How to inactivate Users in maximo who don't use it anymore?

Question

I am very new to maximo. I wanted to know how to inactivate users who are not using maximo anymore. I tried googling this but I am not able to find enough material on Maximo. I have to write a cron task to do that. I saw this: http://www.ibm.com/support/knowledgecenter/SSZRHJ/com.ibm.mbs.doc/autoscript/t_cron_task_scripts.html

Can anyone give e a few pointers on how to write it, maybe a sample cron task?

score 2 · Answer 1 · answered May 31 '16 at 16:51

What you're looking for is an Escalation. Escalations are instances of a special Cron Task that has been designed to use a query (a target object and a where clause) to find records and then to apply actions to and / or send emails from each record found.

You'll need to define the where clause against MAXUSER to locate the records you want to deactivate and find or define an Action to change the status of the records found. You can then hook the query and the action together via an Escalation.

Sun · Answer 2 · 2016-06-03T21:51:55.197

1

The query below is for Oracle database. It looks at the logintracking table and gives you a list of users whose last interaction with Maximo is over 90 days ago:

select * from
 (select max(attemptdate) lastLogout, loginid 
   from logintracking
   where loginid <> 'MAXADMIN'
   group by loginid
   order by max(attemptdate) desc
 )
where lastlogout < sysdate - 90

If this is a one-time change, you can manually inactivate the users using Security > Users. If you want to run this weekly, you'd have to change the query a bit to updates the status field in the maxuser table where the user status is still active but is still part of your inactivation list.

Best to experiment in a test environment to make sure your escalation is working properly.

edited Jun 03 '16 at 21:51

answered Jun 01 '16 at 22:52

Sun

2,595
1
26
43

Maximo is synchronized with LDAP for user Authentication and Labor information is integrated from SAP. – newbie Jun 10 '16 at 07:29
We have LDAP as well for password management. Users should still be tracked in maximo users table. If you manage whether a user can login (has access) via LDAP, then logins require management from another source, not maximo itself. The LDAP sync can pass that information down to maximo. That's out of the scope of this question though. – Sun Jun 10 '16 at 17:30

score 0 · Answer 3 · answered Jul 05 '16 at 23:24

You commented to +Sun that "Maximo is synchronized with LDAP". In that case, try this:

Update the UserMapping on the existing instance of the LDAPSYNC Cron Task to look for a flag that indicates that the user is active in LDAP. (Exactly what to look for will depend on your organization. Your LDAP administrators should be able to help you.) Then, make a second instance of the LDAPSYNC Cron Task that looks identical to the first, except that (1) the GroupMapping doesn't find any groups (use a condition like (objectName=DOES_NOT_EXIST) that won't find anything), and (2) the UserMapping looks for the flag indicating the user is not active and has {INACTIVE} mapped to the STATUS attribute of MAXUSER.

How to inactivate Users in maximo who don't use it anymore?

3 Answers3