IBM Support

BiLog: Maximo 76..Cognos..Metadata Security Restrictions

Technical Blog Post


Abstract

BiLog: Maximo 76..Cognos..Metadata Security Restrictions

Body

image
There is a bulldog on my toast. Combined with a steaming cup of coffee, its consumption is highly restricted. 
 
You may also set up data restrictions in your Maximo environment - enabling users access to various subsets of data.   Typical types of data restrictions include Organization and Site data restrictions.
 
Starting with Maximo 76, new site, organization and set restrictions are applied to the metadata publishing process.     This new restrictions enable that the user will only see the Site, Organization or Set data that he has access to whether creating or running a report within Cognos.

The restrictions are applied at each object level within the Report Object Structure.   These restrictions do not have to be added to the ROS - the publishing process automatically applies the restrictions.  

 
image
 
Because Maximo does not hold these restrictions in the database, four new database  views were created in Maximo 76.   These views and the restrictions they hold are:
     SITEFILTER:  Site Restrictions
     ORGFILTER:  Organization Restrictions
     ITEMSETFILTER:  Item Set Restrictions
     COMPANYSETFILTER:  Company Restrictions
 
During the publishing process, each object is evaluated to determine which restriction will be applied to it using this sql:     
     select siteorgtype from MAXOBJECT where objectname ='x‘
 

These restrictions are then applied to the objects by appending their where clause.    The applied database views are not visible within the ROS in the Integration Object Structure application. They are only visible when viewing the published package in Cognos Framework Manager.  

 
An example of this is shown with the Asset Object.   Prior to 76, its sql in FM would have been
   Select * from [MXDB]ASSET
 
Starting with 76, its sql has been appended to include the restrictions as a where clause, so it now becomes
    Select * from [MXDB]ASSET where ((SITEID in (select distinct SITEID from SITEFILTER where USERID =  #sq($account.defaultName)# and APP = 'ASSET')) or not     exists ((select SITEID from SITEFILTER where USERID = #sq($account.defaultName)# and APP = 'ASSET')))
 
This new feature will insure that whether your users are creating or running ad hoc or enterprise reports in Cognos - their data will be restricted to allow only the Organization, Site and Set data that they have access to.
 
For more details on this feature, access the Maximo Cognos Feature guide  in the section titled ' New Metadata Security restrictions in Maximo 76'.  Additionally, you can review an in-depth six part series on Maximo Cognos metadata publishing - including the new security restrictions - in the YouTube Playlist here
 
For more details on Maximo 76 Cognos information including wiki pages, reference documents and recordings, reference this previous BiLog

Here's to toast and new Maximo Cognos data restrictions!  : ) 

 

[{"Business Unit":{"code":"BU005","label":"IoT"}, "Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11132329