Roles

About Roles

Roles can be associated with numerous Security Groups. When a Security Role is assigned to a Security User, the user is granted all the privileges that have been granted to the Security Groups associated with the Security Role. Assigning Security Roles to Security Users is an efficient way to provide data permissions to the users that they will need to execute tasks in GE Digital APM.

Note: Regardless of the Security Group membership, Super Users have access to all the GE Digital APM features and functionalities.
Important: To avoid granting unintended privileges to a Security User, before assigning a Security User to a Security Role, make sure that you review all the privileges granted to the Security Groups that are assigned to the Security Role. Additional Security Roles, as well as Security Groups assigned to existing Security Roles, can be added via Security Manager.

The following table lists the baseline Security Roles available for the users within GE Digital APM, the baseline Security Groups assigned to each Security Role, and the privileges associated with each Security Role.

RoleGroupRole Privileges
MI Analytics AdministratorMI Cognitive AdministratorThe users can view, create, update, and delete cognitions, cognition-related logs, and standard lists.
MI Analytics PowerMI Cognitive UserThe users can:
  • View, create, update, and delete cognitions.
  • View the cognition-related logs and standard lists.
MI APMNow AdminMI APMNow AdminThe users can access Tools and certain administrative features .
MI Metrics Administrator
MI Policy Designer
MI APM ViewerMI ACA MemberThe users have the view privileges for most of the GE Digital APM records.
MI AHI Viewer
MI AMS Asset Portal Viewer
MI ASI Viewer
MI ASM Viewer
MI Calibration Viewer
MI eLog Viewer
MI GAA Viewer
MI GE Viewer
MI Hazards Viewer
MI Inspection Viewer
MI LCC Viewer
MI Metrics Viewer
MI MOC Viewer
MI Policy Viewer
MI PROACT Viewer
MI Production Loss Accounting Manager
MI RBI Viewer
MI RCM Viewer
MI Reliability Viewer
MI Rounds Designer Viewer
MI SIS Viewer
MI Thickness Monitoring Viewer
MI Data Loader Admin MI Calibration AdministratorThe users have all the privileges applicable to the users assigned to the MI Data Loader User role. Additionally, the users can delete the data load configuration records and interface log records.

To use a data loader specific to a module, the users need additional permissions specific to that module. For more information, refer to the appropriate Mappings documentation.

MI CMMS Interface Admin
MI Site Reference User
  MI Data Loader User MI Calibration User The users can access to the Data Loaders feature, and can view, update, and create data load configuration records and interface log records.

To use a data loader specific to a module, the users need additional permissions specific to that module. For more information, refer to the appropriate Requirements Mappings documentation.

MI CMMS Interface User
MI Site Reference User
MI FE AdministratorMI GAA AdministratorThe users have all the privileges applicable to the users assigned to the MI FE PowerUser role. Additionally, the users have administrative privileges for the Generation Availability Analysis, Root Cause Analysis, Production Loss Analysis, and Reliability Analytics features.
MI Policy Designer
MI Policy User
MI Policy Viewer
MI PROACT Administrator
MI PROACT Team Member
MI Production Loss Accounting Administrator
MI Production Loss Accounting Manager
MI Production Loss Accounting User
MI PROACT Viewer
MI Production Loss Accounting Service
MI Reliability Administrator
MI Reliability User
MI Reliability Viewer
MI FE PowerUserMI GAA AnalystThe users have all the privileges applicable to the users assigned to the MI FE User role. Additionally, the users can:
  • Create, update, and delete Root Cause Analyses, Production Plans, Production Events, Production Losses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules.
  • Update Production Data and link Production Events to Root Cause Analyses.
  • Create and update GAA Events and GAA Performance records.
MI Policy User
MI Policy Viewer
MI PROACT Team Member
MI Production Loss Accounting Manager
MI Production Loss Accounting User
MI PROACT Viewer
MI RCM Viewer
MI Reliability User
MI Reliability Viewer
MI FE UserMI GAA AnalystThe users can access the GAA Company, GAA Plants, GAA Units, GAA Events, GAA Performance records, Root Cause Analyses, Production Loss Analyses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules features.

MI GAA Viewer

MI Policy User
MI Policy Viewer
MI PROACT Team Member
MI Production Loss Accounting User
MI PROACT Viewer
MI RCM Viewer
MI Reliability User
MI Reliability Viewer
MI Foundation AdminEveryoneThe users have all the privileges applicable to the users assigned to the MI Foundation Power role. Additionally, the users can configure mappings for the devices and view the SAP System records. In addition, the users have administrative privileges for the Catalog, Tasks, and ACA records features.
MI Devices Power Users
MI Devices Administrators
MI Devices Users
MI Recommendation Management User
MI Task Manager User
MI Task Manager Administrator
MI Site Reference Administrator
MI Site Reference User
MI ACA Administrator
MI ACA Member
MI ACA Owner
MI SAP Interface User
MI Configuration Role
MI Security Role
MI Catalog Administrator
MI Metrics Administrator
MI Policy Administrators
MI eLog Administator
MI eLog Contributor
MI eLog Viewer
MI Foundation PowerEveryoneThe users have all the privileges applicable to the users assigned to the MI Foundation User role. Additionally, the users can:
  • Save data from the devices in the GE Digital APM database.
  • Create and manage the Site Reference records.
  • Update, add, and delete the ACA records.
  • View the SAP System records.
  • Add the users to the states.
  • Remove the users from the states.
MI Devices Power Users
MI Devices Users
MI Recommendation Management User
MI Task Manager User
MI Site Reference User
MI Policy Designer
MI ACA Member
MI ACA Owner
MI SAP Interface User
MI Power User Role
MI Metrics User
MI eLog Contributor
MI eLog Viewer
MI Foundation UserEveryoneThe users can:
  • Send and receive data from the devices.
  • Create and manage the recommendations
  • Create and update the tasks.
  • View and create the ACA records.
  • View the KPIs, Scorecards, and Metric Views.
  • View the SAP System records.
MI Devices Power Users
MI Devices Users
MI Recommendation Management User
MI Task Manager User
MI ACA Member
MI Policy User
MI ACA Owner
MI Metrics User
MI SAP Interface User
MI eLog Contributor
MI eLog Viewer
MI Health AdminMAPM Security GroupThe users have all the privileges applicable to the users assigned to the MI Health Power role. Additionally, the users can access the Rounds, Asset Health Manager, Process Data Integration, AMS Analytics, and GE Analytics features.
MI AHI Administrator
MI AMS Suite APM Administrator
MI GE Administrator
MI Lubrication Management Administrator
MI Lubrication Management User
MI Operator Rounds Administrator
MI Operator Rounds Mobile User
MI Policy Administrator
MI Policy Designer
MI Process Data Integration Administrator
MI Health PowerMI AMS Suite APM Power UserThe users have all the privileges applicable to the users assigned to the MI Health User role. Additionally, the users can create, update, and delete policies, policy instances, policy recommendations, and health indicator values.
MI Operator Rounds Mobile User
MAPM Security Group
MI AHI User
MI Policy Designer
MI Process Data Integration User
MI GE User
MI Lubrication Management User
MI Health UserMI AMS Suite APM UserThe users can:
  • Access the Rounds Data Collection mobile features.
  • Create recommendations and acknowledge heath indicators in Asset Health Manager.
  • View policy data.
  • Create policy instances in Policy Designer.
  • View GE and AMS Analytics data.
  • Create and modify AMS Asset recommendations.
MI Operator Rounds Mobile User
MAPM Security Group
MI AHI User
MI Policy User
MI Process Data Integration User
MI GE User 
MI Mechanical Integrity AdministratorCriticality Calculator The users have all the privileges applicable to the users assigned to the MI Mechanical Integrity Power role. Additionally, the users have the administrative privileges for the Thickness Monitoring and RBI features and can access the RBI data mapping and reference tables.
MI Inspection
MI Policy Viewer
MI RBI Administrator
MI RBI Analyst
MI RBI Calculation Policy Viewer
MI RBI Recommendation Policy Viewer
MI RBI Risk Mapping Policy Viewer
MI Thickness Monitoring Administrator
MI Thickness Monitoring Inspector
MI Thickness Monitoring User
MI Mechanical Integrity PowerCriticality Calculator
  • The users have all the privileges applicable to the users assigned to the MI Mechanical Integrity User role. Additionally, the users can access the criticality calculator family and RBI features (except data mapping).
  • The users have the view privileges for all the RBI families.
MI Inspection
MI Policy Viewer
MI RBI Analyst
MI RBI Calculation Policy Viewer
MI RBI Recommendation Policy Viewer
MI RBI Risk Mapping Policy Viewer
MI Thickness Monitoring Inspector
MI Thickness Monitoring User
MI Mechanical Integrity UserMI InspectionThe users can access the T-Min Calculator, Archive Corrosion Rates, Exclude TMLs, and Renew TMLs features. Additionally, the users have basic access to the Inspection and Thickness Monitoring features.
MI Thickness Monitoring Inspector
MI Thickness Monitoring User
MI Mechanical Integrity ViewerMI Inspection ViewerThe users have view privileges to all the families used in Risk Based Inspection, Thickness Monitoring, and Inspection Management.
MI RBI Viewer
MI Thickness Monitoring Viewer
MI Safety AdminMI Calibration UserThe users have all the privileges applicable to the users assigned to the MI Safety Power role. Additionally, the users can create, modify, and delete all the records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management.
MI Calibration Administrator
MI Calibration Viewer
MI HA Administrator
MI HA Facilitator
MI HA Member
MI HA Owner
MI Hazards Viewer
MI MOC Administrator
MI MOC Viewer
MI SIS Administrator
MI SIS Engineer
MI SIS User
MI SIS Viewer
MI Safety PowerMI Calibration UserThe user can access the following records:
  • Initiating Event
  • Consequence Adjustment Probabilities
  • IPL Checklist
  • Active IPL
  • Passive IPL
  • Human IPL
  • Asset Safety Preferences

Additionally, the users have all the privileges applicable to the users assigned to the MI Safety User role, and can create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, and SIS Management.

MI Calibration Viewer
MI HA Facilitator
MI HA Member
MI HA Owner
MI Hazards Viewer
MI MOC Approver
MI MOC Viewer
MI SIS Engineer
MI SIS User
MI SIS Viewer
MI Safety UserMI Calibration UserThe users can access the Recommendations, Calibration Templates, Risk Threshold records, Protective Instrument Loops, SIL Assessments, and SIL Threshold records features. Additionally, the users can access, create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management. In MOC, the users can access, create, modify, and delete General Recommendations.
MI Calibration Viewer
MI HA Facilitator
MI HA Member
MI Hazards Viewer
MI MOC User
MI MOC Viewer
MI SIS Engineer
MI SIS User
MI SIS Viewer
MI Strategy AdminMI AHI AdministratorThe users have all the privileges applicable to the users assigned to the MI Strategy Power role. Additionally, the users have administrative privileges for the Reliability Centered Maintenance, Failure Modes and Effects Analysis, Asset Strategy Implementation, and Life Cycle Cost Analysis features.
MI AHI User
MI ASI Administrator
MI ASI User
MI ASI Viewer
MI ASM Administrator
MI ASM Analyst
MI ASM Reviewer
MI ASM Viewer
MI Calibration User
MI Calibration Viewer
MI Inspection
MI LCC Administrator
MI LCC User
MI LCC Viewer
MI Lubrication Management Administrator
MI Operator Rounds Administrator
MI RBI Analyst
MI RCM Administrator
MI RCM User
MI RCM Viewer
MI SIS User
MI Strategy PowerMI AHI AdministratorThe users have all the privileges applicable to the users assigned to the MI Strategy User role, and the administrative privileges for the Asset Health Manager feature.
MI AHI User
MI ASI User
MI ASI Viewer
MI ASM Analyst
MI ASM Reviewer
MI ASM Viewer
MI Calibration User
MI Calibration Viewer
MI Inspection
MI LCC User
MI LCC Viewer
MI Lubrication Management Administrator
MI Operator Rounds Administrator
MI RBI Analyst
MI RCM User
MI RCM Viewer
MI SIS User
MI Strategy UserMI AHI UserThe users have the view, create, update, and delete privileges for the Reliability Centered Maintenance, Failure Modes and Effect Analysis, Asset Strategy Implementation, Asset Strategy Management, and Life Cycle Cost Analysis features. Additionally, the users have the administrative privileges for Rounds feature, and view privileges for Asset Health Manager and Calibration Management features.
MI ASI User
MI ASI Viewer
MI ASM Analyst
MI ASM Viewer
MI Calibration Viewer
MI Inspection
MI LCC User
MI LCC Viewer
MI Lubrication Management Administrator
MI Operator Rounds Administrator
MI RCM User
MI RCM Viewer
MI SIS User

About Administrative Feature Access for the MI APMNow Admin Security Role

The following table describes the administrative features accessible to users associated with the MI APMNow Admin Security Role. To access additional administrative features available in APM Now, users must be associated with additional Security Roles.

Admin ModuleAdmin FeatureMI APMNow Admin Access?
Application SettingsMetrics and ScorecardsYes
Configuration ManagerContent Change ManagementNo
Content ValidationNo
ExportNo
Family ManagementYes
ImportNo
Manage TranslationsNo
SitesYes
System Codes and TablesYes
Units of Measure and ConversionsYes
Operations ManagerActivate LicensesNo
APM Connect ConfigurationNo
APM Connect EAM JobsYes
APM System MonitoringYes
Asset Hierarchy ConfigurationYes
ConnectionsNo
Data SourcesNo
Email SettingsNo
GIS ConfigurationNo
Help ConfigurationNo
Host NamesNo
MonitoringNo
Query TimeoutsYes
Reference Document Server CredentialsNo
Risk MatrixYes
Schedule LogsYes
Search ConfigurationNo
SQL Server Reporting ServicesNo
Strategy MacrosYes
Systems and TagsNo
Security ManagerData PermissionsNo
GroupsNo
LDAPNo
Password PolicyNo
RolesNo
UsersNo
User DefaultsNo

The following table describes the baseline privileges related to Configuration Manager features that are granted to members of the MI APMNow Admin Security Role. Family Management features not listed in the table below are not accessible.

Configuration Manager FeaturePrivilegesNotes
Associated PagesAdd, Edit, or DeleteNone
DatasheetAdd, Edit, or DeleteNone
Family ReportsAdd, Edit, or DeleteThere is no edit function that you can perform on this feature, but you can mark a report as default.
FieldEditNone
Field BehaviorEditNone
Family PoliciesAdd, Edit, or DeleteNone
State ConfigurationAdd, Edit, or DeleteNone
System Codes and TablesAdd, Edit, or DeleteNone
Units of Measure and ConversionsAdd, Edit, or DeleteNone

Access the Security Roles Page

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
The Security Roles page appears.

Create a Security Role

Procedure

  1. In the module navigation menu, select Admin > Security Manager > Roles.
  2. In the left pane, select .
    The New Role workspace appears, displaying a blank Security Role form.

    -or-

    If you want to create a new subgroup, in the left pane, select the Security Role to which you want to add the subgroup, and then select New Role.

    The New Role workspace appears, displaying a blank Security Role form.

  3. As needed, enter values in the available fields.
  4. Select .
    The Security Role is saved.

What To Do Next

Security Role Records

Security Role records contain information related to each unique Security Role in GE Digital APM. This topic provides an alphabetical list and description of the fields that exist for the Security Role family. The information in the table reflects the baseline state and behavior of these fields.

FieldData Type Description Behavior and Usage
CaptionCharacterA title or explanation that identifies the Security Role. A property that specifies how the Security Role is labeled throughout the software interface. Note that most captions can be localized.This field is required. You can enter text to define this value manually.

Description

CharacterA detailed description of the Security RoleThis field is optional. You can enter text to define this value manually.
IDCharacterThe ID for the Security RoleThis field is required. You can enter text to define this value manually.

Assign Security Users to Roles

About This Task

This topic describes how to assign multiple Security Users to a Security Role on the Security Roles page. You can also assign multiple Security Roles to a Security User on the Security Users page.

Procedure

  1. In the module navigation menu, select Admin > Security Manager > Roles.
  2. In the left pane, select the Security Role that you want to assign to the Security User.
    The workspace for the selected Security Role appears.
  3. In the Security Users section, select .
    The Assign Users window appears, displaying the available users.
  4. Beside each Security User that you want to assign the to the Security Role, select the check box.
  5. Select .
    The updated Security Role properties are saved.

Remove Security Users from Roles

Procedure

  1. In the module navigation menu, select Admin > Security Manager > Roles.
  2. In the left pane, select the Security Role from which you want to remove Security Users.
    The workspace for the selected Security Role appears.
  3. In the Security Users section, beside each Security User that you want to remove, select the check box.
  4. Select .
    The selected Security Users are removed.
  5. Select .
    The updated Security Roles properties are saved.

Assign Security Groups to Security Roles

About This Task

This topic describes how to assign multiple Security Groups to a Security Role on the Security Roles page. You can also assign multiple Security Roles to a Security Group on the Security Groups page.

Procedure

  1. In the module navigation menu, select Admin > Security Manager > Roles.
  2. In the left pane, select the Security Role that you want to add to the Security Group.
    The workspace for the selected Security Role appears.
  3. In the Security Group section, select .
    The Assign Groups window appears.
  4. Beside each Security Group that you want to assign the to the Security Role, select the check box.
  5. Select .
    The updated Security Role properties are saved.

Remove Security Groups from Roles

Procedure

  1. In the module navigation menu, select Admin > Security Manager > Roles.
  2. In the left pane, select the Security Role for which you want to remove the Security Group.
    The workspace for the selected Security Role appears.
  3. In the Security Groups section, beside each Security Group that you want to remove, select the check box.
  4. Select .
    The Security Groups are removed.
  5. Select .
    The updated Security Roles properties are saved.