Security. Understanding People, User, and Labor Records in MAXIMO

When you create records for individuals,the system requires the creation of additional records in the following cases:

Labor- You use the Labor application to create and manage labor records for employees and contractors who perform work on tickets and work orders. Labor records contain information about an individual’s skills and qualifications. These records are used toplan and schedule work, and to track labor costs for tickets and work orders.

A labor record must have a person record associated with it. A labor record needs a user record if the laborer is going to use the system to view work orders, report labor hours, and so forth. You can associate a labor and user with the same person record. As a best practice, you createcraft records for different job skills and qualification records for certifications, and record that information about the labor record. Other resources records are optional, but not required. For example, a labor record can have:

• One or more crafts
• One or more skill levels associated with a craft
• One or more qualifications

Person - You use the People application to create and manage records for individuals. A person record contains basic information about an individual’s name, address, contact information,and other generic information.

A person record does not require any other resource records, such as craft, labor, user, and so forth. However, you must create a person record when you create a user record or labor record. You can associate a single person record with both a labor and user record.

A person can be a user and a laborer or neither. For example, someone calling the service desk to make a service request does not need to be a user, but your company might require that a person record exist for that user.

As a best practice, create a person record for any individual whose name appears anywhere on a record. For example, someone calling the service desk might not need a user ID to access the system. However, you can use person records to check if the individual is authorized to make a service request.

To manage employee information, you can create person records for all of your employees and contractors. Alternatively, you can create person records for laborers and others who must access the applications as part of their jobs.

User - You use the Users application to create and manage records for users. User records contain user names, passwords, and security profiles that determine which applications, options, and data a user can access. A user must have a person record. A user record can be associated with only one person record, and a person record can be associated with only one user record. You can associate a labor record and user record with the same person record.

Other resource records (labor, craft, and so forth) are optional, but not required. If you create new user records and you do not specify a value in the Person field, the system prompts you to create a matching person record for the user record.

You create a user record for anyone who must log into the system to view create or manage records.

Security. Understanding Database Users in MAXIMO

When you create or update a database user ID, grant the user access to the system’s tables. To grant access to the system’s tables, click the Object Name icon and select a table object. Also, specify the level of ccess, either Read, Insert, Update, or Delete.

The system only creates database user IDs when you select this option. The system does not create operating system IDs for databases that require an operating system ID on the database server. If you implement databases with this requirement, create the operating system ID.

Access to tables is not assumed and mustbe granted. Rights are not defaulted out-of-the-box.

At the time of installation, if database users are created, some additional grants that the system uses must be supplied to the database user. The following commands detail the standard grants that the system requires:

• Create user maximo identified by the system
• Alter user maximo default tablespace maximo quota unlimited on maximo
• Alter user maximo temporary tablespace temp
• Grant create trigger to maximo
• Grant create session to maximo
• Grant create sequence to maximo
• Grant create synonym to maximo
• Grant create table to maximo
• Grant create view to maximo
• Grant create procedure to maximo
• Grant alter session to maximo
• Grant execute on ctxsys.ctx_ddl to maximo

In the Users application, to allow the systemto give database access to users, the following commands detail the additional grants that are required for the system to create database users:

• Grant create user to MAXIMO
• Grant drop user to MAXIMO
• Grant create session to MAXIMO with ADMIN OPTION
• Grant alter user to MAXIMO

Security. Understanding User Statuses in MAXIMO

A user record can have one of the following statuses:

• ACTIVE – Default status for new records.A user record must be ACTIVE to log in to the system.
• BLOCKED – User cannot log in to the system. An administrator can choose to block a user. If login tracking is enabled and the user types their user name or password incorrectly too many times, the system can also block a user.
• DELETED – User names cannot be reused. If you delete a user record, the user ID is retained in the database.
• INACTIVE – When a user is inactive, the user cannot log in to the system. Inactive user records do not appear in select value lists. A user record with a status of INACTIVE cannot be associated with new records.
• NEWREG – Default status for user records created by self-registration. This status is used to identify user records to route into a Workflow process.

When you add a user, their default status is ACTIVE.