Understand and Audit your Maximo Licenses

Maximo licensing model is not simple. In this article I will try to present it the most simple way and to provide some useful tips to perform a licensing audit in your environment.

NOTE: The simplification does not consider all the possible versions of Maximo, add-ons, industry solutions, etc.

Maximo licensing model
IBM Maximo products are typically licensed by users. Currently, the IBM Maximo Asset Management suite offers several levels of licensing options:
  1. Authorized Users: Power users that can access all applications.
  2. Limited Use Users: Standard users that can access only three modules. They also inherit the Express Use grants.
  3. Express Use User: Basic users that can run and view reports, view and approve records, and make updates to work orders that are assigned to them. Read-only access to all application is allowed. This option is available starting from Maximo 7.5.
  4. Unlimited use users: Self Service Requestors, Desktop Requisitions and Health, Safety Environment Self Service Users entitlements are included with core license for unlimited users.

To support this categorization Maximo offers a 'User Type' field available in the Users application.

The set of allowed values is defined in the USERTYPE domain.

User Types Best Practice
I suggest to change the description of the first 4 domain values in agreement with the available user types. Alternatively you can create your own entries: AUTH, LIMITED, EXPRESS, UNLIMITED.

License compliance check

Now let's go to the technical side of the problem. The best way of auditing your Maximo environment's licenses is through SQL queries.
First of all you have to define a new database view.

DROP VIEW checkusers;

CREATE VIEW checkusers AS
SELECT maxuser.type, maxuser.userid, maxmenu.moduleapp, applicationauth.app
FROM applicationauth
INNER JOIN maxmenu ON applicationauth.app=maxmenu.keyvalue
INNER JOIN groupuser ON applicationauth.groupname=groupuser.groupname
INNER JOIN maxuser ON groupuser.userid=maxuser.userid
    maxuser.status='ACTIVE' AND
    maxmenu.menutype='MODULE' AND
    maxmenu.moduleapp NOT IN ('REPORTING','HIDDEN') AND 
    applicationauth.app NOT LIKE '%CONFIG' AND
    applicationauth.app<>'KPI' AND
GROUP BY maxuser.type, maxuser.userid, maxmenu.moduleapp, applicationauth.app;

Note that we are focusing only at SAVE grant because read only is allowed on all applications.

Now take a look at how your users are distributed on the different groups.

FROM checkusers
GROUP by type
ORDER BY type;

If the select returns an empty resultset you probably have a translated value in the STATUS field so you have to adjust the view definition.

To go deeper in your analysis you have to check if the users allocated to the different user types have the right level of access. The following queries returns how many modules are granted to each user and what these modules are.

SELECT type, userid, COUNT(*)
FROM checkusers
GROUP by type, userid
ORDER BY type, userid;

SELECT type, userid, moduleapp
FROM checkusers
GROUP BY type, userid, moduleapp
ORDER BY type, userid, moduleapp;

These are the main tools for performing the license audit. Compare your results with licensing terms and conditions.

Additional Resources

New licensing options for IBM Maximo
Monitoring license Compliance
Monitoring License Compliance in Maximo 7
New Maximo portfolio pricing adds flexibility to licensing model
Licensing Information and Usage Restrictions
IBM Maximo Licensing Demystified

Labels: ,