Understanding the Maximo User Security Profile

Jul 20, 2022 | Maximo Cloud and Security, Maximo Configuration, TRM Blog | 0 comments

John Q. Todd

Sr. Business Consultant/Product Researcher

Total Resource Management (TRM), Inc. 

We all have been managing our Maximo user licenses for a very long time. Navigating that delicate balance between the licenses your company is entitled to and the actual usage of Maximo by your user communities can be challenging. Of course, leveraging the License Usage Monitor (LUM) is helpful to help track and visualize this moving target in the hopes of maintaining compliance with IBM licensing rules.


What Maximo processes use the User Security Profile?

The LUM has been the primary consumer of the User security profile in Maximo up to version But now, with the advent of AppPoints, if you are still on the AppPoint Calculator will make use of the profiles. Or if you are on MAS, the Software License Server. All three use the underlying User Security Profile to perform license calculations.


What does the Security Profile look like?

Let’s start with a simple example: A brand new User in Maximo.

When you create a new User in Maximo that User is placed into two Security Groups by default: EVERYONE and DEFLTREG. (Your situation may be different)

Given this initial configuration, the Users profile is rather limited. There is not much they have access to within Maximo. Their profile would typically look like this:

Because of the settings (or the lack thereof) within the two Security Groups, this user does have access to a few applications as expected but has no Site access. Not much they can do other than typical Self-Service.

The license management apps in Maximo and MAS would group this user into Self-Service, therefore not needing a license behind them.


What happens when we put this User into other Security Groups?

Here is where the fun begins.

I created a new Security Group with only the following settings:

  • Site access = BEDFORD
  • Read Only access to Work Order Tracking

Then, when you add this User to this new Security Group, their Security Profile changes to:

Oh my! You can see how quickly a Security Profile can grow with the amount of information you have to paw through to understand what the User can do.

Notice that the “Applications (no site access)” title has changed to “System-level Applications.”

In addition to the System-level applications the User had before, the settings of the single non-default Security Group they are in begin to be listed. Note that each Site the User is granted to has its own section in the profile. If the User is in a Security Group where they are granted access to all Sites, each Site will have its own section.

When you open the APPLICATIONS under BEDFORD, now you see Work Order Tracking (the app we gave Read-only access to). Expand it and there is even more to see:

Recall that we only gave the Security Group Read access to Work Order Tracking. Where do we find that?

Well, you must scroll down further and look for:

Now what?

As you grant access to Users via their Security Groups, and perhaps add more Sites to their profile by adding them to more Security Groups, these lists in the Users’ security profile can get quite long. Each application under each Site will have these lists of what the User can do and see.

To help understand how tools like the LUM and the AppPoint Calculator (as well as the MAS Software License Server) are determining your license or AppPoint usage, look at the Application Access List action under the LUM. It shows you the different license types and how the NOACCESS, READONLY, and FULLACCESS situations the Users are in play a role.

By the way, if you have moved to AppPoints yet are still running, as mentioned earlier you must install the new AppPoint Calculator tool to your Maximo instance. The LUM and all of its configurations become irrelevant once you move to AppPoints.


Wrap up

TRM lives and breathes all this license and AppPoints stuff, so we can help you navigate your situation. We have helped many clients sort out their licensing situation, especially those who have experienced an IBM Licensing audit. We also have some helpful tools you can run on your system that go even further to give you insights.


Article by John Q. Todd, Sr. Business Consultant at TRM. Reach out to us at AskTRM@trmnet.com if you have any questions or would like to discuss deploying MAS 8 or Maximo AAM for condition-based maintenance/monitoring.




Submit a Comment

Your email address will not be published. Required fields are marked *