Groups | On-Premises APM

About Security Groups

A Security Group is a group of APM Security Users who share similar responsibilities or perform similar tasks in APM. After you create a Security Group, you can assign Security Users to the Security Group. Any Security User who is a member of a given Security Group will be granted the permissions defined for that Security Group. Security Groups can streamline the assignment of Security User permissions and help you organize Security Users according to their roles in the system.

Note: Each Security User must be a member of at least one Security Group.

Security Groups serve two main purposes:

They can have functional permissions, which control member access to certain features in the system.
They can be associated with data permissions so that you can assign the same permissions to a group of similar Security Users.

Some of the Security Groups that are included in the baseline APM database have specific functional permissions associated with them that control access to certain features of the system. For example, members of the MI PROACT Administrator Security Group will have access to the Administrative Tools in RCA. Any user who is not a member of the MI PROACT Administrator Security Group will not be able to access the RCA Administrative Tools.

Note: Functional permissions are typically defined in the APM code and cannot be modified.

Data permissions determine each member's ability to access data. Data permissions are provided for many of the baseline APM Security Groups, and can also be defined for any Security Groups that you create. Data permissions that are associated with baseline Security Groups can be modified.

Data permissions are spread down from Security Groups to Security subgroups. A Security Group should be given the lowest level of permissions allowed for any single member of that group. You can expand Security User permissions for individual Security Group members, but you cannot revoke from a Security User the permissions that are granted through any of its Security Groups. The more role-specific and task-specific you make your Security Groups, the easier it will be to define permissions for all of its members.

About the Everyone Security Group

The Everyone Security Group is included in the baseline APM database. When you create a new Security User in the Security Manager, that user will be assigned automatically to the Everyone Security Group. While membership in the Everyone Group is not required (i.e., Security Users can be removed from this Security Group), we recommend that you accept this default group assignment and keep all Security Users assigned to the Everyone Security Group. Membership in the Everyone Security Group meets the basic requirements needed to access the APM system and provides users with View-level privileges to the APM Foundation families (e.g., Equipment and Functional Location).

The following table illustrates the families to which members of the Everyone Security Group have permissions.


Family	Permissions
Entity Families
Asset Group	View
Asset Group Tag	View
Asset Hierarchy	View
Components	View
Equipment	View
Family Policy	View
Finding	View
Functional Location	View
Group Definition	View
Human Resource	View
Inspection	View
Inspection Profile	View
Inspection Team Member	View
MI Applications	View
Observation	View
Personnel Certification	View
Recommendation	View
Reference Document	View
Resource Role	View
Security Group	View
Security User	View
Taxonomy References	View
Technical Characteristics	View
Virtual Asset	View
Work History	View
Work History Detail	View
Relationship Families
Equipment Has Equipment	View
Functional Location Has Equipment	View
Functional Location Has Functional Location(s)	View
Group Assignment	View
Group Has Asset	View
Has Asset Group Tag	View
Has Certifications	View
Has Event Detail	View
Has Findings	View
Has Inspection Profile	View
Has Inspections	View
Has Observations	View
Has Reference Documents	View
Has Roles	View
Has Sub-Inspection	View
Has Taxonomy Hierarchy Element	View
Has Taxonomy Mapping	View
Has Team Member	View
Has Work History	View
Is a User	View
User Assignment	View

Access the Security Groups Page

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.

The Security Groups page appears.

Create a Security Group

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select .
The New Group workspace appears, displaying a blank Security Group form.
-or-
If you want to create a new subgroup, in the left pane, select the Security Group to which you want to add the subgroup, and then select New Group.
The New Group workspace appears, displaying a blank Security Group form.
As needed, enter values in the available fields.
Select .
The Security Group is created. When you create a Security Group, a corresponding folder is created at the following Catalog location: Public/Meridium/Security Groups/<Group ID>.

Security Group Records

Security Group records contain information related to each unique Security Group in APM. This topic provides an alphabetical list and description of the fields that exist for the Security Group family. The information in the table reflects the baseline state and behavior of these fields.


Field	Data Type	Description	Behavior and Usage
Caption	Character	A title or explanation that identifies the Security Group. A property that specifies how the Security Group is labeled throughout the software interface.	This field is required. You can enter text to define this value manually.
Description	Character	A detailed description of the Security Group.	This field is optional. You can enter text to define this value manually.
Group ID	Character	The ID for the Security Group.	This field is required. You can enter text to define this value manually.

Modify a Security Group Properties

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group whose properties you want to modify.
The workspace for the selected Security Group appears, displaying the corresponding Security Group form.
As needed, modify the available fields, and then select .
The updated Security Group properties are saved.

Activate or Deactivate a Security Group

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group that you want to activate or deactivate.
The workspace for the selected Security Group appears, displaying the corresponding Security Group form.
Select or clear the Active check box as needed, and then select .
Depending on your selection, the Security Group is activated or deactivated.

Assign Security Users to a Security Group

Before You Begin

About This Task

This topic describes how to assign multiple Security Users to a Security Group on the Security Groups page. You can also assign a Security User to multiple Security Groups on the Security Users page.

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group to which you want to add Security Users.
The workspace for the selected Security Group appears.
In the workspace for the selected Security Group, select the Users tab.
The Users section appears.
Select .
The Assign Users window appears, displaying the list of available Security Users.
Beside each Security User that you want to assign to the Security Group, select the check box.
Select Save.
The updated Security Group properties are saved.

Remove Security Users from a Security Group

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group from which you want to remove Security Users.
The workspace for the selected Security Group appears.
In the workspace for the selected Security Group, select the Users tab.
The Users section appears.
Beside each Security User that you want to remove from the Security Group, select the check box.
Select .
The selected Security Users are removed.
Select .
The updated Security Group properties are saved.

Assign Roles to Security Group

Before You Begin

About This Task

This topic describes how to assign multiple Security Roles to a Security Group on the Security Groups page. You can also assign a Security Role to multiple Security Groups on the Security Roles page.

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group to which you want to add Security Roles.
The workspace for the selected Security Group appears.
In the workspace for the selected Security Groups, select the Roles tab.
The Roles section appears.
Select .
The Assign Roles window appears, displaying the list of available Security Roles.
Beside each Security Role that you want to assign to the Security Group, select the check box.
Select Save.
The updated Security Group properties are saved.

Remove Security Roles from a Security Group

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group from which you want to remove Security Roles.
The workspace for the selected Security Group appears.
In the workspace for the selected Security Group, select the Roles tab.
The Roles section appears.
Beside each Security Role that you want to remove, select the check box.
Select .
The selected Security Roles are removed.
Select .
The updated Security Group properties are saved.

Remove a Security Group

About This Task

Note: Each Security Group has a corresponding folder at the following Catalog location:Public/Meridium/Security Groups/<Group ID> . Before you can delete a Security Group, you must delete all Catalog items stored at this location, and must remove all Catalog folder permissions from the Catalog folder.

Procedure

In the Applications menu, navigate to ADMIN > Security Manager > Groups.
In the left pane, select the Security Group that you want to remove.
The workspace for the selected Security Group appears, displaying the corresponding Security Group form.
Select .
The Security Group is removed.