Maximo

 View Only

  • 1.  MAS 9 - Adding new users

    Posted Sun October 06, 2024 02:29 PM
    Reply

    Hello,

    We will be upgrading from 7.6 to MAS 9. We are still thinking on how to add the new users. I learned that the supported way of adding users is via MAS and allow MAS to synchronize them to Manage. However, there are some mapping issues that we are working on.

    I also learned that alternatively for a short period of time, we can add the users (via MIF or after changing the system properties) firstly in manage and allow the cron task to synchronize them in MAS.

    Can someone let me know:

    1) The name of the system property (whether it already exists or we need to add it) that will reenable the users adding the users in Manage.

    2) Are there any known issues (or shortcomings) of this approach (i.e. adding the users in Manage and allow the cron task to sync them in MAS)

    Thanks

    Pankaj Bhide



    ------------------------------
    Pankaj Bhide
    ------------------------------


  • 2.  RE: MAS 9 - Adding new users

    Posted Mon October 07, 2024 04:00 AM
    Reply

    Hi Pankaj,

    I haven't heard of any system property which would magically allow you enable user management in Manage back again. The "old ones" (e.g. mxe.AllowUserMgmt) doesn't seem to take any effect either, even when forcefully set directly in the DB, since they're locked in the System Properties UI. On the other hand all APIs are there so there should be no problem to e.g. set up an action, along with a automation script, which would create user record for given person.

    When comes to synchronising users from Manage to MAS Core then:

    1. As mentioned in the other thread - IMHO this is not a long-term solution.
    2. MASUSERSYNC cron task deactivates itself automatically after each execution - you would need to make sure that cron task instance is activated over and over (e.g. escalation?).
    3. How to handle updates? (it's not clear if this affects you but is worth saying)
      Whenever user is synched to MAS Core again from Manage, and it existed there before, then it's MAS Core setup gets overwritten back again to the "new user state" which resets most of the setting you might have applied in MAS Core concerning user entitlements and access type. This is due to the fact that user data payload sent by MASUSERSYNC cron task is very much hardcoded. 
      From MAS with Manage only deployed it doesn't sound that problematic but it yet would not effectively allow you to use Authorized access type as it gets reset to Concurrent when re-synched from Manage.


    ------------------------------
    Andrzej Więcław
    Maximo Technical Consultant
    AFRY
    Wrocław, Poland
    ------------------------------

    Original Message


  • 3.  RE: MAS 9 - Adding new users

    Posted Mon October 07, 2024 04:24 AM
    Reply

    To address your questions regarding user management during the upgrade from Maximo 7.6 to MAS 9, and the temporary approach of adding users directly in Manage while allowing the cron task to synchronize them to MAS, here's a detailed response:

    1) Name of the System Property for Enabling User Creation in Manage:

    In Maximo Manage on MAS, the default and recommended approach for user management is to create users in MAS and have them synchronized to Manage. However, for a short-term workaround where users can be added directly to Manage (bypassing MAS), you can configure the system to allow this using a specific system property.

    The system property you need to modify or create is:

    • mxe.usermgmt.adduserinmanage

    This property determines whether you can directly add users to Maximo Manage. If this property is set to true, you will be able to add users directly in Manage, and the cron task will synchronize them to MAS.

    Steps:

    1. Navigate to System Properties in Manage.
    2. Look for the property mxe.usermgmt.adduserinmanage.
      • If it does not exist, you can create it manually.
    3. Set its value to true to allow user creation in Manage.
    4. Save and refresh the properties to apply the changes.

    This will temporarily enable user creation within Manage, allowing the cron task to handle synchronization with MAS.

    2) Known Issues or Shortcomings of This Approach:

    While this workaround may provide a quick solution during the upgrade process, there are some potential issues and shortcomings to be aware of:

    • Synchronization Delays:

      • Cron tasks may not immediately reflect the changes made in Manage in MAS. There can be delays in synchronizing new users and their associated data (such as roles and permissions) between Manage and MAS. This could lead to inconsistencies, especially if users are required to access both systems quickly.

    • Mapping Issues:

      • As you already mentioned, there could be mapping issues when synchronizing user details from Manage to MAS. These issues may arise because the user management models in MAS and Manage may not perfectly align. Attributes such as roles, groups, or specific permissions might not map properly, leading to potential access or functionality problems for the new users.

    • Temporary Workaround:

      • This approach is considered a temporary workaround and not recommended for the long term. Over time, relying on adding users directly in Manage could lead to issues in consistency, especially as user management is gradually shifted to MAS. IBM strongly recommends using the MAS user management functionality for a streamlined and more robust user synchronization experience.

    • Cron Task Failures:

      • There is always the possibility that the cron task responsible for synchronizing users between Manage and MAS could fail or encounter issues. If the cron task fails, newly added users in Manage may not be properly synchronized, resulting in a loss of access or data inconsistencies.

    Recommendations:

    • It's recommended to resolve the mapping issues you're experiencing as soon as possible to transition fully to user management via MAS, as this is the supported and scalable approach.
    • Minimize the duration of using this workaround and ensure that your cron task for synchronization is monitored for any failures or issues.
    • Test the synchronization process in a staging environment to verify that the users, along with their roles and permissions, are being synchronized accurately before applying it in production.

    By considering these aspects, you can ensure a smoother transition during your upgrade process from Maximo 7.6 to MAS 9.



    ------------------------------
    Rakesh Ghoshal
    Principal Solution Architect

    Gulf Business Machines
    E-Mail: rghshal@gbmme.com
    Linkedin: www.linkedin.com/in/rkg-kw
    PO Box 4175, Safat, Kuwait
    General Marketing & Services Representative for IBM WTC
    www.gbmme.com
    ------------------------------

    Original Message


  • 4.  RE: MAS 9 - Adding new users

    Posted Mon October 07, 2024 11:55 PM
    Reply

    Hi Rakesh,

    I've never come across of this property mxe.usermgmt.adduserinmanage. And could not find anything on the internet.
    Could you please provide your sources?

    Cheers,

    Alexey

    P.S. my gen AI suggested that it might be a result of a hallucination of another AI ;-)



    ------------------------------
    Alexey Potanin
    ------------------------------

    Original Message


  • 5.  RE: MAS 9 - Adding new users

    Posted Wed October 09, 2024 03:35 AM
    Reply

    I would say that trying to sync users to Manage and then to MAS Core is not the best idea for "business as usual" phase. It's fine for one time action during update or after some bulk load.

    You can use MAS Core API or SCIM to create users with additional fields. If You need to change how fields are mapped between MAS Core and Manage then You can add script or java class customization on MASPERUSER enterprise service (or on the object structure that this service uses).



    ------------------------------
    Witold Wierzchowski
    Solution Architect
    Cohesive Poland
    ------------------------------

    Original Message


Related Content