March 15, 2013

Understand and Audit your Maximo Licenses

Maximo licensing model is not simple. In this article I will try to present it the most simple way and to provide some useful tips to perform a licensing audit in your environment.

NOTE: The simplification does not consider all the possible versions of Maximo, add-ons, industry solutions, etc.

Maximo licensing model
IBM Maximo products are typically licensed by users. Currently, the IBM Maximo Asset Management suite offers several levels of licensing options:
  1. Authorized Users: Power users that can access all applications.
  2. Limited Use Users: Standard users that can access only three modules.
  3. Express Use User: Basic users that can run and view reports, view and approve records, and make updates to work orders that are assigned to them. This option is available starting from Maximo 7.5.
  4. Unlimited use users: Self Service Requestors, Desktop Requisitions and Health, Safety Environment Self Service Users entitlements are included with core license for unlimited users.

 
To support this categorization Maximo offers a 'User Type' field available in the Users application.


The set of allowed values is defined in the USERTYPE domain.


User Types Best Practice
I suggest to change the description of the first 4 domain values in agreement with the available user types. Alternatively you can create your own entries: AUTH, LIMITED, EXPRESS, UNLIMITED.

License compliance check

Now let's go to the technical side of the problem. The best way of auditing your Maximo environment's licenses is through SQL queries.
Firsto of all you have to define a new database view.

DROP VIEW checkusers;

CREATE VIEW checkusers AS
SELECT maxuser.type, maxuser.userid, maxmenu.moduleapp, applicationauth.app
FROM applicationauth
INNER JOIN maxmenu ON applicationauth.app=maxmenu.keyvalue
INNER JOIN groupuser ON applicationauth.groupname=groupuser.groupname
INNER JOIN maxuser ON groupuser.userid=maxuser.userid
WHERE
    maxuser.status='ACTIVE' AND
    maxmenu.menutype='MODULE' AND
    maxmenu.moduleapp NOT IN ('REPORTING','HIDDEN') AND 
    applicationauth.app NOT LIKE '%CONFIG' AND
    applicationauth.app<>'KPI' AND
    applicationauth.optionname='READ'
GROUP BY maxuser.type, maxuser.userid, maxmenu.moduleapp, applicationauth.app;

Now take a look at how your users are distributed on the different groups.

SELECT type, COUNT(*)
FROM checkusers
GROUP by type
ORDER BY type;

If the select returns an empty resultset you probably have a translated value in the STATUS field so you have to adjust the view definition.

To go deeper in your analysis you have to check if the users allocated to the different user types have the right level of access. The following queries returns how many modules are granted to each user and what these modules are.

SELECT type, userid, COUNT(*)
FROM checkusers
GROUP by type, userid
ORDER BY type, userid;

SELECT type, userid, moduleapp
FROM checkusers
GROUP BY type, userid, moduleapp
ORDER BY type, userid, moduleapp;

These are the main tools for performing the license audit. Compare your results with licensing terms and conditions.

Additional Resources

New licensing options for IBM Maximo
Monitoring license Compliance
Monitoring License Compliance in Maximo 7
New Maximo portfolio pricing adds flexibility to licensing model
Licensing Information and Usage Restrictions
IBM Maximo Licensing Demystified

8 comments:

  1. Hi Bruno,
    what about system users like MAXADMIN ? (http://pic.dhe.ibm.com/infocenter/tivihelp/v49r1/topic/com.ibm.mbs.doc/user/c_system_users.html)
    IMO this kind of users deserves a specific user type.

    Ciao, Diego

    ReplyDelete
  2. I think there's a typo in the view. Shouldn't it be applicationauth.optionname!='READ' (read only is not restricted, I believe)

    ReplyDelete
    Replies
    1. As far as I know, Limited users cannot have read access to more than 3 modules.
      Express users are allowed a read only access to all applications.
      It may be not so easy to check all those strange rules :-)

      Delete
  3. Hi Bruno,

    do you think it's possible to create a query that returns the user list and what modules/applications the user actually has accessed? In other words, not the access grant but the actual footprint of usage.

    BR

    ReplyDelete
    Replies
    1. There is no such info in Maximo tables.
      If you enable the login tracking you can see the history of logins so you can know who is using Maximo.
      To track the used applications you should do some customizations to Maximo Java code. Maybe the AppBean class has some method that can be overridden.
      Mays is also possible with JPS customization.

      Delete
  4. Maximo licensing model is well written. It's good information dear.
    Developpement licensing & Qu’est ce que le licensing?

    ReplyDelete