IBM Data and AI

Welcome to the IBM Data and AI Ideas Portal for Clients!

We welcome and appreciate your feedback on IBM Data and AI Products to help make them even better than they are today!
Before you submit an idea, please perform a search first as a similar idea may have already been reported in the portal. If a related idea is not yet listed, please create a new idea and include with it a description which includes expected behavior as well as why having this feature would improve the service and how it would address your use case.
IBM Employees:
Clients:
  • Our team welcomes any feedback and suggestions you have for improving our offerings / products! This forum allows us to connect your offering / product improvement ideas with IBM product and engineering teams.

  • If you have not registered on this portal please click on the following link and register. To complete registration you will need to open the email you will receive from Aha to confirm your identity. http://ibm.biz/IBM-Data-and-AI-Portal-Register

Additional Information:
  • The shorter URL for this site is: https://ibm.biz/IBM-Data-and-AI-Ideas

  • To view our roadmaps: http://ibm.biz/Data-and-AI-Roadmaps

  • Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases

  • Please do not use the Ideas Portal for reporting bugs - we ask that you report bugs or issues with the product by contacting IBM support.

implicit GRANT EXECUTE to SYSMON authority for all monitor routines(RIMS)

Customer has to grant the EXECUTE privilege on the monitoring functions to a user who already has the SYSMON authority. They would expect that a user of the SYSMON_GROUP holds this privilege implicitly. This looks like a restriction to the monitoring users. The main issue here is that SYSMON is an instance level authority and that the routines are considered for database level authority. SYSMON authority will only apply to the 'legacy monitoring infrastructure' which is SNAPSHOT based because the snapshot API makes use of an INSTANCE ATTACH rather than a database connection. This is why SYSMON is an Instance level authority rather than a database authority. The monitor routines makes no use of the snapshot infrastructure and relies on database connections. SQLADM is a database level authority rather than an instance authority. The current design of the monitoring routine infrastructure is therefore not sensitive to SYSMON authority. As the customer understood the 'legacy snapshot infrastructure' is not 'the future'. But he doesn't understand the benefit of a SYSMON group when it's necessary to grant explicit SQLADM rights only for monitoring in every database of a company. If a user is member of the SYSMON group he wants to monitor everything. If the customer wants to implement a monitoring software he must now grant SQLADM to a monitoring userid in maybe hundreds of databases! Also there is a 'risk' with SQLADM: If someone has SQLADM he is allowed to start an offline reorg with ALLOW NO ACCESS against a production system which can mean that this system stands still maybe for hours. So please implicitly GRANT EXECUTE to SYSMON authority for all monitor routines.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 3 2019
  • Future consideration
Idea Priority Medium
Customer Name GENERALI IT SOLUTIONS GMB

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions