Object structures and security groups

Note: This feature is available in the feature channel. In Maximo® Application Suite, customer-managed users can use the feature channel to update their nonproduction instances to preview this feature. In Maximo Application Suite as a Service, you can use this feature in your Maximo Application Suite as a Service environment. For more information, see What's new in the Maximo Application Suite feature channel.

Object structures define the Maximo Manage business objects and attributes that are exposed through integration channels. When object structure security is enabled, administrators assign object structures to security groups to control which users and systems can access integration endpoints.

What are object structures

In Maximo Manage, object structures define the collection of business objects and their relationships that can be exchanged through integration channels such as REST, JSON, XML, or OSLC. Object structures specify which objects, attributes, and relationships are exposed to external systems.

Object structures are the resource unit for securing integration access. When object structure-level authorization is enabled, object structures can be controlled independently of applications. For example, MXASSET is an object structure whose primary business object is ASSET is related to asset records and any related child objects that are configured within that structure. Other examples of object structures and related records include:

  • MXPERSON for person records
  • MXWO for work orders
  • MXSR for service requests

Maximo Manage enforces security at the object-structure level when the mxe.int.enableosauth system property is set to 1. When this property is enabled, external users or applications cannot access or update data through an object structure until security is configured for it. For more information, see Object structure level authorization.

When object structure security is enabled, users must be explicitly granted access to the object structures they use, even if they already have permissions in the related application. Without this assignment, integrations and REST API calls fail even if the user has valid Maximo Application Suite credentials.

Assigning an object structure to a security group provides the following capabilities.
Control which user groups can access integration APIs
You can grant the following permissions.
  • Delete
  • Insert
  • Read
  • Save

These permissions determine whether a user can query, insert, update, or delete data through integration channels for that structure.

Secure REST and HTTP endpoints
Object structures back the REST API endpoints, such as /oslc/os/ and /rest/os/, so security assignments directly control API accessibility.
Restrict data flow between systems
Enabling object structure security prevents unauthorized departments or external applications from retrieving sensitive data. This security prevention is the purpose of the mxe.int.enableosauth property.
Support integration-specific permissions
Integration users can have different permissions than UI users, which is important when API access is more restricted than full application access.