Administer user access

IBM® Maximo® Application Suite users are created and managed at the suite-level and are made available for application-level access with application-specific role assignments such as administrator or user. If the application requires it, an application administrator can then set detailed application privileges in each individual application.

User management requires the following user entitlement and access:

Administration Enablement Administration Access
Base or Premium User management

Important: In Maximo Application Suite 8.3.0, the user management for the IBM® Maximo® Manage application is done from that application's user interface. The Maximo Application Suite user IDs cannot be used to access that application unless both use the same LDAP or SAML repository. For more information, see Configuring user authentication in the Maximo® Manage documentation.

Overview

Maximo Application Suite user records are stored in the MongoDB collection User in the MongoDB core database. The internal user registry can be configured to use external authentication providers for user authentication.

From the Users section of the Suite administration page, you can complete the following tasks:

Users can self-manage their accounts from the Maximo Application Suite user interface to update the display name, change their password, and set preferred language and region.

User entitlement and access

User access is granted through entitlements and associated access rights. A newly created user by default has limited application entitlement and user application access to the Maximo Monitor application, if deployed.

You can fine-tune the Maximo Application Suite access rights at user creation time or later by using a combination of the following user access dimensions:

For sample entitlement and access assignment combinations, see Sample user roles configurations.

Application Point cost

Application Points (AppPoints) are used to track and enforce user entitlement and access across Maximo Application Suite. At creation time, you assign each user an entitlement level: none, limited, base, or premium. Each level is associated with an AppPoint cost.

The cost is permanently reserved for administration entitlements or applied when a user is logged in to Maximo Application Suite for application entitlements. When a user starts a session, AppPoints corresponding to the entitlement level are checked out. When the user session ends, all AppPoints are returned. For more information, see Understanding Application Points.

No application entitlement AppPoints are checked out for an administrator user session. The permanently reserved AppPoints cover the application entitlement.

Entitlement level Application Administration
Limited 5 N/A
Base 10 10
Premium 15 15

Administration entitlement and access

Administrative access to Maximo Application Suite and its applications is granted by using administration entitlement.

Entitlement Description
None If no administration entitlement is granted, the user is a regular Maximo Application Suite user who no administration rights. If the user has an application entitlement other than None, the user can log in and access applications in Maximo Application Suite.
Base Base administration entitlement gives the user application administrator rights for each application to which the user has access and for which the user was given certain administrative rights at the Maximo Application Suite level: workspace management and user management.
The base administrator user has access rights to the Suite administration page as set by the administration access selection.
Premium Premium administration entitlement gives the user administrator rights at the Maximo Application Suite level. In addition, the user has all rights of the Base entitlement.

Users who have an administration entitlement other than None can be granted combinations of Maximo Application Suite administration access.

Access Description
System configuration Note: Requires premium administration entitlement.
The user has edit access to the Applications, Configuration, and License sections of the Suite administration page.
User management The user has edit access to the Users section of the Suite administration page and can grant users access to applications.

Application entitlement and roles

The application entitlement entitles the user access to the applications and tools that make up Maximo Application Suite.

Entitlement Description
None If no application entitlement is granted, the user does not have access to any applications. However, the user has access to the Maximo Application Suite user interface, and if the user has administrator entitlement, they also have access to the Suite administration page.
Limited With limited entitlement a user can work with the core Maximo Application Suite applications, which include:
  • Maximo Monitor
  • Maximo® Manage
  • Maximo® Assist
Base With base entitlement the user has access to the following applications:
  • IBM® Maximo® Health
  • IBM Maximo Safety

In addition, the user has the same application access as the Limited entitlement.
Premium With premium entitlement the user has access to the following applications:
  • IBM® Maximo® Predict
  • Maximo Visual Inspection

In addition, the user has the same application access as the Base entitlement.

Note: The application roles are controlled by the applications and might differ from application to application. By default, users with administration entitlement are given the administrator role for all available applications. A user with no administration access is given the user role for the application that the user is entitled to.

The following example pertains to the Maximo Monitor application:

Role Description
None If no role is granted, the user does not have access to the applications.
User The user has regular user access rights to the application.
Administrator The user has administrator user access rights to the application.
Note: A user needs Administration Entitlement to be granted the administrator role.

For more information about the available user roles for specific applications, see the corresponding documentation:

Sample user roles configurations

The following table lists generic Maximo Application Suite user roles and their accompanying entitlements and access settings:

Role Administration entitlement Administration access Application entitlement Application role
Maximo Application Suite administrator
The Maximo Application Suite administrator manages overarching system configuration settings from the Suite administration page.
Premium System configuration None None
Application administrator
The application administrator administers one or more applications, adds and assigns users to these applications, and uses the application-specific user interfaces to manage further user privileges.
Base User management Limited Example:
Maximo Monitor with Administrator role
Application user
The application user has access to the Suite navigator and to one or more applications at an access level that is set by the application.
None None Limited Example:
Maximo Monitor with User role