to reflect the headline of an internal request we were already considering, but will now track here.

  • Guest
    Reply
    |     Sep 25, 2015

    Creating a new RFE based on Community RFE #77426 in product Platform Symphony.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.