Roles

About Roles

Roles can be associated with numerous Security Groups. When a Security User is assigned a Security Role, that user receives all of the data permissions that have been granted to the Security Groups associated with that Security Role. Assigning Security Roles to Security Users is an efficient way to give those users the data permissions that they will need to execute tasks in GE Digital APM.

Note: Regardless of Security Group membership, Super Users have access to all administrative applications and GE Digital APM functions.

Important: To avoid granting a Security User unintended privileges, before assigning a Security User to a Security Role, be sure to review all of the privileges associated with the Security Groups assigned to that Security Role. Additional Security Roles, as well as Security Groups assigned to existing Security Roles, can be added via Security Manager.

The following table lists the baseline Security Roles available for users within GE Digital APM, the baseline Security Groups assigned to each, and the privileges associated with each Security Role.


Role	Groups	Role Privileges
MI Analytics Administrator	MI Cognitive Administrator	Users can view, create, update, and delete cognitions, cognition-related logs, and standard lists.
MI Analytics Power	MI Cognitive User	Users can view, create, update, and delete cognitions, and users can view cognition-related logs and standard lists.
MI APMNow Admin	MI APMNow Admin	Users can access Tools and certain administrative features .
	MI Metrics Administrator
	MI Policy Designer
MI APM Viewer	MI ACA Member	Users have view privileges for most GE Digital APM records.
	MI AHI Viewer
	MI AMS Asset Portal Viewer
	MI ASI Viewer
	MI ASM Viewer
	MI Calibration Viewer
	MI eLog Viewer
	MI GAA Viewer
	MI GE Viewer
	MI Hazards Viewer
	MI Inspection Viewer
	MI LCC Viewer
	MI Metrics Viewer
	MI MOC Viewer
	MI Policy Viewer
	MI PROACT Viewer
	MI Production Loss Accounting Manager
	MI RBI Viewer
	MI RCM Viewer
	MI Reliability Viewer
	MI Rounds Designer Viewer
	MI SIS Viewer
	MI Thickness Monitoring Viewer
MI Data Loader Admin	MI Calibration Administrator	Users have MI Data Loader User Role privileges, as well as the ability to delete data load configuration records and interface log records. To use a module’s data loader, you will need additional permissions specific to that module. For more information, consult the appropriate Mapping Document.
	MI CMMS Interface Admin
	MI Site Reference User
MI Data Loader User	MI Calibration User	Users have access to the Data Loaders feature, and can view, update, and create data load configuration records and interface log records. To use a module’s data loader, you will need additional permissions specific to that module. For more information, consult the appropriate Requirements Mappings documentation.
	MI CMMS Interface User
	MI Site Reference User
MI FE Administrator	MI GAA Administrator	Users have MI FE PowerUser Role privileges, as well as administrator access to Generation Availability Analysis, Root Cause Analysis, Production Loss Analysis, and Reliability Analytics.
	MI Policy Designer
	MI Policy User
	MI Policy Viewer
	MI PROACT Administrator
	MI PROACT Team Member
	MI Production Loss Accounting Administrator
	MI Production Loss Accounting Manager
	MI Production Loss Accounting User
	MI PROACT Viewer
	MI Production Loss Accounting Service
	MI Reliability Administrator
	MI Reliability User
	MI Reliability Viewer
MI FE PowerUser	MI GAA Analyst	Users have MI FE User Role privileges, as well as the ability to create, update, and delete Root Cause Analyses, Production Plans, Production Events, Production Losses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules. Users can also update Production Data and link Production Events to Root Cause Analyses. Users have MI FE User Role privileges, as well as the ability to create and update GAA Events and GAA Performance records.
	MI Policy User
	MI Policy Viewer
	MI PROACT Team Member
	MI Production Loss Accounting Manager
	MI Production Loss Accounting User
	MI PROACT Viewer
	MI RCM Viewer
	MI Reliability User
	MI Reliability Viewer
MI FE User	MI GAA Analyst	Users have access to GAA Company, GAA Plants, GAA Units, GAA Events, GAA Performance records, Root Cause Analyses, Production Loss Analyses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules.
	MI GAA Viewer
	MI Policy User
	MI Policy Viewer
	MI PROACT Team Member
	MI Production Loss Accounting User
	MI PROACT Viewer
	MI RCM Viewer
	MI Reliability User
	MI Reliability Viewer
MI Foundation Admin	Everyone	Users have MI Foundation Power Role privileges, as well as the ability to configure mappings for devices and view SAP System records. Users also have administrator access to the Catalog, tasks, and ACA records.
	MI Devices Power Users
	MI Devices Administrators
	MI Devices Users
	MI Recommendation Management User
	MI Task Manager User
	MI Task Manager Administrator
	MI Site Reference Administrator
	MI Site Reference User
	MI ACA Administrator
	MI ACA Member
	MI ACA Owner
	MI SAP Interface User
	MI Configuration Role
	MI Security Role
	MI Catalog Administrator
	MI Metrics Administrator
	MI eLog Administator
	MI eLog Contributor
	MI eLog Viewer
MI Foundation Power	Everyone	Users have MI Foundation User Role privileges, as well as the ability to save data from devices in the GE Digital APM database, create and manage Site Reference records, update, add, and delete ACA records, view SAP System records, and add and remove users to and from states.
	MI Devices Power Users
	MI Devices Users
	MI Recommendation Management User
	MI Task Manager User
	MI Site Reference User
	MI ACA Member
	MI ACA Owner
	MI SAP Interface User
	MI Power User Role
	MI Metrics User
	MI eLog Contributor
	MI eLog Viewer
MI Foundation User	Everyone	Users can send and receive data from devices, create and manage recommendations, create and update tasks, view and create ACA records, view KPIs, Scorecards, and Metric Views, and view SAP System records.
	MI Devices Power Users
	MI Devices Users
	MI Recommendation Management User
	MI Task Manager User
	MI ACA Member
	MI ACA Owner
	MI Metrics User
	MI SAP Interface User
	MI eLog Contributor
	MI eLog Viewer
MI Health Admin	MAPM Security Group	Users have MI Health Power role privileges, as well as administrator access to Rounds, Asset Health Manager, Process Data Integration, AMS Analytics, and GE Analytics.
	MI AHI Administrator
	MI AMS Suite APM Administrator
	MI GE Administrator
	MI Lubrication Management Administrator
	MI Lubrication Management User
	MI Operator Rounds Administrator
	MI Operator Rounds Mobile User
	MI Policy Administrator
	MI Policy Designer
	MI Process Data Integration Administrator
MI Health Power	MI AMS Suite APM Power User	Users have MI Health User role privileges, as well as the ability to create, update, and delete policies, policy instances, policy recommendations, and health indicator values.
	MI Operator Rounds Mobile User
	MAPM Security Group
	MI AHI User
	MI Policy Designer
	MI Process Data Integration User
	MI GE User
	MI Lubrication Management User
MI Health User	MI AMS Suite APM User	Users have access to the Rounds Data Collection mobile features, can create recommendations and acknowledge heath indicators in Asset Health Manager, can view policy data and can create policy instances in Policy Designer, can view GE and AMS Analytics data, and can create and modify AMS Asset recommendations.
	MI Operator Rounds Mobile User
	MAPM Security Group
	MI AHI User
	MI Policy User
	MI Process Data Integration User
	MI GE User
MI Mechanical Integrity Administrator	Criticality Calculator	Users have MI Mechanical Integrity Power Role privileges, as well as administrator access to Thickness Monitoring and RBI features, and access to RBI data mapping and reference tables.
	MI Inspection
	MI Policy Viewer
	MI RBI Administrator
	MI RBI Analyst
	MI RBI Calculation Policy Viewer
	MI RBI Recommendation Policy Viewer
	MI RBI Risk Mapping Policy Viewer
	MI Thickness Monitoring Administrator
	MI Thickness Monitoring Inspector
	MI Thickness Monitoring User
MI Mechanical Integrity Power	Criticality Calculator	Users have MI Mechanical Integrity User Role privileges, as well as access to the criticality calculator family, RBI features (except data mapping), and view access to all RBI families.
	MI Inspection
	MI Policy Viewer
	MI RBI Analyst
	MI RBI Calculation Policy Viewer
	MI RBI Recommendation Policy Viewer
	MI RBI Risk Mapping Policy Viewer
	MI Thickness Monitoring Inspector
	MI Thickness Monitoring User
MI Mechanical Integrity User	MI Inspection	Users have access to T-Min Calculator, Archive Corrosion Rates, Exclude TMLs, and Renew TMLs. Users have basic access to Inspection and Thickness Monitoring features.
	MI Thickness Monitoring Inspector
	MI Thickness Monitoring User
MI Mechanical Integrity Viewer	MI Inspection Viewer	Users have View privilege to all the families used in Risk Based Inspection, Thickness Monitoring, and Inspection Management.
	MI RBI Viewer
	MI Thickness Monitoring Viewer
MI Safety Admin	MI Calibration User	Users have MI Safety Power Role privileges, as well as the ability to create, modify, and delete all records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management.
	MI Calibration Administrator
	MI Calibration Viewer
	MI HA Administrator
	MI HA Facilitator
	MI HA Member
	MI HA Owner
	MI Hazards Viewer
	MI MOC Administrator
	MI MOC Viewer
	MI SIS Administrator
	MI SIS Engineer
	MI SIS User
	MI SIS Viewer
MI Safety Power	MI Calibration User	Users have only access permissions for the following records: Initiating Event Consequence Adjustment Probabilities IPL Checklist Active IPL Passive IPL Human IPL Asset Safety Preferences Users have MI Safety User Role privileges, as well as the ability to create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, and SIS Management.
	MI Calibration Viewer
	MI HA Facilitator
	MI HA Member
	MI HA Owner
	MI Hazards Viewer
	MI MOC Approver
	MI MOC Viewer
	MI SIS Engineer
	MI SIS User
	MI SIS Viewer
MI Safety User	MI Calibration User	Users have only access permissions to Recommendations, Calibration Templates, Risk Threshold records, Protective Instrument Loops, SIL Assessments, and SIL Threshold records. Users can access, create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management. In MOC, the users can access, create, modify, and delete General Recommendations.
	MI Calibration Viewer
	MI HA Facilitator
	MI HA Member
	MI Hazards Viewer
	MI MOC User
	MI MOC Viewer
	MI SIS Engineer
	MI SIS User
	MI SIS Viewer
MI Strategy Admin	MI AHI Administrator	Users have MI Strategy Power Role privileges, as well as administrator access to Reliability Centered Maintenance, Failure Modes and Effects Analysis, Asset Strategy Implementation, and Life Cycle Cost Analysis.
	MI AHI User
	MI ASI Administrator
	MI ASI User
	MI ASI Viewer
	MI ASM Administrator
	MI ASM Analyst
	MI ASM Reviewer
	MI ASM Viewer
	MI Calibration User
	MI Calibration Viewer
	MI Inspection
	MI LCC Administrator
	MI LCC User
	MI LCC Viewer
	MI Lubrication Management Administrator
	MI Operator Rounds Administrator
	MI RBI Analyst
	MI RCM Administrator
	MI RCM User
	MI RCM Viewer
	MI SIS User
MI Strategy Power	MI AHI Administrator	Users have MI Strategy User Role privileges, as well as administrative privileges to Asset Health Manager.
	MI AHI User
	MI ASI User
	MI ASI Viewer
	MI ASM Analyst
	MI ASM Reviewer
	MI ASM Viewer
	MI Calibration User
	MI Calibration Viewer
	MI Inspection
	MI LCC User
	MI LCC Viewer
	MI Lubrication Management Administrator
	MI Operator Rounds Administrator
	MI RBI Analyst
	MI RCM User
	MI RCM Viewer
	MI SIS User
MI Strategy User	MI AHI User	Users have view, create, update, and delete privileges to Reliability Centered Maintenance, Failure Modes and Effect Analysis, Asset Strategy Implementation, Asset Strategy Management, and Life Cycle Cost Analysis . Users have administrative privileges to Rounds and have view privileges to Asset Health Manager and Calibration Management.
	MI ASI User
	MI ASI Viewer
	MI ASM Analyst
	MI ASM Viewer
	MI Calibration Viewer
	MI Inspection
	MI LCC User
	MI LCC Viewer
	MI Lubrication Management Administrator
	MI Operator Rounds Administrator
	MI RCM User
	MI RCM Viewer
	MI SIS User

About Administrative Feature Access for the MI APMNow Admin Security Role

The following table describes the administrative features accessible to users associated with the MI APMNow Admin Security Role. To access additional administrative features available in APM Now, users must be associated with additional Security Roles.


Admin Module	Admin Feature	MI APMNow Admin Access?
Application Settings	Metrics and Scorecards	Yes
Configuration Manager	Content Change Management	No
	Content Validation	No
	Export	No
	Family Management	Yes
	Import	No
	Manage Translations	No
	Sites	Yes
	System Codes and Tables	Yes
	Units of Measure and Conversions	Yes
Operations Manager	Activate Licenses	No
	APM Connect Configuration	No
	APM Connect EAM Jobs	Yes
	APM System Monitoring	Yes
	Asset Hierarchy Configuration	Yes
	Connections	No
	Data Sources	No
	Email Settings	No
	GIS Configuration	No
	Help Configuration	No
	Host Names	No
	Monitoring	No
	Query Timeouts	Yes
	Reference Document Server Credentials	No
	Risk Matrix	Yes
	Schedule Logs	Yes
	Search Configuration	No
	SQL Server Reporting Services	No
	Strategy Macros	Yes
	Systems and Tags	No
Security Manager	Data Permissions	No
	Groups	No
	LDAP	No
	Password Policy	No
	Roles	No
	Users	No
	User Defaults	No

The following table describes the baseline privileges related to Configuration Manager features that are granted to members of the MI APMNow Admin Security Role. Family Management features not listed in the table below are not accessible.


Configuration Manager Feature	Privileges	Notes
Associated Pages	Add, Edit, or Delete	None
Datasheet	Add, Edit, or Delete	None
Family Reports	Add, Edit, or Delete	There is no edit function that you can perform on this feature, but you can mark a report as default.
Field	Edit	None
Field Behavior	Edit	None
Family Policies	Add, Edit, or Delete	None
State Configuration	Add, Edit, or Delete	None
System Codes and Tables	Add, Edit, or Delete	None
Units of Measure and Conversions	Add, Edit, or Delete	None

Access the Security Roles Page

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.

The Security Roles page appears.

Create a Security Role

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select .
The New Role workspace appears, displaying a blank Security Role form.
-or-
If you want to create a new subgroup, in the left pane, select the Security Role to which you want to add the subgroup, and then select New Role.
The New Role workspace appears, displaying a blank Security Role form.
As needed, enter values in the available fields.
Select .
The Security Role is saved.

What to do next

Assign Security Users to Roles.

Security Role Records

Security Role records contain information related to each unique Security Role in GE Digital APM. This topic provides an alphabetical list and description of the fields that exist for the Security Role family. The information in the table reflects the baseline state and behavior of these fields.


Field	Data Type	Description	Behavior and Usage
Caption	Character	A title or explanation that identifies the Security Role. A property that specifies how the Security Role is labeled throughout the software interface. Note that most captions can be localized.	This field is required. You can enter text to define this value manually.
Description	Character	A detailed description of the Security Role	This field is optional. You can enter text to define this value manually.
ID	Character	The ID for the Security Role	This field is required. You can enter text to define this value manually.

Assign Security Users to Roles

Before you begin

About this task

This topic describes how to assign multiple Security Users to a Security Role on the Security Roles page. You can also assign multiple Security Roles to a Security User on the Security Users page.

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role that you want to assign to the Security User.
The workspace for the selected Security Role appears.
In the Security Users section, select .
The Assign Users window appears, displaying the available users.
Beside each Security User that you want to assign the to the Security Role, select the check box.
Select .
The updated Security Role properties are saved.

Remove Security Users from Roles

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role from which you want to remove Security Users.
The workspace for the selected Security Role appears.
In the Security Users section, beside each Security User that you want to remove, select the check box.
Select .
The selected Security Users are removed.
Select .
The updated Security Roles properties are saved.

Assign Security Groups to Security Roles

Before you begin

About this task

This topic describes how to assign multiple Security Groups to a Security Role on the Security Roles page. You can also assign multiple Security Roles to a Security Group on the Security Groups page.

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role that you want to add to the Security Group.
The workspace for the selected Security Role appears.
In the Security Group section, select .
The Assign Groups window appears.
Beside each Security Group that you want to assign the to the Security Role, select the check box.
Select .
The updated Security Role properties are saved.

Remove Security Groups from Roles

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role for which you want to remove the Security Group.
The workspace for the selected Security Role appears.
In the Security Groups section, beside each Security Group that you want to remove, select the check box.
Select .
The Security Groups are removed.
Select .
The updated Security Roles properties are saved.