MaximomizeMaximomize/
Security Rights using Automation ScriptsSecurity Rights using Automation Scripts
Search
Security Rights using Automation Scripts

Security Rights using Automation Scripts

Created
Jan 13, 2022 02:15 PM
Tags
automation script
Status
Published
Created Date
These are few automation scripts snippets written in Jython which I use to manage users rights with in Maximo with the click of a button. To use these write the script in Automation script app. Then click the Execute or Launch script button in the toolbar. These becomes even more useful when you do not have access to database.
ℹ️
If you are missing the execute or launch script button from toolbar
notion image
See this article to add it back in
 
1. Giving user A same rights as user B2. Merge the rights of User A and User B3. Revoke All rights from a User

1. Giving user A same rights as user B

This script has two fields which needs to be modified fromUser and toUser
The existing rights of toUser are removed and he/she is given the same rights as fromUser. The rights of fromUser are not modified
from psdi.server import MXServer
from psdi.mbo import MboRemote, MboSetRemote
from psdi.mbo import MboConstants, MboSetEnumeration

fromUser = 'MAXTEST99' # The user from which the righs should be read
toUser = 'TESTUSER' # The user to which the rights should be given


TAG = "[Rights As: " + fromUser + " -> " + toUser + "] "
print(TAG + " ##################### Starting ######################")
toSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
toSet.setWhere("userid = '" + toUser + "' and groupname != 'MAXEVERYONE'")
toSet.reset()
toSet.deleteAll()

frSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
frSet.setWhere("userid = '" + fromUser + "' and groupname != 'MAXEVERYONE'")
frSet.setFlag(MboConstants.NOSAVE, True)
frSet.setFlag(MboConstants.DISCARDABLE, True)
frSet.reset()

if frSet.isEmpty():
    print(TAG + " No groups found for from User" + fromUser)
else:
    print(TAG + str(frSet.count()) + " groups found for from user ")
    mse = MboSetEnumeration(frSet)
    while mse.hasMoreElements():
        fr = mse.nextMbo()
        group = fr.getString("GROUPNAME")
        print(TAG + " Adding " + group)
        to = toSet.add()
        to.setValue("GROUPNAME", group, MboConstants.NOACCESSCHECK | MboConstants.NOVALIDATION_AND_NOACTION)
        to.setValue("USERID", toUser, MboConstants.NOACCESSCHECK | MboConstants.NOVALIDATION_AND_NOACTION)


toSet.save()

print(TAG + " ##################### Ending ########################")
GIVESAMERIGHTS.py
It will output a window like below when the execute or launch script button is pressed
notion image
 

2. Merge the rights of User A and User B

For example toUser is already part of certain security groups. In addition to those we need to give him/her the more rights similar to fromUser. Difference between this script and the script in previous section is that this toUser existing rights wont be modified
 
from psdi.server import MXServer
from psdi.mbo import MboRemote, MboSetRemote
from psdi.mbo import MboConstants, MboSetEnumeration

fromUser = 'MAXTEST99' # The user from which the righs should be read
toUser = 'TESTUSER' # The user to which the rights should be given

TAG = "[Rights As: " + fromUser + " -> " + toUser + "] "
print(TAG + " ##################### Starting ######################")
toSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
toSet.setWhere("userid = '" + toUser + "' and groupname != 'MAXEVERYONE'")
toSet.reset()

frSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
frSet.setWhere("userid = '" + fromUser + "' and groupname != 'MAXEVERYONE' and groupname not in (select groupname from groupuser where userid = '" + toUser + "')")
frSet.setFlag(MboConstants.NOSAVE, True)
frSet.setFlag(MboConstants.DISCARDABLE, True)
frSet.reset()

if frSet.isEmpty():
    print(TAG + " No groups found for from User " + fromUser)
else:
    print(TAG + str(frSet.count()) + " groups found for from user " + fromUser)
    mse = MboSetEnumeration(frSet)
    while mse.hasMoreElements():
        fr = mse.nextMbo()
        group = fr.getString("GROUPNAME")
        print(TAG + " Adding " + group)
        to = toSet.add()
        to.setValue("GROUPNAME", group, MboConstants.NOACCESSCHECK | MboConstants.NOVALIDATION_AND_NOACTION)
        to.setValue("USERID", toUser, MboConstants.NOACCESSCHECK | MboConstants.NOVALIDATION_AND_NOACTION)


toSet.save()

print(TAG + " ##################### Ending ########################")
MERGERIGHTS.py
Click the Execute / launch script button to run this script

3. Revoke All rights from a User

Sometimes its needed to immediately take all rights away from a user. The following script does that 
from psdi.server import MXServer
from psdi.mbo import MboRemote, MboSetRemote
from psdi.mbo import MboConstants, MboSetEnumeration

user = 'SOMEUSER' # Enter the userid here

TAG = "[Revoking rights for: " +  user + "] "
print(TAG + " ##################### Starting ######################")
toSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
toSet.setWhere("userid = '" + user + "' and groupname != 'MAXEVERYONE'")
toSet.reset()
toSet.deleteAll()
toSet.save()

print(TAG + " ##################### Ending ########################")
REVOKERIGHTS.py
Click the Execute / launch script button to run this script