Script to check if current user is in a Security Group

A typical business case is to prevent editing of some specific fields to a set of organizational roles in Maximo. This is typically achieved by implementing attribute data restriction or conditional UI.

However, if you need more control over what field should be readonly and when, you can use an automation script on the INIT event of the object and implement the business rules in the code.

In the following script you will find the userInGroup function that can be reused whenever needed.

#-------------------------------------------------------------------------------
# Script: MXDPOINIT
# Launch Point: PO - Initialize
# Initialize PO object
#-------------------------------------------------------------------------------
from psdi.server import MXServer

# Returns True if the user is in one of the groups
def userInGroup(grouplist):
    guSet = MXServer.getMXServer().getMboSet("GROUPUSER", mbo.getUserInfo())
    guSet.setWhere("userid='" + user + "' and groupname in (" + grouplist + ")")
    if guSet.isEmpty():
        return False
    return True

# description is readonly if the current user is not in MAXADMIN or PURCHMANAGER groups
if not userInGroup("'MAXADMIN', 'PURCHMANAGER'"):
    mbo.setFieldFlag("DESCRIPTION", mbo.READONLY, True)

Improved technique

Andrii is proposing a better approach to achieve the same goal (I haven’t tested it).

userProfile = mbo.getProfile()
userGroupsList = userProfile.getGroupNames()

# check logged in user is part of GRP01 or GRP02
if (userGroupsList.contains("GRP01") or userGroupsList.contains("GRP02")):
    ... do something

A better approach…

Jason VenHuizen is suggesting a better approach that use a custom security option to grant the special behavior in the application. The technique is well described at the end of this post.