Skip to Main Content
IBM System Storage Ideas Portal

This portal is to open public enhancement requests against IBM System Storage products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Created by Guest
Created on Nov 14, 2019

CSM - Change dual access control options

We would like to have the option to enable dual access control for different operations and different user groups.

Idea priority High
  • Guest
    Mar 29, 2024
    CSM has delivered an SGC Dual Control solution, as well as providing a way to define who can do what at a more granular level. I believe that these two features cover the primary use cases and I haven't heard any additional input. Marking this request a delivered per the above changes. If there are specific use cases that aren't covered, please comment or create a new IDEA with the specific scenario.
  • Guest
    Feb 28, 2023
    Hmmm...I could possibly see this for say Session Operators. As session operators wouldn't have the ability to issue commands against other aspects of the server which might cause issues. Would it work for you to have Dual Control "options" for session Operators? Then an option to enable/disable Dual Control at the admin level as well?

    What's your use case though for allowing someone to create a backup without dual control? Most customers will setup a scheduled task to create the backups, so Dual control at a backup creation level isn't necessary. Also, I should note that allowing someone to create backups without Dual Control itself could be problematic. They could corrupt the data and then create backup after backup until the last good backup rolls off.
  • Guest
    Dec 2, 2020

    I believe the request from the initial requester was discussed with them through the iSeries toolkit team. However, I see a number of customers continue to vote for this work item. If you have voted for this work item, can you please provide specific use case information, so that we can be sure that we implement a solution that meets your needs without compromising security. If necessary you can send an email directly to to further discuss your requirements. At this point, we still do not have enough detail to come up with a design in order to implement this request.

  • Guest
    Dec 9, 2019

    Please provided other use cases other than create/delete. The problem with create/delete is that if you only enable dual control for those on "certain groups" that means the other groups can create/delete whatever they want...including the ones that were created by the control group. This is not very secure. In addition, if you only some users to manage SGC but others to manage FC or MM, the problem there is that while the FC users can't create a SGC session, they can use the same volumes as those in the SGC session, which would allow a malicious user to either prevent a backup or worse overwrite data. This as well isn't very secure.

    CSM decided on an all or nothing policy to avoid these "holes" that would definite the purpose of having a dual control environment. If you feel there are use cases that won't cause "holes" please help us define these more clearly so that we can look at possible implementations.


Granular CSM Dual Control

We would like to enable dual control for destructive task, but not for all task. For example, deleting a safeguarded copy, altering a replication session contents, etc. should be under dual control. Would it be possible when enabling dual control ...
over 3 years ago in IBM Copy Services Manager (CSM) 1 Delivered