A Security Group is a group of GE Digital APM Security Users who share similar responsibilities or perform similar tasks in GE Digital APM. After you create a Security Group, you can assign Security Users to the Security Group. Any Security User who is a member of a given Security Group will be granted the permissions defined for that Security Group. Security Groups can streamline the assignment of Security User permissions and help you organize Security Users according to their roles in the system.
Security Groups serve two main purposes:
Some of the Security Groups that are included in the baseline GE Digital APM database have specific functional permissions associated with them that control access to certain features of the system. For example, members of the MI PROACT Administrator Security Group will have access to the Administrative Tools in RCA. Any user who is not a member of the MI PROACT Administrator Security Group will not be able to access the RCA Administrative Tools.
Data permissions determine each member's ability to access data. Data permissions are provided for many of the baseline GE Digital APM Security Groups, and can also be defined for any Security Groups that you create. Data permissions that are associated with baseline Security Groups can be modified.
Data permissions are spread down from Security Groups to Security subgroups. A Security Group should be given the lowest level of permissions allowed for any single member of that group. You can expand Security User permissions for individual Security Group members, but you cannot revoke from a Security User the permissions that are granted through any of its Security Groups. The more role-specific and task-specific you make your Security Groups, the easier it will be to define permissions for all of its members.
Copyright © 2018 General Electric Company. All rights reserved.