Search code examples
maximo

Maximo automation script get user securityGroup

I would like to get the security group of the user in a Maximo automation script so I can compare it. I need to know if the user in in MaxAdmin or UserUser group to execute the reste of my script. My scripts are in Python

how could I get that Info?

Solution

  • There are some implicit variables available to you in an automation script (check the IBM Automation Script guide), one of which is the current user's username. There is also the :&USERNAME& special bind variable that gets replaced with the current username. You can use one of those as part of the query to fetch a GroupUser MBO and then check the count of it afterward.

    I'm going off of memory here so the exact names and syntax probably differ, but something like:

    groupUserSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
groupUserSet.setWhere("userid = :&USERNAME& and groupname in ('MAXADMIN', 'USERUSER')")
# Not really needed.
groupUserSet.reset()

if groupUserSet.count() > 0:
    # The current user is in one of the relevant groups.
else:
    # The current user is not in one of the relevant groups.
groupUserSet.close()

    It's worth noting that the kinds of things tied to logic like this usually don't need an automation script. Usually conditional expressions, normal security permissions or reports can do what you need here instead. Even when an automation script like this is needed, you still should not do it based on group alone, but based on whether the user has a certain permission or not.

    EDIT

    To do this with permissions, you would add a new sigoption to the app with an id along the lines of "CANCOMPPERM" (with a more verbose description) and grant it to those two groups. Make sure everyone in those groups logs out at the same time (so nobody in those two groups are logged into the system at a given point) or else the permission cache will not update. Your code would then look something like this:

    permissionsSet = MXServer.getMXServer().getMboSet("APPLICATIONAUTH", MXServer.getMXServer().getSystemUserInfo())
permissionsSet.setWhere("optionname = 'CANCOMPPERM' and groupname in (select groupname from groupuser where userid = :&USERNAME& )")
# Not really needed.
permissionsSet.reset()

if permissionsSet.count() > 0:
    # The current user has the necessary permission.
else:
    # The current user does not have the necessary permission.
permissionsSet.close()

    I think there are even some helper methods in Maximo's code base that you can call to do the above for you and just return a true/false on if the permission is granted or not.