Security group synchronization and default assignments

Authorization to applications, actions, and data is provided by assigning users to one or more security groups in Maximo® Manage.

Security group synchronization

Synchronized users are assigned to one or more default security groups. You can assign synchronized users to other security groups in any of the following ways. If you use an LDAP identity provider and manage user groups in the identity provider, you can synchronize group data to Maximo Application Suite and then to Maximo Manage. Your security group setup can depend on whether you maintain user groups in an LDAP provider.
  • Synchronize locally added users from Maximo Application Suite and then assign users to security groups in Maximo Manage.

  • Synchronize a user registry that does not include groups from Maximo Application Suite and assign those users to security groups in Maximo Manage.

  • Synchronize a user registry that includes user groups after you determine the mapping of the user groups to Maximo Manage security groups. Configure the synchronization of that information in Maximo Application Suite. Groups are not visible in Maximo Application Suite. Information then is synchronized to Maximo Manage.

    All existing users in a security group are replaced by synchronized users that map to that group. This means that users might be added or removed from a group. Users in security groups must be valid users of Maximo Manage.

Synchronized group data is processed as a series of messages by an enterprise service of the integration framework in Maximo Manage.

Default group assignments

All new Maximo Manage users are added to the DEFAULTREG group and to the group that is specified by the value of the NEWUSERGROUP varname in the MAXVARS table. The default value of the NEWUSERGROUP varname is MAXEVERYONE.

Users that are upgraded from Maximo Asset Management are assigned to groups that are defined by the values of the NEWUSERGROUP and ALLUSERGROUP varnames in the MAXVARS table.

Users who are given one of the administrator entitlements in Maximo Application Suite and then synchronized to Maximo Manage are assigned to the security groups that are specified by values of the ADMINGROUP varname in the MAXVARS table. The default value for this varname is MAXADMIN. These users also can be assigned to other administrative security groups.

Users that are only in the DEFLTREG security group are limited to changing their passwords or accessing the Start Center until an administrator assigns them to other groups.