Using Object Structure Authorization with Maximo Spatial
Using Object Structure Authorization with Maximo Spatial
So, you have decided (or were voluntold) that you need Object Structure Security enabled and ever since starting that journey, you encountered some obvious hiccups. After turning on the property “mxe.int.enableosauth”, all accessibility seems to have dropped off the map (pun intended?).
First, let’s quickly cover the purpose of this property:
Maximo 7.6.0.5 introduced this property to provide additional layers of security between Maximo’s REST API. Out-of-the-box, Maximo generally allows rest API calls between systems to any user that provides valid credentials through the request. These users could range between different departments, and data requests could be retrieved by users who should not be privy to such information. Hence, the introduction of this property. When enabled, each object structure need security access granted, indicating that requests/communications are allowed through the REST. Additionally, users also need access to the structure to make such requests, thereby limiting querying abilities to only approved credentials.
With that said, let’s talk about Maximo Spatial. After enabling, the first thing you notice (and rightfully so), is your Spatial integrations no longer work. There is no need to panic; It means your enabled property is working, and now you need to provide the access.
We can break this down into two parts. First is to provide user access to the Object Structure, and the second part is to Authorize the Object Structure for requests.
Part 1: User access to the Object Structure
1. Open security group application and open security group (e.g. MAXADMIN)2. Click on Object Structure Tab
3. Search for MXAPIMESSAGE
4. Grant read access.
5. Search for ARCGISASSET
6. Grant all required access
Part 2: Authorize Object Structure
1. Open Object Structure Application, and query “ARCGISASSET”2. Click on “Configure Object Structure Security”.
3. Check the box “Use Object Structure for authorization name”.
4. Click OK to the prompt.
5. Return to List Screen
6. Under More Actions, click “Object Application Authorizations.”
7. Add new row for ASSET object and ARCGISASSET application (for both /rest/mbo AND /rest/os). Example of /rest/os:
8. Add new row for MAXMESSAGES Object and MXAPIMAPMANAGER application. See image below:
That should do it. You can repeat the above steps for other integration objects, such as your ARCGISLOCATION. In my experience, signing out and resigning in doesn’t always do the trick. I needed to bounce the Maximo server to observe the changes. If you encounter issues, having difficulties or require any assistance in your Spatial integrations, please feel free to reach out to Interloc.
About Suraj Singh
Suraj Singh is an IBM-awarded Technical Team leader with over 15 years of experience providing Maximo Enterprise Asset Management (EAM) solutions to worldwide clients in the public and private sectors. Suraj uses his expert business and technical system analysis, along with Maximo best practices to provide innovative solutions to his clients in all phases of development, design and implementation. He believes in continuously adapting and embracing evolving technologies and has authored published Geographical Information System (GIS) research articles, Maximo documentation and patents. With his tremendous track record, Suraj is committed to the success of Maximo users across the globe.