Changing privacy access for obtaining user data

Starting in Maximo® Application Suite 9.0, you can configure the level of permissions to access user data. If you use APIs to retrieve user data, you can view that data. However, you can configure the Suite custom resource (CR) file to control whether that information is available to all users.

About this task

Requesting user information by using the GET /users and GET /users/userid APIs, enables users to view that data. By setting permissions of the userDataPrivacyAccess property in the Suite CR file, you can control who can access this information, whether it is full access, access to non-sensitive information, or no access. User administrators who are assigned user management privileges always have access to this data. Access for all other users, such as application users and suite administrators, depends on the permission setting.

Procedure

  1. In the Red Hat® OpenShift® Container Platform console, in the Administration section, select Custom Resource Definitions.
  2. In the CustomResourcesDefinitions window, select the Suite CR file.
  3. On the Instances tab, select the instance that you want to update.
  4. On the YAML tab for the instance, in the spec.settings section, change the permission for the userDataPrivacyAccess property.
    Permission Description
    ALL This setting is the default setting for user privacy access. All users have access to the user data.
    NON_SENSITIVE_DATA

    Application users and suite administrators can retrieve only the ID and username information of any user.

    User administrators, who are responsible for managing users, continue to have access to all user data.

    NO_ACCESS

    Application users and suite administrators cannot retrieve any user data from any user API. The user APIs return 403.

    User administrators, who are responsible for managing users, continue to have access to all user data.

    For example, if you set userDataPrivacyAccess to NO_ACCESS, only user administrators have access to all user data. All other users do not have access to this information.
    spec:
      settings:
        userDataPrivacyAccess: NO_ACCESS
  5. Save the CR changes.