Cloud Management and AIOps


This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Needs more information
Workspace SevOne
Categories Network Management System (NMS)
Created by Guest
Created on Feb 18, 2026

RELATED IDEAS

Provide safe way to execute certain tasks which had been automated prior to 7.0 as a root user

Root access removed in NMS 7.0+ breaks customer automation workflows, particularly certificate renewal automation. As certificate lifecycles decrease, manual renewal becomes unsustainable without a least-privilege alternative.

Operational Risk

  • Certificate Expiration: Manual renewal increases risk of expired certificates causing service outages
  • Automation Broken: Pre-7.0 root-based scripts no longer functional
  • Scalability Issue: Manual renewal doesn't scale across multiple NMS instances
  • Security Exposure: Service disruptions from expired certificates impact availability

 

 

Idea priority Medium
  • Admin
    Ryan Wilson
    Feb 24, 2026

    Vinit,

    The following suggestion was made by engineering as a workaround. Will this work for you:

    echo supportuser | sudo -S bash -c '<original command here>'
    Reply
  • Guest
    Feb 24, 2026

    Certificate Update Process and Access Control Requirements

    Current Documentation Reference

    The IBM SevOne NPM certificate generation guide requires executing the following commands on root-owned files:

    mv /secrets/nginx/nginx.crt /secrets/nginx/nginx.crt.old
mv /secrets/nginx/nginx.key /secrets/nginx/nginx.key.old
mv nginx.crt /secrets/nginx/nginx.crt
mv nginx.key /secrets/nginx/nginx.key
chmod 400 /secrets/nginx/nginx.crt /secrets/nginx/nginx.key

     

    Access Control Challenge

    Current State:

    • The support user has sudo privileges but requires password authentication
    • Root access has been intentionally removed for security purposes

    Problem: Automated certificate update scripts cannot execute these commands without either:

    1. Root access (security risk - removed by design)
    2. Passwordless sudo for the support user (security risk - negates the purpose of removing root access)

    Proposed Solution: Implement a restricted privilege escalation mechanism that allows the support user (or a dedicated service account) to execute only the specific commands required for certificate management, without granting broad sudo access.

    This approach maintains security by:

    • Limiting elevated permissions to predefined, audited commands
    • Preventing unauthorized privilege escalation
    • Enabling automation without compromising the security posture
    Reply
  • Admin
    Ryan Wilson
    Feb 19, 2026

    Vinit, can you be more specific about which certs you used automation to update on the NMS hosts prior to 7.X that you're having difficulty with now?

    1 reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.