IBM System Storage Ideas Portal


This portal is to open public enhancement requests against IBM System Storage products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace Storage Protect Family
Categories Spectrum Protect (Server)
Created by Guest
Created on Jul 31, 2019

RELATED IDEAS

SP server output file ownership/permissions

SP can output several types of files. For example, DRM recovery plans, backing up devconfig or volhist, select command output, etc.

We can already control where to direct the output, i.e., directory structure and filename.

Having the ability to also control the ownership (user/group) and permissions (read, write, etc) would enable the use of these files without needing to grant elevated privileges where otherwise they would not be needed.

Idea priority Medium
  • Guest
    Reply
    |     Jan 18, 2022

    IBM has evaluated the request, and has determined that it can not be implemented at this time or does not align with the current multi-year strategy. This request may be resubmitted for consideration after 18 months from the date of submission. The request submitter will automatically be notified by email when the request qualifies for reconsideration and resubmission.

  • Guest
    Reply
    |     Apr 27, 2020

    We manage our Spetrum Protect using a variety of scripts. For security purposes these scripts do NOT run as same user that the Spectrum Protect instance runs as. One of the things that these scripts do is use the SP command prepare to create the recovery plan file. The script then sends this file to an off-site location. To do this, it requires read access to the recovery plan file.

    Starting some time after version 7.1.1.300 the recover plan file no longer has world readable permissions. This is probably a good security decision, however, removing all access other than the SP instance user requires security to be elevated for management scripts or the management scripts to be run as the SP instance user. Overall this can be argued as reducing security.

    Adding a "group" parameter and a "permission" parameter to the prepare plan command (and other commands that create output files) permission can be granted to management scripts and maintain the intended level of security. Something like

    prepare planprefix=/my/recovery/plans/ group=scriptGroup permission=rw,r,-

    where the permission is owner,group,other and includes the set of letters rwx for read, write, execute

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.