Managing Security Groups
In a secure database, security groups control what users can see and do in the database. By default, the software includes four predefined security groups: Admin, Power, User and View. The Admin group, which has full permissions throughout the database, can neither be deleted nor have its permissions modified. For the other predefined groups, you can edit their permissions or replace them with new groups that fit the specific way the database will be used.
As discussed in Planning Your Security Approach, there are two basic approaches you can use:
- Same permissions for all public/reference projects – each user account is assigned to one security group and all public/reference projects use the default security option (database-level security).
- Different permissions for different public/reference projects – each user account may be assigned to multiple security groups and each public/reference project may be accessed only by specific security groups and/or users.
Note: If your organization has implemented an SEP web portal for an enterprise database and the site is configured to enable access by nCode Aqira users, a special "Aqira" security group will be created. This security group cannot be deleted, but you can modify the permissions that will be available to Aqira users.
Creating, Editing or Deleting Security Groups
You can manage the security groups by choosing File > Manage Database > Users and Security. (In a secure database, this is available only to users with the "Manage users and logins" permission.)
In the Users and Security window, click the Security Groups tab to see all the security groups that have been created in the database. Use the Add, Edit or Delete buttons below the table to manage the groups.
When you edit a security group, the left side of the Security Group window allows you to choose the permissions, while the right side shows all the users currently assigned to the group.
If you have selected to Associate this security group with an Active Directory group, the list of assigned users can be updated automatically, or you will only be able to manually import/assign users who belong to the designated Active Directory group. (See Associating Security Groups with Active Directory.)
In enterprise databases, you can click the Report button at the bottom of the Users and Security window to generate an Excel spreadsheet that includes:
- All security groups and the permissions assigned to them.
- All users and the security groups they belong to.
Permissions
Here is a summary of all the permissions that can be granted to a particular security group.
Basic permissions throughout database
These permissions apply throughout the database if they are in any of the security groups that the user belongs to. These permissions do not depend on the security settings for a particular project.
Create and own private projects |
You can create and own private projects in the database that are accessible only to you. (Users with the "Manage all private projects" permission can still perform administrative tasks on all private projects, such as editing their properties, locking them, converting them to public projects, etc.) |
Create and own public projects |
You can create and own public projects that other users can view and edit (depending on the project security settings). |
Create and own reference projects |
You can create and own reference projects for sharing resources and FMEAs with other projects in the database (depending on the project security settings). |
Create portal messages |
You can create new messages and edit or delete the messages you have personally created via the Messages page in My Portal. |
Publish to SEP web portal |
You can publish your progress, results and analyses from a given project to the SEP web portal, making the information accessible from any web-enabled device. |
Open desktop apps from SEP web portal |
You can use the Open buttons on the FMEAs and analysis summary pages in the SEP web portal to open those applications using Remote ReliaSoft. |
Create/edit/delete RDW data collections |
You can create, edit and delete data collections in the Reliability Data Warehouse (RDW). This includes data extraction from XFRACAS as well as custom connections, and confers the ability to create dashboard layouts for custom connections. See Reliability Data Warehouse (RDW) in the Weibull++ documentation. |
Basic and advanced permissions at project level
A user can have these permissions in some projects but not others, depending on the project security settings. Regardless of the project security settings, these permissions are always automatically granted to the current project owner and anyone else that can manage the project.
Read |
You can perform tasks that do not modify the data in the project (e.g., view the analysis, calculate metrics in a Quick Calculation Pad, export data, etc.). |
Create/edit project items |
You can create and edit items in a given project such as folios in Weibull++, diagrams in BlockSim, etc., as well as update the item properties. In order to create and edit system hierarchy items in XFMEA/RCM++, you must also have the "Add/insert new system hierarchy items in XFMEA/RCM++" permission. |
Create/edit/delete own resources |
You can create resources (e.g., URDs, models, etc.) and edit or delete any existing resources you have created. |
Delete project items |
You can delete any item in a given project (e.g., folios in Weibull++, diagrams in BlockSim, etc.). In order to delete system hierarchy items in XFMEA/RCM++, you must also have the "Delete system hierarchy items in XFMEA/RCM++" permission. This permission cannot be assigned unless you also have the "Create/edit project items" permission. |
Create/edit project plans |
You can create and edit project plans for a given project. |
Create/edit/delete local resources |
You can create, edit and delete any local resources in the project (not just the ones that you created). |
Set project security |
You can control who can view and edit a given project. This permission allows you to configure both project security settings and item permissions. |
Edit project properties |
You can use the Project Properties window to edit the name, description, category and other settings of a given project. |
You can:
|
|
Create restore points |
You can utilize restore points for a given project, which are exact replicas of the project at a particular point in time (i.e., backups). |
You can delete a given project. |
|
Add/insert new system hierarchy items in XFMEA/RCM++ |
You can add/insert new items into the system hierarchy in XFMEA/RCM++. See Building the System Hierarchy in the XFMEA/RCM++ documentation. This permission cannot be assigned unless you also have the "Create/edit project items" permission. |
Edit system hierarchy items properties in XFMEA/RCM++ |
You can edit the item properties for system hierarchy items in XFMEA/RCM++. See Item Properties in the XFMEA/RCM++ documentation. This permission cannot be assigned unless you also have the "Create/edit project items" permission. |
Add new analyses to system hierarchy items in XFMEA/RCM++ |
You can create new analyses for system hierarchy items in XFMEA/RCM++. See Associated Analyses and Diagrams in the XFMEA/RCM++ documentation. This permission cannot be assigned unless you also have the "Create/edit project items" permission. |
Move system hierarchy items in XFMEA/RCM++ |
You can move system hierarchy items (move up, move down, promote, demote) in XFMEA/RCM++. See Building the System Hierarchy in the XFMEA/RCM++ documentation. This permission cannot be assigned unless you also have the "Create/edit project items" permission. |
Delete system hierarchy items in XFMEA/RCM++ |
You can delete items from the system hierarchy in XFMEA/RCM++. This permission cannot be assigned unless you also have the "Delete project items" permission. |
Activate/Manage change logs in XFMEA/RCM++ |
You can enable and manage change logs within a given project. Change logs can be created for FMEAs, DVP&R, Control Plan and P-Diagram analyses in XFMEA/RCM++. See Change Logs in the XFMEA/RCM++ documentation. |
Deactivate change logs in XFMEA/RCM++ |
You can deactivate change logs within a given project. |
Review change logs in XFMEA/RCM++ |
You can implement electronic approval tracking for change logs within a given project. See Electronic Approval Tracking in the XFMEA/RCM++ documentation. |
Administrative permissions throughout database
These permissions apply throughout the database if they are in any of the security groups that the user belongs to. These permissions do not depend on the security settings for a particular project.
Manage users and logins |
You can:
|
Manage project planning resources and working days |
You can:
|
Manage project/item categories |
You can use the Project/Item Categories window to define the project and item categories that can be used for grouping and filtering projects and items in the database. |
Manage other database settings |
You can:
|
Create/edit/delete global resources |
You can create, edit and delete any global resources in the project (not just the ones that you created). In addition, you can transfer data from XFRACAS to the RDW. See Extracting Data from XFRACAS in the Weibull++ documentation. |
Approve actions |
You can review and approve actions, which are resources that allow you to track progress made in a project. |
Manage all portal messages |
You can edit or delete any messages that are visible to you via the Messages page in My Portal. This includes any messages for which you are the creator or one of the recipients. |
Manage dashboard layouts |
You can create and save layouts for use in the Dashboard Viewer in Weibull++ and BlockSim. |
Manage profiles and templates in XFMEA/RCM++ |
This permission is available only in enterprise databases. You can:
|
Manage Lambda Predict database settings |
You can:
|
Manage MPC Settings |
You can:
|
You have all the basic and advanced project-level permissions for public projects in the database. You can also change the project owner for any public project in the database. |
|
Manage all reference projects |
You have all the basic and advanced project-level permissions for reference projects in the database. You can also change the project owner for any reference project in the database. |
Manage all private projects |
You have all the basic and advanced project-level permissions for private projects in the database. You can also change the project owner for any private project in the database. |