IBM Support

Automation Script to make Workflow follow Status privileges as defined by Security Groups

Technical Blog Post


Automation Script to make Workflow follow Status privileges as defined by Security Groups


The default behavior of Workflow is to ignore Security Group privileges for change status and other options.   I've always liked that and, over the years, we have fixed more than a few bugs when it turned out that behavior was not being followed by Maximo.   But it turns out not everyone thinks it should be that way.   I see the point, that the rest of Maximo follows your Security Group privileges so why not Workflow?   


The theory we have followed for all the years that Workflow has  been around is that if a user who does not have Approve privilege on a Work Order in Security Groups gets a WO routed to them in WF for approval, they should be allowed to do just that.   WF will ignore the fact that the user does not have Approval privilege and allow the user to approve the WO.   Maximo operates this way since the designer of the WF process specifically sent the WO to this user for approval so the approval is allowed.    If the designer of the WF process did not want this user to approve the WO they would not have sent the WO to that user.    This also allows the Maximo administrators the flexibility to remove the Change Status privileges from the users so that they cannot change the status in WOTrack but still can change the status using WF.   That applies to any Workflow enabled application, not just WOTrack.


This automation script changes that default behavior.    When this script is in place and active, WF will only allow the user to change the status if they have that status privilege granted to them in Security Groups.   This script only changes Maximo's default behavior for status changes, WF will still ignore other Security Group options such as Create Workorder and allow a user who does not have Workorder (create workorder) in Security Groups to create a WO in WF using the application action CREATEWO.


You have to be very careful with your Workflow design as you don't want the record to end up in limbo after being sent to a Task node for approval by a user who does not have the necessary approval rights.  


The automation script has been posted at this link:


As with all automation scripts, this is an example of what can be done with automation scripts.    It is not supported by Maximo Support.



[{"Business Unit":{"code":"BU005","label":"IoT"}, "Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]