Maximo Open Forum

Hi,

Can anyone help me with this?

I have to make all active users have only readonly access( so that they do not make any changes) except for Maxadmins?

If i do manually it will take huge time, what are the other ways but which i make sure they have only read only access

Thanks

#Administration
#Analytics
#Architecture
#Assets
#CivilInfrastructure
#Customizations
#EndUser
#EverythingMaximo
#HSE/OilandGas
#Infrastructure
#Integrations
#Inventory
#IoT
#LifeScience/Calibration
#Linear
#MaximoApplicationSuite
#MaximoForAviation
#MaximoUserGroups
#Mobility
#Nuclear
#Procurement
#Reporting
#Scheduling
#Security
#ServiceProvider
#Spatial
#Transportation
#Utilities
#WorkCenters
#WorkManagement
#MaximoVisualInspection
#Predict
#Monitor
#Health
#Assist
#Safety

------------------------------
Trisha S
Tcs
------------------------------

Can anyone share their suggestion please?

------------------------------
Trisha S
Tcs
------------------------------

Original Message:
Sent: 2/15/2024 5:31:00 AM
From: Trisha S
Subject: RE: Make all users have readonly access except for maxadmin

Can anyone share their suggestion please?

------------------------------
Trisha S
Tcs
------------------------------

I agree with Kendall in a sense that if users only have read only access, why allow them in the system?  It would also potentially overload the administrators with data input when many administrators have other roles outside of the system.  However, not everyone is the same understandably.  In the security settings you can give read access to each group for each application.  Really, if these groups only have read only, easiest to do is have two groups.  MAXADMIN and EVERYONE else.  

As Kendall mentioned, if you create a security group of Electricians, the change to read only is just one action.  All personnel in that security group now is restricted from any function other than read only.  What version are you working?

------------------------------
A.S. Bearden, GDIT
'ADAM'
------------------------------

Original Message:
Sent: 02-15-2024 05:31
From: Trisha S
Subject: Make all users have readonly access except for maxadmin

Can anyone share their suggestion please?

------------------------------
Trisha S
Tcs
------------------------------

Make sure you change the settings to each security group for each application users have access to.  So it will be a bit time consuming however not knowing your version and the amount of applications you have is a bit difficult to steer you in the direction you need to go.  

------------------------------
A.S. Bearden, GDIT
'ADAM'
------------------------------

Original Message:
Sent: 02-15-2024 05:31
From: Trisha S
Subject: Make all users have readonly access except for maxadmin

Can anyone share their suggestion please?

------------------------------
Trisha S
Tcs
------------------------------

If you access to DB and Websphere then the simplest way to achieve this is by running the below steps:

1. Stop Application Server

2. Delete from applicationauth where groupname not in ('MAXADMIN','MXINTADM') and optionname !='READ';

3. Start application Server

Highly recommended to test this in Lower environment before running this on PROD.

------------------------------
Biplab Choudhury
BPD Zenith Australia
------------------------------

Hi @Trisha S!

This query will give you a list of security groups that have active users who are not in MAXADMIN group. Then, from those groups, it will look for applications with INSERT, SAVE, and DELETE sigoptions.

select groupname, app, optionname from maximo.applicationauth where optionname in ('SAVE', 'INSERT', 'DELETE') 
and groupname in (select groupname from maximo.groupuser where groupname not in ('MAXADMIN') and userid in (select userid from maximo.maxuser where status = 'ACTIVE')) order by groupname, app, optionname

Regards!

------------------------------
Martin Fabra
ARSAT S.A. - Actively seeking employment
------------------------------