Understand and Audit your Maximo Licenses

Maximo licensing model is not simple. In this article I will try to present it the most simple way and to provide some useful tips to perform a licensing audit in your environment.

NOTE: The simplification does not consider all the possible versions of Maximo, add-ons, industry solutions, etc.

Maximo licensing model
IBM Maximo products are typically licensed by users. Currently, the IBM Maximo Asset Management suite offers several levels of licensing options:

  1. Authorized Users: Power users that can access all applications.
  2. Limited Use Users: Standard users that can access only three modules. They also inherit the Express Use grants.
  3. Express Use User: Basic users that can run and view reports, view and approve records, and make updates to work orders that are assigned to them. Read-only access to all application is allowed. This option is available starting from Maximo 7.5.
  4. Unlimited use users: Self Service Requestors, Desktop Requisitions and Health, Safety Environment Self Service Users entitlements are included with core license for unlimited users.

To support this categorization Maximo offers a ‘User Type’ field available in the Users application.

The set of allowed values is defined in the USERTYPE domain.

User Types Best Practice
I suggest to change the description of the first 4 domain values in agreement with the available user types. Alternatively you can create your own entries: AUTH, LIMITED, EXPRESS, UNLIMITED.

License compliance check

Now let’s go to the technical side of the problem. The best way of auditing your Maximo environment’s licenses is through SQL queries.
First of all you have to define a new database view.

DROP VIEW checkusers;

CREATE VIEW checkusers AS
SELECT maxuser.type, maxuser.userid, maxmenu.moduleapp, applicationauth.app
FROM applicationauth
INNER JOIN maxmenu ON applicationauth.app=maxmenu.keyvalue
INNER JOIN groupuser ON applicationauth.groupname=groupuser.groupname
INNER JOIN maxuser ON groupuser.userid=maxuser.userid
maxuser.status='ACTIVE' AND
maxmenu.menutype='MODULE' AND
maxmenu.moduleapp NOT IN ('REPORTING','HIDDEN') AND
applicationauth.app NOT LIKE '%CONFIG' AND
applicationauth.app<>'KPI' AND
GROUP BY maxuser.type, maxuser.userid, maxmenu.moduleapp, applicationauth.app;

Note that we are focusing only at SAVE grant because read only is allowed on all applications.

Now take a look at how your users are distributed on the different groups.

FROM checkusers
GROUP by type
ORDER BY type;

If the select returns an empty resultset you probably have a translated value in the STATUS field so you have to adjust the view definition.

To go deeper in your analysis you have to check if the users allocated to the different user types have the right level of access. The following queries returns how many modules are granted to each user and what these modules are.

SELECT type, userid, COUNT(*)
FROM checkusers
GROUP by type, userid
ORDER BY type, userid;

SELECT type, userid, moduleapp
FROM checkusers
GROUP BY type, userid, moduleapp
ORDER BY type, userid, moduleapp;

These are the main tools for performing the license audit. Compare your results with licensing terms and conditions.

Additional Resources

New licensing options for IBM Maximo
Monitoring license Compliance
Monitoring License Compliance in Maximo 7
New Maximo portfolio pricing adds flexibility to licensing model
Licensing Information and Usage Restrictions
IBM Maximo Licensing Demystified

Understand and Audit your Maximo Licenses

19 thoughts on “Understand and Audit your Maximo Licenses

  1. As far as I know, Limited users cannot have read access to more than 3 modules.
    Express users are allowed a read only access to all applications.
    It may be not so easy to check all those strange rules 🙂

  2. Hi Bruno,

    do you think it's possible to create a query that returns the user list and what modules/applications the user actually has accessed? In other words, not the access grant but the actual footprint of usage.


  3. There is no such info in Maximo tables.
    If you enable the login tracking you can see the history of logins so you can know who is using Maximo.
    To track the used applications you should do some customizations to Maximo Java code. Maybe the AppBean class has some method that can be overridden.
    Mays is also possible with JPS customization.

  4. Good summary. I think app='SR' can be excluded as I do not believe this would count toward the 3 applications for limited use users (as this is given to anybody for free).

    Something like SR also appears twice in the results if you include moduleapp because SR is listed under Service Desk and Work Orders. You may want to exclude that in your results.

  5. wow ,this is  very interesting and informative post.I like the infoemation about different types of commercial roofing system.I was looking around for blogs like this .Thanks for sharing this valuable post..

  6. Hi, can you please clarify – If we have 100 Limited license can we allocate 40 of those to a set of users to access Module 1,Module 2, Module 3; 40 other users to access Module 3, Module 4 & Module 5 & the remaining 20 users to access Module 6, Module 7 of Maximo Enterprise Asset Management with Transportation Industry solution?

  7. @uniquepersona and @ Drew, this is possible with the new licensing model. I have validate this with IBM rep. each user can have their own set of 3 modules for Limited User Type.

  8. In my client, they assign 1 person to create asset and enter asset data.
    That's this person only job.
    Can you tell me, which is the right license, limited or express ? ..
    I am thinking is should be express, but in your writing above it should be limited

    Express Use User: Basic users that can run and view reports, view and approve records, and make updates to work orders that are assigned to them. This option is available starting from Maximo 7.5

  9. Hi Bruno

    I am EAM consultant in Indonesia, i got a problem with user maximo. In IBM Policy, we know that maximo is named user. But, the system cannot protect for the policy. For example, one named user, can be logged in simultaneously. Can you help me to solve this problem?

    Thank You

  10. Hi Bruno, I know this post is pretty old, but i was wondering what about custom applications having new custom tables and classes. Are they count ?
    In more specific case , what if I have a custom application that is more like "User Self Registration" , where the user is actually using MAXREG to view and submit some data. is this consider a violation of license?


Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top