APAR status
Closed as program error.
Error description
DESCRIPTION: When login tracking is enabled, API calls can delete system account users. STEPS TO REPRODUCE: 1 Create 2 new test users(TEST01 and TEST02) in maximo as system account i.e.,System Account? is checked. 2 In user application under More Actions, Click on Security Control and ensure to check "Enable Login Tracking?" 3 Try to delete TEST01 user from UI and you will notice an error is displayed. BMXAA3836E - TEST01 is a system account and cannot be deleted. 4 Create an new Object Structure MAXUSERTEST object based on MAXUSER MBO. 5 Get href for both the users(TEST01 and TEST02). Example: http://hostname/maximo/oslc/os/mxperuser?oslc.where=p ersonid=%22TEST01%22 6 Make a post call with below details against TEST01 user. Postman call: POST https://hostname/maximo/api/os/MAXUSERTEST/{href} Request Headers x-method-override: DELETE apikey: APIkeyOfanUserThatCanDeleteUserRecords 7 User gets deleted. 8 In user application under More Actions, Click on Security Control and ensure to uncheck "Enable Login Tracking?" 9 Make a post call with below details against TEST02 user. Postman call: POST https://hostname/maximo/api/os/MAXUSERTEST/{href} Request Headers x-method-override: DELETE apikey: APIkeyOfanUserThatCanDeleteUserRecords 10 Below error is encountered which is same as step3. BMXAA3836E - TEST02 is a system account and cannot be deleted Actual Result: When login tracking is enabled, system account users are deleted via API call. Expected Result: When login tracking is enabled, system account users shouldn't get deleted via API call. REPORTED IN VERSION: Tivoli's process automation engine 7.6.1.2
Local fix
Problem summary
Problem conclusion
The fix for this APAR will be included in a future release.
Temporary fix
Comments
APAR Information
APAR number
IJ50900
Reported component name
MAXIMO ASST MGM
Reported component ID
5724R46AM
Reported release
761
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-04-17
Closed date
2024-05-09
Last modified date
2024-05-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MAXIMO ASST MGM
Fixed component ID
5724R46AM
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"761","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
09 May 2024