IBM System Storage Ideas Portal
This portal is to open public enhancement requests against IBM System Storage products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
What's your use case though for allowing someone to create a backup without dual control? Most customers will setup a scheduled task to create the backups, so Dual control at a backup creation level isn't necessary. Also, I should note that allowing someone to create backups without Dual Control itself could be problematic. They could corrupt the data and then create backup after backup until the last good backup rolls off.
I believe the request from the initial requester was discussed with them through the iSeries toolkit team. However, I see a number of customers continue to vote for this work item. If you have voted for this work item, can you please provide specific use case information, so that we can be sure that we implement a solution that meets your needs without compromising security. If necessary you can send an email directly to blead@us.ibm.com to further discuss your requirements. At this point, we still do not have enough detail to come up with a design in order to implement this request.
Please provided other use cases other than create/delete. The problem with create/delete is that if you only enable dual control for those on "certain groups" that means the other groups can create/delete whatever they want...including the ones that were created by the control group. This is not very secure. In addition, if you only some users to manage SGC but others to manage FC or MM, the problem there is that while the FC users can't create a SGC session, they can use the same volumes as those in the SGC session, which would allow a malicious user to either prevent a backup or worse overwrite data. This as well isn't very secure.
CSM decided on an all or nothing policy to avoid these "holes" that would definite the purpose of having a dual control environment. If you feel there are use cases that won't cause "holes" please help us define these more clearly so that we can look at possible implementations.