IBM Support

Domain restrictions for specific user, without affecting security group users

Technical Blog Post


Abstract

Domain restrictions for specific user, without affecting security group users

Body

Maximo controls the access and privileges by security groups , where each security group has associated users that will be affected by changes in the security groups privileges.

Then, on a beautiful day you are faced to a challenge. You get to know that one specific user is special and needs very close attention in regards to access to domain values, such as the list of Work Order Status.

You have a way to determine that the whole security group that the user belongs to, will have limited access to specific status values but you still have a way to change or modify access to specific domain values using condition expressions associated.

Consider that you wanted to restrict some specific statuses from the Change Status list, in Work Order Tracking application, for some specific user groups to have access.

image

You can play around conditions as much as you want, here are two examples :

 

You go to Conditional Expression Manager and create a condition where Maximo would evaluate if the connected user belongs to the security group to be authorized, as the example below :

:&USERNAME& not in (SELECT USERID FROM GROUPUSER WHERE GROUPNAME = 'BOBGROUP1')

* if you want to have users from one specific security group to see that status value, it will work only for users that are not part of the BOBGROUP security group.


Or by specific user  (if you want to exclude a user from authorized users) :

:&USERNAME& not in ('BOB')                                  

* if you want to authorize only one specific user, no matter what security group he belongs to, it will work only for the BOB user.


Then associate the created condition with the specific status line from the WOSTATUS domain, by clicking in Add/Modify Conditions for that specific status value, in Domains app

 

This allows you to provide special treatment as for having specific domain values available for some users and not others, no matter if they belong to the same security groups.

 

Good luck and have a nice day.

[{"Business Unit":{"code":"BU005","label":"IoT"}, "Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11112967