We didn’t activate the department and location OBS for security at the initial setup, but it is no longer possible to flag them to be used in the OBS security groups.

Is there is a possibility to activate an OBS for security without having to create a new department and location OBS?

Use the OBS_READ.xml and OBS_WRITE.xml sample XOG files to update an OBS in order to used for security access rights

If you have a Department OBS that is not already marked as 'Used for Access Rights', the application user interface does not allow you to enable this option.  However, you can enable this option by using XOG to read out the entire structure and then change the  isSecurity="true" in the <obs> tag and perform the XOG write action.