IBM Support

IJ50900: SYSTEM ACCOUNT USERS ARE DELETABLE VIA API CALLS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • DESCRIPTION:
When login tracking is enabled, API calls can delete system
account users.

STEPS TO REPRODUCE:
1 Create 2 new test users(TEST01 and TEST02) in maximo as system
account i.e.,System Account? is checked.

2 In user application under More Actions, Click on Security
Control and ensure to check "Enable Login Tracking?"
3 Try to delete TEST01 user from UI and you will notice an error
is displayed.
	BMXAA3836E - TEST01 is a system account and cannot be deleted.
4 Create an new Object Structure MAXUSERTEST object based on
MAXUSER MBO.
5 Get href for both the users(TEST01 and TEST02).

Example: http://hostname/maximo/oslc/os/mxperuser?oslc.where=p
ersonid=%22TEST01%22
6 Make a post call with below details against TEST01 user.
	Postman call:
		POST https://hostname/maximo/api/os/MAXUSERTEST/{href}
	Request Headers
		x-method-override: DELETE
		apikey: APIkeyOfanUserThatCanDeleteUserRecords
7 User gets deleted.
8 In user application under More Actions, Click on Security
Control and ensure to uncheck "Enable Login Tracking?"
9 Make a post call with below details against TEST02 user.
	Postman call:
		POST https://hostname/maximo/api/os/MAXUSERTEST/{href}
	Request Headers
		x-method-override: DELETE
		apikey: APIkeyOfanUserThatCanDeleteUserRecords
10 Below error is encountered which is same as step3.
	BMXAA3836E - TEST02 is a system account and cannot be deleted

Actual Result:

When login tracking is enabled, system account users are
deleted via API call.

Expected Result:

When login tracking is enabled, system account users shouldn't
get deleted via API call.

REPORTED IN VERSION:
Tivoli's process automation engine 7.6.1.2

Local fix

  • 



Problem summary


    

  • 



Problem conclusion


    

  • The fix for this APAR will be included in a future release.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ50900
    • 

  • Reported component name
    MAXIMO ASST MGM
    • 

  • Reported component ID
    5724R46AM
    • 

  • Reported release
    761
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-04-17
    • 

  • Closed date
    2024-05-09
    • 

  • Last modified date
    2024-05-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MAXIMO ASST MGM
    • 

  • Fixed component ID
    5724R46AM
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"761","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            09 May 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback