Stevie, Long time no see (at GDIT Montgomery), but I ran across your post here.
This may be helpful to you from the approach of securitying connections like MXLoader for example.
How to manage security on Object Structures to prevent users from modifying data with HTTP servlets?
In the Object structures application there are two ways to manage security:
1) Application-level authorization
Menu - Object Application Authorization: In the Authorized Application field, specify the application to authorize.
To restrict access to the object structure, do not grant access to the application listed in this option.
2) Object structure-level authorization. Feature starting in version 7.6.0.5.
Enabled with System property mxe.int.enableosauth
a) mxe.int.enableosauth=1 means that authorization must be configured for the object structure - In the Object Structure application - Menu Configure Object Structure Security. The object structure behaves like an application with this configuration - you can't use it unless granted authorization.
b) mxe.int.enableosauth=0 means that authorization configuration is not required in the Object Structure application.
https://www.ibm.com/support/pages/mif-object-structure-authorization
My current Maximo project uses this approach along with others.
Stay Safe Mr. Stevie !
------------------------------
Joe Fullington
CGI Technologies and Solutions Inc.
------------------------------
Original Message:
Sent: 12-07-2021 10:40
From: Steven Shull
Subject: Prevent Use of MxLoader for a Specific Environment
At the end of the day, your users would need access to the object structures. If your users do not have access to the object structures in PROD then they would not be able to utilize them. Not all object structures have security configured by default so some can be used by anyone with credentials by default. You can enforce object structure security by enabling the mxe.int.enableosauth system property. If an object structure doesn't have security configured on it (either an app or object structure specific security) then it won't be usable.
That being said, the new Maximo UI frameworks (Work Centers & Graphite application framework) as well as most mobile solutions (including Maximo Anywhere & Maximo Mobile) utilize object structures so if you use them your users will need access to at least some of the object structures. In that scenario I don't think it's currently possible to prevent MXLoader.
------------------------------
Steven Shull
IBM
Original Message:
Sent: 12-07-2021 09:43
From: Stevie Holloway
Subject: Prevent Use of MxLoader for a Specific Environment
Hi All,
Is there a way to prevent someone from using MxLoader to load data into a specific environment? For example, I want to allow data loading into development, training, and test environments, but not the production environment. Can this be controlled via a security group? Or is there a different approach?
Thanks
Stevie
------------------------------
Stevie Holloway
Tufts University
------------------------------