Ahh, the joy of it all, security and the ensuing panic that you have breached the IBM licencing terms. Firstly, note that IBM defined the access for these groups and that you must belong to the appropriate Anywhere group as per
Authorizations.
If your license is for mobile-only, then they just need two be a member of the Everyone group plus the Anyway, but I'd add another which is the one that controls the sites they're allowed in. Else it's at least an Express user + Anywhere User license.
I've struggled with (grrrr) that read-only access is needed to those apps under the Administration module, thus in theory meaning, they should really have an Authorised license.
As your tests have indicated, disabling read access has bad results even when you switch over to the other URL as Steven has indicated. I haven't done that as yet.
In my opinion, do not take it as fact, leave the Anywhere groups as is, after all, IBM did create them that way for a good reason. In the end, if you do get audited, they should know about the Anywhere groups.
------------------------------
===============================
Craig Kokay,
Lead Senior Maximo/IoT Consultant
ISW
Sydney, NSW, Australia
Ph: 0411-682-040
=================================
#IBMChampion2021
------------------------------
Original Message:
Sent: Thu September 30, 2021 04:09 AM
From: Steve Lee
Subject: ANYWHERE_TECHNICIAN gives access to app in Maximo
Do you have a test/dev environment where you can try and remove some of the access to these applications in the Anywhere_technician security group and make sure it has no adverse effect?
I dont believe removing access from these applications would cause any issues but you should go through a test cycle just to be sure
------------------------------
Steve Lee
Maximo Technical Sales Specialist
IBM
Leeds
Original Message:
Sent: Wed September 29, 2021 08:45 AM
From: Mathieu Guilmette
Subject: ANYWHERE_TECHNICIAN gives access to app in Maximo
Hi,
In order to be able to log in WorkExecution , the user has to be in the security group "ANYWHERE_TECHNICIAN". Our issue is that this group gives access to a lot of unncessary application for a technician to see.
For example, a technician has access to app like "Company", "Anywhere Administration", "Classification", etc...
There is like 12 apps or so that we want to hide to the user even if thoses apps are on readonly.
How can I do this ?
------------------------------
Mathieu Guilmette
------------------------------
#Maximo
#AssetandFacilitiesManagement
#MaximoAnywhere