Maximo

Maximo

Come for answers, stay for best practices. All we're missing is you.

 View Only

  • 1.  Manage public queries/reports via a generic user?

    Posted Sun July 04, 2021 11:34 PM
    Edited by System Admin Wed March 22, 2023 11:44 AM

    My organization has come across a scenario where public queries and reports were created by user x, and now user x has left the organization. It's my understanding, as an I.T. user with MAXADMIN security, that I won't be able to edit or delete the queries/reports that were created by user x.

    • I'm told that the only way to handle this scenario is to get our DBA to modify the underlying db records via an UPDATE statement...changing the owner to MAXADMIN...and then login as MAXADMIN to edit the queries/reports.
    • But, non-DBAs like me don't use the MAXADMIN user -- it's reserved for the DBA -- so we'll still be out of luck.


    That situation isn't ideal. My organization needs a way for IT analysts (with MAXADMIN security) to manage public queries and reports ourselves.

    BMXAA3897E - Only the creator of this query can delete it.
    Note: The current IT user does have MAXADMIN security, but still can't delete the query.


    Questions:
    1. Are the limitations mentioned above correct?
    2. To avoid that scenario, should we only ever create public queries and reports by using a custom QUERYADMIN user?
        - Multiple I.T. staff would use that user -- but only for managing public queries and reports.
        - We'd remove the 'Public?' checkbox from the save query window for regular users -- via a security setting.
    3. Or are there other options?

    Thanks.



    Edit:
    Related: Build a custom application to manage all queries
    https://www.linkedin.com/posts/stephen-hume-8570003_step-by-step-to-create-a-query-management-ugcPost-6830909038759424000-lP2C

     


    #Maximo
    #AssetandFacilitiesManagement


  • 2.  RE: Manage public queries/reports via a generic user?

    Posted Mon July 05, 2021 05:39 PM
    This has long been a pain in Maximo. I submitted a RFE many years ago (https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=36979) to better support changing these as simply changing the owner will break other things in Maximo.

    In the interim, we've created a custom application to enable the query to be modified and/or deleted inside of Maximo by other users. We created a simple automation script (firing on attribute initialize access restriction on the CLAUSE attribute) that makes the field editable inside of the application. Something like this:

    if app=="EMXQUERY" and mbo.getBoolean("ISPUBLIC"):
        mbovalue.setReadOnly(False)

    Deleting is a bit trickier as it will only let you delete your own query. And you need to check for references (such as on a start center) before allowing it to delete as it won't perform that check appropriately after you change ownership. So we had to write logic to look for references, change the owner of the query, and then delete.

    ------------------------------
    Steven Shull
    Director of Development
    Projetech Inc
    Cincinnati OH
    ------------------------------

    Original Message


  • 3.  RE: Manage public queries/reports via a generic user?

    Posted Mon July 05, 2021 08:05 PM
    Edited by System Admin Wed March 22, 2023 11:53 AM
    The comments from Bowser in that RFE seem correct:

    "On another RFE (https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=60464), I have indicated that building an application that simply allows editing of other users' queries from a new application in the Administration module only took 2 hours to build with Application Designer and an automation script.

    I think IBM should consider the other RFE "low hanging fruit" / "an easy win" to relieve a real pain point, and this ownership changing and its possibly associated start center changing / re-architecting a good "nice to have".

    Maybe Query ownership should be changed to be like ownership on WOs and Tickets. That way, if the owner is a person, then just that person can edit it, or if it is owned by a person group, then all members of that group can edit it.

    This would be optimal for start centers, because it is often the team of administrators who creates, manages and tunes start center queries. (I say "often" to avoid being too general, but among the numerous clients I have served, I have never seen it otherwise. And the workaround of using a shared username / password to create these queries is not acceptable to some clients.)

    Of course, the visibility of the Take Ownership button on the Saved Query dialog would be managed via a Sig Option / Application Authorization being granted to a security group, so a Conditional Expression can control which queries you can take ownership of."
    #Maximo
    #AssetandFacilitiesManagement


  • 4.  RE: Manage public queries/reports via a generic user?

    Posted Mon July 05, 2021 10:06 PM
    Yeah, there are a lot of ideas in this space. All with pros and cons that make it difficult to state what should be done. The short term decision the community has decided (as many people have done, including us, Bowser, and many others) to go the custom app with scripts to change editability rules and anyone with access to that app can basically edit any query. 

    But when you start getting to long term decision is where things diverge. Today, another problem is there are too many queries in applications. Something is either private to an individual or public to everyone in the app. That means people see queries they won't ever use which makes it harder to find the ones they need. Coming up with a group model (security, person group, or a new custom group record) that can determine which queries you see would address that issue. But there was a discussion on that when IBM was looking to do the work and the answers were pretty varied as to which of those three it should be just for determining who could see the query. And then you get into further granularity such as should everyone in the group be able to edit it or only the person who defined it (which brings back the need to change owner) or an additional group of users beyond who can see it? I think this is one of the trickiest RFEs IMO to solve because every organization wants improvements but each wants it done differently. It'll be interesting to see exactly how it gets addressed.

    ------------------------------
    Steven Shull
    Director of Development
    Projetech Inc
    Cincinnati OH
    ------------------------------

    Original Message


  • 5.  RE: Manage public queries/reports via a generic user?

    Posted Mon July 05, 2021 05:50 PM
    Further to Stephen's post:  I believe someone else has created a custom application that ties to the QUERY table, to allow IT users to change the Owners via the GUI.  Note, however, that if you change the Owner of a query that is used on a Start Center Result Set, the Result Set won't display properly for the users.  You need to update the template and re-create the Result Set, and then get the users to Update Start Center afterwards.


    ------------------------------
    Shannon Rotz
    InComm Solutions
    New Westminster BC
    ------------------------------

    Original Message


  • 6.  RE: Manage public queries/reports via a generic user?

    Posted Wed July 07, 2021 02:05 AM
    Hi Shannon,

    That's true - I've seen several approaches for a separate Maximo Application managing Queries. We did also develop such an application, but that would be a commercial product: https://youtu.be/qYKhunpETaI

    In general, the concept is:
    - We make all Queries public
    - Admins would have to associate a Query with a User Group for visibility
    - If a Query should be really public - assign MXEVERYONE Group
    - MAXADMIN or Users with appropriate permissions are allowed to modify queries they're NOT owner of as well. I believe, that includes delete
    - The application does also provide some nice extra function like "Check Query" or "Go to Application"

    Many Greetings from Switzerland,

    ------------------------------
    Johann Rumpl
    Maximo Senior Consultant
    EAM Swiss GmbH
    Gais
    Switzerland
    ------------------------------

    Original Message


  • 7.  RE: Manage public queries/reports via a generic user?

    Posted Thu August 12, 2021 08:06 PM
    Edited by System Admin Wed March 22, 2023 11:52 AM
    I stumbled across an old PDF from OnTracks that appears to be related:
    Configurable Maximo - Saved Query Manager application

    --------------------------------------------------------------------------------------------------------------

    Configuration 2: Saved Query Manager

    Problem:
    - You can only change your own Saved Queries
    - Preference to not have MAXADMIN login to PROD
    - Queries are used across the system and may need changes

    Solution:
    - New Application to manage Saved Queries, available to
    System Administrators



    #Maximo
    #AssetandFacilitiesManagement


  • 8.  RE: Manage public queries/reports via a generic user?

    Posted Thu August 12, 2021 08:23 PM
    There's a post in LinkedIn from someone else that I recently saw with a full solution as well.




    Original Message