You have carefully designed user's roles defining what applications and actions they are allowed to access in Maximo and implemented all using Security Groups application. The system goes live and after one or two years everything is messed up. Is too hard to check who has access to what and you no longer sure if the young electrician that was just hired 2 months ago has access to Database Configuration or Application Designer :-)
Maximo has a built-in report called Security Group Access that can help but I hardly find it useful. In my opinion it is too detailed to get an overall idea of the security configuration. For example, I'm now working on a medium-sized Maximo solution with 20 security groups and around 250 users. Well... the 'Security Group Access' report is 89 pages long!
That was not going to work. I needed I better solution for my purpose so I decided to open my preferred SQL client and Eclipse BIRT Designer to have some fun. Results were pretty good so I have decided to share them with the Maximo community.
I came up with two custom reports that give me a quick grasp of the setup of user's authorizations. The first one is called Security Overview and simply lists all the Security Groups and Start Centers counting how many users are assigned to them.
The second report is called Application Security Overview. It tries to represent which security groups provide access to applications. It is not an easy task to represent so many information in a single report but I'm finally proud of the results so here is what I have achieved to get.
The report lists all the applications in the rows and the security groups in the columns. The cell is yellow if read access is granted, orange if write access is granted, the number is the count of sigoptions granted.
The report can easily get too big if more than 20 security groups are defined so I decided to accept a list of security groups as filter so I can analyze smaller sets of data separately.
Download and installation instruction is available here.
Any feedback is highly appreciated.
Hi Bruno, simply brillant!!
ReplyDeleteMuchisimas Gracias Bruno!!! Excelente articulo y superutil para la Administracion de MAXIMO. Realmente si aprendieramos a trabajar en "comunidad" seria un gran avance para nuestras sociedades, este es un claro ejemplo.
ReplyDeleteHi Bruno!
ReplyDeleteI use Birt reports in the MAXIMO environment, And they work perfectly. I would like to run the report separately from Maxim as it does the eclipse development environment. I try to use genReport.bat from birt runtime. genReport.bat -f HTML -o outp.html C:\MaxRep\ListCommod.rptdesig (report without any paraments) but got error org.eclipse.birt.report.model.parser.DesignParserException (code = Error.DesignParserException.FILE_NOT_FOUND, message : The file "MaximoSystemLibrary.rptlibrary" is not found.) and many other... Looks like I'm doing something wrong.
How can I run the Birt report separately from the Eclipse or Мaximо?
The birt reports that runs on Maximo is created based on a standard birt for Maximo Form, so I do not believe it will work away from Maximo unless you connect birt directly to your DB system.
DeleteThis comment has been removed by a blog administrator.
ReplyDeleteHi Bruno,
ReplyDeleteMany thanks for the report.Just a suggestion,We need to put a logic to remove the inactive users from the report.
to do so do
Delete1- fix dataSet dsOverView to
ds = MXReportDataSetProvider.create(this.getDataSource().getName(), this.getName());
ds.open();
var dummyTable = new String();
if(ds.isOracle())
{
scriptLogger.debug("Database type: Oracle");
dummyTable = "from dual";
}
else if(ds.isDB2())
{
scriptLogger.debug("Database type: IBM DB2");
dummyTable = "from sysibm.sysdummy1";
}
else if(ds.isSQLServer())
{
scriptLogger.debug("Database type: Microsoft SQL Server");
dummyTable = "from dummy_table";
}
else
{
// TODO: add warning
scriptLogger.debug("Unknown database!!!");
return;
}
var sql = new String();
if(ds.isOracle() || ds.isDB2())
{
sql =
"select"
+ " (select count(*) from organization) c_org,"
+ " (select count(*) from site) c_site,"
+ " (select count(*) from maxgroup) c_group,"
+ " (select count(*) from maxuser where status = 'ACTIVE' ) c_user"
+ " " + dummyTable;
}
else if(ds.isSQLServer())
{
sql =
"select"
+ " (select count(*) from organization) as c_org,"
+ " (select count(*) from site) as c_site,"
+ " (select count(*) from maxgroup) as c_group,"
+ " (select count(*) from maxuser where status = 'ACTIVE' ) c_user"
+ " " + dummyTable;
}
ds.setQuery(sql);
2- fix dsGroups to
ds = MXReportDataSetProvider.create(this.getDataSource().getName(), this.getName());
ds.open();
var sql = new String();
sql = "select groupname, description, "
+ "(select count(*) from groupuser where groupuser.groupname=maxgroup.groupname "
+ " and groupuser.userid in (select personid from maxuser where status = 'ACTIVE' )"
+") numusers, "
+ "independent, sctemplateid, "
+ "passwordduration, passwordwarning, authallsites, authallstorerooms, "
+ "authlaborall, authlaborcrew, authlaborself, authlaborsuper, "
+ "authpersongroup, authallgls "
+ "from maxgroup "
+ " where " + params["where"]
+ " order by maxgroup.groupname asc"
;
ds.setQuery(sql);
Very good report.
ReplyDeletesmall bug in mx_securityapp, the report filter is not applied to Application Access section, all you need to do is add:-
+ " and " + params["where"]
to data set (dsGrpApp).
Regards