Maximo

 View Only
  • 1.  License Usage Monitor and Security Group Settings?

    Posted Wed June 05, 2024 03:26 PM

    So in prepping for move to MAS I setup the License Usage Monitor application in a 7.6.1.3 to see how we look on our Lic Utilization.

    Looks to have worked great and we have identified a couple potential issues with some overages on our Limited Lic and expectation that the users that got picked up buy Limited are to be in our Express Licenses.

    How has anyone been able to easily identify when I have a Security Group that it makes a user move from Express to Limited or Limited to Authorized? The OOTB Security Group Report is junk as it mixes in Menu options and things that are not even real applications like "Data Sheet Template" & "Maximo API's Asset Definition Change" calling them an "APPLICATION" along with all the other API things that really just clutter up the list. Not to mention it does not even add the concept of Module to the Report to guide for License Usage.

    I am trying to go through the security group report to find what Apps I have Save, Create or Delete permissions on to see if it pushes me to using another module aka lic tier but its a real hassle. This seems like something IBM should make easier to be able to identify my License usage more accurately.

    Pleas advise if anyone else has had this similar issue. There seems t9o be a total disconnect in the app from User to License Type to Security Group Settings?



    ------------------------------
    David Miller
    Managing Partner - Maximo Consultant
    Enterprise Integration Partners LLC
    ------------------------------


  • 2.  RE: License Usage Monitor and Security Group Settings?

    Posted Thu June 06, 2024 12:34 AM

    To prep for MAS, give a try with AppPoints tool instead of License Usage Monitor application. This tool can help you understand the required app points based on current usage.

    You need to contact IBM sales to get the package to install. Refer below:

    https://www.ibm.com/support/pages/node/6956291



    ------------------------------
    Manoj Sawant
    ------------------------------



  • 3.  RE: License Usage Monitor and Security Group Settings?

    Posted Thu June 06, 2024 08:08 AM

    It's not clear if you have already traded up to MAS app points or if you're on 7.6.X and preparing to trade up. If you have already traded up, we do not have an Express equivalent in MAS so it may not be worth the effort to investigate. All Express & Limited users in 7.6.X would map to Limited in MAS. If you're still on 7.6.X licensing, you'll want to ensure you investigate because you need to stay compliant on that licensing type. 

    As Manoj mentioned, we have a new utility for helping calculating in MAS terms. Why it calculated a user a specific way (IE Base instead of Limited) isn't something we display still. 

    We don't try to calculate a licensing type requirement for security groups (IE TECHNICIAN group is Limited) because it would be confusing to administrators. Most customers put a user in multiple security groups. It would be possible to have a user in 2 Limited security groups that would actually result in the user becoming Authorized (in 7.6.X terms) or Base/Premium (in MAS terms). This is because each security group may have 3 or fewer modules with write access but when you combine the permissions across groups, they now have 4+ modules.

    A query I've provided customers in the past that wanted to analyze access at that group level is below:

    select maxapps.app,maxapps.description,applicationauth.groupname,1 as readaccess,
    case when exists(select 1 from applicationauth z where z.groupname=applicationauth.groupname and z.app=maxapps.app and z.optionname='SAVE') then 1 else 0 end saveaccess,
    case when exists(select 1 from applicationauth z where z.groupname=applicationauth.groupname and z.app=maxapps.app and z.optionname='INSERT') then 1 else 0 end insertaccess,
    case when exists(select 1 from applicationauth z where z.groupname=applicationauth.groupname and z.app=maxapps.app and z.optionname='DELETE') then 1 else 0 end deleteaccess,
    (select moduleapp from maxmenu where elementtype='APP' and keyvalue=maxapps.app and rownum=1) module
    from maxapps
    inner join applicationauth on maxapps.app=applicationauth.app and applicationauth.optionname='READ'
    where maxapps.apptype!='OS'
    and groupname='INSPECTOR'
    order by groupname,app;



    ------------------------------
    Steven Shull
    ------------------------------



  • 4.  RE: License Usage Monitor and Security Group Settings?

    Posted Mon June 10, 2024 11:21 AM

    Sorry for the delay getting back but this query is EXACTLY what I was after... Juist one thing to mention. Its great to comment out your limit by a group so you can get all groups in DB. Also, if using SQL Server it needs a TOP 1 in the nested select that gets the module. Otherwise, this was perfect. Greatly appreciated.

    Also, to clarify we have not moved to points yet. We are just trying to do some housekeeping for our next renewal and to make sure our groups are setup to match our licenses we purchased. But we want all in order before we then try to move to points as it would appear we have people getting multiple groups that do push them to a new lic type and we need to clean that up before we move forward.

    Again, really appreciate the SQL and I will be holding onto that for a while. Probably should have tried to create it myself if I had not been too lazy I guess.



    ------------------------------
    David Miller
    Managing Partner - Maximo Consultant
    Enterprise Integration Partners LLC
    ------------------------------



  • 5.  RE: License Usage Monitor and Security Group Settings?

    Posted Mon June 10, 2024 11:59 AM

    So I do have a question as we just identified our problem that is making a bunch of users be a lic level higher then we expected. Somehow we got the following in this query you gave us:

    app description groupname readaccess saveaccess insertaccess deleteaccess MODULE
    PLUSDSPLAN Data Sheet Template CRAFT 1 1 1 1 PLANS

    That app is pushing users into a additional module. But I do not see the App in App Designer nor do I find the options in the Security Group setup to turn it off on that group???

    I know this is Calibration related but this client has no Industry Solutions and no idea how this got activated??? There is supposed to be a application per this doc I found:

    Data Sheets Tab Data sheets play a crucial part in the management of assets that require calibration.  Data sheets provide technicians with the information that they need to perform a calibration. A data sheet is a template that defines the specifications of an asset for the calibration process. Only the steps that detail the use of the Data Sheet Tab in the Asset Template are outlined below. 1. Access the Asset Template record in the Asset Template Application of the Asset Module. 2. Navigate to the Data Sheets Tab. 3. If Data Sheets have not been created, they must be created through the Data Sheet Template Application of the Planning Module. (See Note below) Note:  Although the Data Sheet Template Application's detailed instructions are not part of this process document.  Some screen shots of the application are shown below as an example of some of the information required to set-up the Data Sheet Template.  Maximo Help Files for the Data Sheet Template Application are a good source of information for creating a Data Sheet Template.



    ------------------------------
    David Miller
    Managing Partner - Maximo Consultant
    Enterprise Integration Partners LLC
    ------------------------------



  • 6.  RE: License Usage Monitor and Security Group Settings?

    Posted Mon June 10, 2024 12:09 PM

    In the SQL query, concepts like licensing are not possible to validate since only the Java code knows what applications are licensed. But the License Usage Monitor application should ignore it if you do not have the Calibration license installed. When you get to MAS, Linear, Calibration, & Scheduler are automatically enabled out of box. In 7.5+ they are installed out of box but unlocked via license keys.

    You can try and see if this is causing your issue by deleting these permissions at a database level. Since the license does not exist, our application restrictions will prevent it from showing in the Security Groups application. 



    ------------------------------
    Steven Shull
    ------------------------------



  • 7.  RE: License Usage Monitor and Security Group Settings?

    Posted Thu June 06, 2024 11:13 AM

    We ran similar queries to what Steven Schull provided below. This has been a fairly lengthy process. We provided the results of our query to the User Groups and they are deciding if each Security Group actually still needs access to specific modules. Our systems have been in place for a long time so not unusual for Users to have too much access. We also looked at login histories and decided to make Users Concurrent if they had only logged in 120 times (or less) over the previous 6 months. That will be another consideration.

    I note in your post you don't mention Read access. I believe even Read access counts in the determination of Limited, Base, or Authorized.



    ------------------------------
    Richard Foster
    ------------------------------