Bulk add/remove of access rights

Technical 0 Comments

Problem

------------------

It is time-consuming in Maximo to individually pick and grant access to applications to a security group. One common problem is to grant all access to maxadmin in newly setup maximo environment or remove access to all applications of a module.

Solution

--------------------

This automation script lets you do that. Test in 7.6 environments. 

-- Get module and application list
select distinct appname, (select description from maxapps where app=appname) description, module, (select description from maxmodules where module=maxlicappaccess.module) descmodule from maxlicappaccess order by module, appname;

-- Create automation script with object launch point, on action update, after save, for object MAXGROUP

-- Remove access of application from security group
# Only allow for NTBUS Group
if mbo.getString("GROUPNAME")=="MYGROUP":
    from psdi.mbo import MboConstants
   
    maxappSet = mbo.getMboSet("MAXAPPS")
    maxappSet.setWhere(" app in ('ENDPOINT', 'CREATEINT', 'ENDPOINT', 'EXTSYSTEM', 'IM', 'INTERROR', 'INTMSGTRK', 'INTOBJECT', 'INTSRV', 'INVOKE', 'JSONRES', 'LAUNCH', 'LMO', 'MANAGEINT', 'OSLCPROV', 'OSLCRES', 'PUBLISH', 'WSREGISTRY', 'ACTION', 'AUTOSCRIPT', 'COMMTMPLT', 'CONFIGUR', 'CRONTASK', 'DEPLCOLLS', 'DEPLGROUPS', 'DESIGNER', 'DM', 'DOMAINADM', 'EMAILSTNER', 'ESCALATION', 'IBMCONTENT', 'IMICONF', 'LOGGING', 'MFMAILCFG', 'PLUSPDMADM', 'PLUSPESC', 'PROPMAINT', 'ROLE', 'WFADMIN', 'WFDESIGN') ")
    maxappSet.reset()
    maxappMbo = maxappSet.moveFirst()
    print('-------Script launched-----')
   
    while maxappMbo:
        print('Processing --->> '+maxappMbo.getString("app"))
        maxappMbo.setValue("READ",False,MboConstants.NOACCESSCHECK)
        maxappMbo.setValue("SAVE",False,MboConstants.NOACCESSCHECK)
        maxappMbo.setValue("INSERT",False,MboConstants.NOACCESSCHECK)
        maxappMbo.setValue("DELETE",False,MboConstants.NOACCESSCHECK)
        maxappMbo = maxappSet.moveNext()

# Only allow for MAXADMIN Group
if mbo.getString("GROUPNAME")=="MAXADMIN":
    from psdi.mbo import MboConstants
   
    maxappSet = mbo.getMboSet("MAXAPPS")
    maxappMbo = maxappSet.moveFirst()
   
    while maxappMbo:
        print('Processing --- '+maxappMbo.getString("app"))
        maxappMbo.setValue("READ",True,MboConstants.NOACCESSCHECK)
        maxappMbo.setValue("SAVE",True,MboConstants.NOACCESSCHECK)
        maxappMbo.setValue("INSERT",True,MboConstants.NOACCESSCHECK)
        maxappMbo.setValue("DELETE",True,MboConstants.NOACCESSCHECK)
        sigoptOtherSet = maxappMbo.getMboSet("SIGOOTHER")
        sigoptOtherMbo = sigoptOtherSet.moveFirst()
   while sigoptOtherMbo:
            if not sigoptOtherMbo.getMboValueData("AUTHORIZED").isReadOnly() and not sigoptOtherMbo.getString("OPTIONNAME")=="NOPORTLET":
                sigoptOtherMbo.setValue("AUTHORIZED",True,MboConstants.NOACCESSCHECK|MboConstants.NOVALIDATION)
            sigoptOtherMbo = sigoptOtherSet.moveNext()       
        maxappMbo = maxappSet.moveNext()

Share this post

Blog Comments


Post your comment






Thank You! You comment is under review and will be published soon..
Thank You! You comment is Published.

Popular posts

Bulk add/remove of access rights
2015-01-03
Get Maximo location hierarchy
2017-11-08
Find and compile invalid Maximo objects
2016-05-05
Change NLS_LENGTH_SEMANTICS to CHAR
2015-03-01
Skip doclinks copy on object duplication
2019-06-27