Sorry for the delay getting back but this query is EXACTLY what I was after... Juist one thing to mention. Its great to comment out your limit by a group so you can get all groups in DB. Also, if using SQL Server it needs a TOP 1 in the nested select that gets the module. Otherwise, this was perfect. Greatly appreciated.
Also, to clarify we have not moved to points yet. We are just trying to do some housekeeping for our next renewal and to make sure our groups are setup to match our licenses we purchased. But we want all in order before we then try to move to points as it would appear we have people getting multiple groups that do push them to a new lic type and we need to clean that up before we move forward.
Again, really appreciate the SQL and I will be holding onto that for a while. Probably should have tried to create it myself if I had not been too lazy I guess.
------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------
Original Message:
Sent: Thu June 06, 2024 08:07 AM
From: Steven Shull
Subject: License Usage Monitor and Security Group Settings?
It's not clear if you have already traded up to MAS app points or if you're on 7.6.X and preparing to trade up. If you have already traded up, we do not have an Express equivalent in MAS so it may not be worth the effort to investigate. All Express & Limited users in 7.6.X would map to Limited in MAS. If you're still on 7.6.X licensing, you'll want to ensure you investigate because you need to stay compliant on that licensing type.
As Manoj mentioned, we have a new utility for helping calculating in MAS terms. Why it calculated a user a specific way (IE Base instead of Limited) isn't something we display still.
We don't try to calculate a licensing type requirement for security groups (IE TECHNICIAN group is Limited) because it would be confusing to administrators. Most customers put a user in multiple security groups. It would be possible to have a user in 2 Limited security groups that would actually result in the user becoming Authorized (in 7.6.X terms) or Base/Premium (in MAS terms). This is because each security group may have 3 or fewer modules with write access but when you combine the permissions across groups, they now have 4+ modules.
A query I've provided customers in the past that wanted to analyze access at that group level is below:
select maxapps.app,maxapps.description,applicationauth.groupname,1 as readaccess,
case when exists(select 1 from applicationauth z where z.groupname=applicationauth.groupname and z.app=maxapps.app and z.optionname='SAVE') then 1 else 0 end saveaccess,
case when exists(select 1 from applicationauth z where z.groupname=applicationauth.groupname and z.app=maxapps.app and z.optionname='INSERT') then 1 else 0 end insertaccess,
case when exists(select 1 from applicationauth z where z.groupname=applicationauth.groupname and z.app=maxapps.app and z.optionname='DELETE') then 1 else 0 end deleteaccess,
(select moduleapp from maxmenu where elementtype='APP' and keyvalue=maxapps.app and rownum=1) module
from maxapps
inner join applicationauth on maxapps.app=applicationauth.app and applicationauth.optionname='READ'
where maxapps.apptype!='OS'
and groupname='INSPECTOR'
order by groupname,app;
------------------------------
Steven Shull
Original Message:
Sent: Wed June 05, 2024 03:26 PM
From: David Miller
Subject: License Usage Monitor and Security Group Settings?
So in prepping for move to MAS I setup the License Usage Monitor application in a 7.6.1.3 to see how we look on our Lic Utilization.
Looks to have worked great and we have identified a couple potential issues with some overages on our Limited Lic and expectation that the users that got picked up buy Limited are to be in our Express Licenses.
How has anyone been able to easily identify when I have a Security Group that it makes a user move from Express to Limited or Limited to Authorized? The OOTB Security Group Report is junk as it mixes in Menu options and things that are not even real applications like "Data Sheet Template" & "Maximo API's Asset Definition Change" calling them an "APPLICATION" along with all the other API things that really just clutter up the list. Not to mention it does not even add the concept of Module to the Report to guide for License Usage.
I am trying to go through the security group report to find what Apps I have Save, Create or Delete permissions on to see if it pushes me to using another module aka lic tier but its a real hassle. This seems like something IBM should make easier to be able to identify my License usage more accurately.
Pleas advise if anyone else has had this similar issue. There seems t9o be a total disconnect in the app from User to License Type to Security Group Settings?
------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------