I was recently struggling understanding how enable password expiration in Maximo when using native authentication.
This IBM TechNote explains very well how the standard Maximo expiration configuration works but there is a very tricky sentence: In the case of a user belonging to any groups not containing a password expiration, the user’s password will never expire.
So i decided to run this query to check the password expiration setting for all the security groups.
SELECT GROUPNAME, PASSWORDDURATION, PASSWORDWARNING
FROM MAXGROUP;I discovered that some groups (including MAXEVERYONE) have a null value in PASSWORDDURATION field.
Then I used the SQL below to set password expiration to 90 days for all security groups except for administrators.
UPDATE MAXGROUP
SET PASSWORDDURATION=90, PASSWORDWARNING=5
WHERE GROUPNAME!='MAXADMIN';This configure password expiration for all users except MAXADMIN. You may decide to exclude also security groups used for system integration users.
Now check the password expiration setting for all the users using this query.
SELECT USERID, PWEXPIRATION
FROM MAXUSER;
If needed you can force the PWEXPIRATION value with the following SQL.
UPDATE MAXUSER
SET PWEXPIRATION=SYSDATE+90
WHERE USERID NOT IN (SELECT USERID FROM GROUPUSER WHERE GROUPNAME='MAXADMIN');Don’t forget to set the default value for the password expiration for new groups in Security Groups > Security Control > Password Lasts this Number of Days.