August 4, 2017

Security groups and application authorizations

We all know how flexible Security Groups are when dealing with user roles and granting application authorizations. However, flexibility often brings complexity.
You have carefully designed user's roles defining what applications and actions they are allowed to access in Maximo and implemented all using Security Groups application. The system goes live and after one or two years everything is messed up. Is too hard to check who has access to what and you no longer sure if the young electrician that was just hired 2 months ago has access to Database Configuration or Application Designer  :-)

Maximo has a built-in report called Security Group Access that can help but I hardly find it useful. In my opinion it is too detailed to get an overall idea of the security configuration. For example, I'm now working on a medium-sized Maximo solution with 20 security groups and around 250 users. Well... the 'Security Group Access' report is 89 pages long!


That was not going to work. I needed I better solution for my purpose so I decided to open my preferred SQL client and Eclipse BIRT Designer to have some fun. Results were pretty good so I have decided to share them with the Maximo community.

I came up with two custom reports that give me a quick grasp of the setup of user's authorizations. The first one is called Security Overview and simply lists all the Security Groups and Start Centers counting how many users are assigned to them.


The second report is called Application Security Overview. It tries to represent which security groups provide access to applications. It is not an easy task to represent so many information in a single report but I'm finally proud of the results so here is what I have achieved to get.


The report lists all the applications in the rows and the security groups in the columns. The cell is yellow if read access is granted, orange if write access is granted, the number is the count of sigoptions granted.
The report can easily get too big if more than 20 security groups are defined so I decided to accept a list of security groups as filter so I can analyze smaller sets of data separately.

Download and installation instruction is available here.

Any feedback is highly appreciated.