IBM Maximo EVERYONE Security Group Explained

How the EVERYONE Security Group Changes Everything

In Maximo, security group configuration is very important and when your security access is not behaving as expected, it can cause serious disruptions. Most often, issues with security groups can be chalked up to a logical error. However, in newer versions of Maximo security access issues might be also caused by the EVERYONE group settings. The EVERYONE group, introduced in Maximo version 7, differs from typical security groups in that it does not conform to the regular security group behavior.
Unlike all other security groups, the EVERYONE group always acting as a non-independent group. That happens even if the “Independent of Other Groups?” checkbox is checked, as described in this post from the IBM Knowledge Center. After reading the IBM post, one could assume that behavior of this group would not change regardless if the “Independent of Other Groups?” checkbox is checked or not. Unfortunately, this is not the case. IBM actually recommends in this Technote that the “Independent of Other Groups?” checkbox is never checked specifically due to the unpredictable behavior this change causes.
Even if you are already following the recommendations made by IBM “Independent of Other Groups?” checkbox you might still be experiencing unexpected result. That’s because the EVERYONE group has one more trick up its sleeve. If your user belongs to the EVERYONE group and another security group, the conditions applied to the permissions in the EVERYONE group will override the lack of conditions applied to the permissions in the other group. This is very significant as it goes against the logic of all other security groups where in the case of permission overlap, the user is given the most permissive option. Below is an example describing this behavior:

Maximo Everyone Security Group Conditions

In short, the EVERYONE group acts as a Non-Independent group regardless of if the “Independent of Other Groups?” checkbox is checked. However, IBM recommends this checkbox should never be checked due to unpredictable behavior caused by it. Also, conditions applied to permissions on the EVERYONE group are treated as global.

Posted in:
About the Author

Myles Vivian

Myles Vivian is an Advanced IBM Deployment Professional and an Applications Consultant at Ontracks Consulting. Myles’ primary experience is in the following areas: • Maximo Customizations: Automation scripting, Single Sign On(SSO), Application Designer, Workflow Designer, Start Centers • Large scale data migrations from other Maximo instances as well as other Enterprise Asset Management software into Maximo • Integrations via flat file • Databases: Installing and configuring, SQL, and Data transformations using ETL tools • Developing training material • Maximo functionality on version 7.6