Grant access to an action menu or toolbar button conditionally

This entry is part of the Conditional Expressions HowTo.

In Maximo/TPAE menu items are granted per security group in the Security Groups application. Every option available for an application has a corresponding signature option (aka sigoption) record in the SIGOPTION table. Those SigOptions can be configured in the Application Designer.

In this article I will show how is it possible to hide an action menu or a toolbar button conditionally for a specific security group using a conditional expression and a signature option.
As an example I will demonstrate how to hide the ‘View History’ action menu entry for all purchase orders that have a total cost higher than 100.
Note that the same procedure can be used to show or hide a toolbar button.

Define conditional expression

First of all we need to define conditional expression to implement our business rule. Open Conditional Expression Manager application and Create the following conditional expression.

  • Condition: COST100
  • Description: Total cost is less than 100
  • Expression: :totalcost<100

Identify the Signature Option

Understand what SigOption is associated with the action menu entry or toolbar button we want to control. Launch Application Designer and open the PO application.

Select Add/Modify Signature Options menu entry and search for the ‘View History’ action in the description field. Note that the internal name of the Signature Option is VIEWHIST.

Ensure that Visible flag is selected. This flag will make this Security Option visible in the Security Groups application in the next step.

Assign the Signature Option to Security Groups

Now is the time to tell Maximo what are the groups that have access to the ‘View History’ action menu entry in the PO application and what is the business rule that must be satisfied to enable it.
For this example we will apply this rule on MAXADMIN user that we are using for developing this.
Open the Security Groups applications, choose MAXADMIN group, go under Applications tab and search for Purchase Orders application. In the Options for Purchase Orders sections search for ‘View History’ than set the condition to COST100.

In this way we are telling that the VIEWHIST sigoption must be granted only if the PO cost is less than 100.
Sign out of Maximo and login back to force the reload of security settings for the user. Launch the Purchase Orders application and open a PO with a total cost higher than 100 and you will see that the ‘View History’ action menu entry is not visible.

If it is not working in your environment keep reading.

How this really works and the ‘MAXEVERYONE best practice’

When you set the COST100 option in the Security Group application for MAXADMIN group you are telling Maximo the that specific option should be granted to the users belonging to this group only if the condition is true.

However if the user that you are using for testing is assigned to another security group and the VIEWHIST sigoption is granted for that group without the condition, that user will always see the ‘View History’ action visible.

Typically this is not the expected behavior so the best approach is to grant the conditional option to the MAXEVERYONE group only.

As an example we can take a look at how IBM’s standard grants are defined for the Inventory Usage we can see that there are several predefined conditional signature options granted to MAXEVERYONE group.

These are used to globally hide or show fields and sections in the Inventory Usage application.

It’s important to always avoid to grant options to other security groups when a condition is set on the MAXEVERYONE group. This will disable the global rule.

Grant access to an action menu or toolbar button conditionally

8 thoughts on “Grant access to an action menu or toolbar button conditionally

  1. Hi,

    I was trying to hide the "New" icon for a particular application, but it is not working. The condition I have used is :&PERSONID& IN (SELECT personid FROM XXX_TABLE).

    I put this condition in the security group, but the new icon is still enabled. Even tried restarting the server, but didn't work.

    Am I missing something?

    Thanks & Regards,
    PK

  2. Hi,

    Can you explain the requirement? For which person/ group , the new icon should be hidden?
    And how have you configured in security groups application?

    Regards,
    Aparna

  3. Hi, I wanted to hide Initiate Workorder button from List tab in work order tracking application for few sites. how to achieve it ?

    I tried creating condition exp and associated it to security group, but it is restricting in all other tabs in workorder not in List tab.

  4. Hello Bruno,

    We would like to hide the user interface option to Select Owner, but still let the user use it when a specific workflow is routed. Is this possible? I keep getting the error "BMXAA029E – You are not authorized to perform this action…"

  5. Hi,
    I have a problem while trying to build a condition which checks if logged in user is listed as a laborcode. How can I do it?

  6. I’ve added a new button to the workorder Request application using the Edit Workflow Go option that initiates my workflow.
    Now I know the security for that is controlled by the ROUTEWF signature option, but does anyone know if you can apply a new sigoption to a workflow button so I can restrict/allow specific workflows to different security groups?
    I plan to add several buttons to the application and each one will fire a different workflow and only be available to certain roles

Leave a Reply to Rao N Cancel reply

Your email address will not be published. Required fields are marked *

Scroll to top