MXLoader utilizes the MIF (Maximo Integration Framework) which enforces security but object structures are treated differently than the applications. What's happening is you have object structures that have no security defined so anyone with a username/password can use them. We talk about how to configure object structure security here: https://www.ibm.com/support/pages/how-configure-object-structure-security .This walks you through how you configure security for a specific object structure.
If you want to prevent any object structures without security configured to be used, you can enable the system property mxe.int.enableosauth (this is enabled by default in newer versions). It is important to know that this is NOT specific to MXLoader and will impact any integration into Maximo. For example, if you have a XML file integration and that XML file references an object structure that has no security configured, that integration will break when you enable the system property. Before you enable this system property, make sure you identify all object structures and ensure proper security is configured and granted to the integration accounts. Also make sure you monitor integrations for any errors after you make the change.
------------------------------
Steven Shull
IBM
------------------------------
Original Message:
Sent: 10-02-2023 14:22
From: Danny Richardson
Subject: MXLOADER Bypasses Maximo Security Level Settings
Hello all. I was wondering. When putting in the User and Password in the CONFIG sheet in MX Loader, it seems to bypass the security level set in Maximo.
When I run the PM sheet to ADD/CHANGE a PM, it creates a PM, when in Maximo that user would not have that access.
Any ideas? Is that what this article answers? https://www.ibm.com/docs/en/mam/7.6.0?topic=security-configuring-j2ee
Thank you
------------------------------
Danny Richardson
Maintenance Administration Facilities
Technimark LLC
------------------------------