Starting in Maximo® Application Suite 9.0, you can configure the level of
permissions to access user data. If you use APIs to retrieve user data, you can view that
data. However, you can configure the Suite custom resource (CR) file to control whether that
information is available to all users.
About this task
Requesting user information by using the GET /users and GET
/users/userid APIs, enables users to view that data. By setting
permissions of the userDataPrivacyAccess
property in the Suite
CR file, you can control who can access this information, whether it is full access,
access to non-sensitive information, or no access. User administrators who are assigned user
management privileges always have access to this data. Access for all other users, such as
application users and suite administrators, depends on the permission setting.
Procedure
- In the Red Hat® OpenShift® Container Platform console, in the Administration section,
select Custom Resource Definitions.
- In the CustomResourcesDefinitions window, select the Suite
CR file.
- On the Instances tab, select the instance that you want to
update.
- On the YAML tab for the instance, in the
spec.settings
section, change the permission for the
userDataPrivacyAccess
property.
Permission |
Description |
ALL |
This setting is the default setting for user privacy access. All users have access to the
user data. |
NON_SENSITIVE_DATA |
Application users and suite administrators can retrieve only the ID and username information of
any user.
User administrators, who are responsible for managing users, continue to have access to all user
data.
|
NO_ACCESS |
Application users and suite administrators cannot retrieve any user data from any user API. The
user APIs return 403.
User administrators, who are responsible for managing users, continue to have access to all user
data.
|
For example, if you set
userDataPrivacyAccess
to
NO_ACCESS, only user administrators have access to all user data. All other
users do not have access to this information.
spec:
settings:
userDataPrivacyAccess: NO_ACCESS
- Save the CR changes.