Managing Security Groups

In a secure database, security groups control what users can see and do in the database. By default, the software includes four predefined security groups: Admin, Power, User and View. The Admin group, which has full permissions throughout the database, can neither be deleted nor have its permissions modified. For the other predefined groups, you can edit their permissions or replace them with new groups that fit the specific way the database will be used.

As discussed in Planning Your Security Approach, there are two basic approaches you can use:

  • Same permissions for all public/reference projects – each user account is assigned to one security group and all public/reference projects use the default security option (database-level security).
  • Different permissions for different public/reference projects – each user account may be assigned to multiple security groups and each public/reference project may be accessed only by specific security groups and/or users.

Note: If your organization has implemented an SEP web portal for an enterprise database and the site is configured to enable access by nCode Aqira users, a special "Aqira" security group will be created. This security group cannot be deleted, but you can modify the permissions that will be available to Aqira users.

Creating, Editing or Deleting Security Groups

You can manage the security groups by choosing File > Manage Database > Users and Security. (In a secure database, this is available only to users with the "Manage users and logins" permission.)

In the Users and Security window, click the Security Groups tab to see all the security groups that have been created in the database. Use the Add, Edit or Delete buttons below the table to manage the groups.

When you edit a security group, the left side of the Security Group window allows you to choose the permissions, while the right side shows all the users currently assigned to the group.

If you have selected to Associate this security group with an Active Directory group, the list of assigned users can be updated automatically, or you will only be able to manually import/assign users who belong to the designated Active Directory group. (See Associating Security Groups with Active Directory.)

Starting in Version 2020, in enterprise databases, you can click the Report button at the bottom of the Users and Security window to generate an Excel spreadsheet that includes:

  • All security groups and the permissions assigned to them.
  • All users and the security groups they belong to.

Permissions

Here is a summary of all the permissions that can be granted to a particular security group.

Basic permissions throughout database

These permissions apply throughout the database if they are in any of the security groups that the user belongs to. These permissions do not depend on the security settings for a particular project.

Create and own private projects

You can create and own private projects in the database that are accessible only to you. (Users with the "Manage all private projects" permission can still perform administrative tasks on all private projects, such as editing their properties, locking them, converting them to public projects, etc.)

Create and own public projects

You can create and own public projects that other users can view and edit (depending on the project security settings).

Create and own reference projects

You can create and own reference projects for sharing resources and FMEAs with other projects in the database (depending on the project security settings).

Create portal messages

You can create new messages and edit or delete the messages you have personally created via the Messages page in My Portal.

Publish to SEP web portal

You can publish your progress, results and analyses from a given project to the SEP web portal, making the information accessible from any web-enabled device.

Open desktop apps from SEP web portal

You can use the Open buttons on the FMEAs and analysis summary pages in the SEP web portal to open those applications using Remote ReliaSoft.

Create/edit/delete RDW data collections

You can create, edit and delete data collections in the Reliability Data Warehouse (RDW). This includes data extraction from XFRACAS as well as custom connections, and confers the ability to create dashboard layouts for custom connections. See Reliability Data Warehouse (RDW) in the Weibull++ documentation.

 

Basic and advanced permissions at project level

A user can have these permissions in some projects but not others, depending on the project security settings. Regardless of the project security settings, these permissions are always automatically granted to the current project owner and anyone else that can manage the project.

Read

You can perform tasks that do not modify the data in the project (e.g., view the analysis, calculate metrics in a Quick Calculation Pad, export data, etc.).

Create/edit project items

You can create and edit items in a given project such as folios in Weibull++, diagrams in BlockSim, etc., as well as update the item properties. Starting in Version 2020, in order to create and edit system hierarchy items in XFMEA/RCM++, you must also have the "Add/insert new system hierarchy items in XFMEA/RCM++" permission.

Create/edit/delete own resources

You can create resources (e.g., URDs, models, etc.) and edit or delete any existing resources you have created.

Delete project items

You can delete any item in a given project (e.g., folios in Weibull++, diagrams in BlockSim, etc.). Starting in Version 2020, in order to delete system hierarchy items in XFMEA/RCM++, you must also have the "Delete system hierarchy items in XFMEA/RCM++" permission.

This permission cannot be assigned unless you also have the "Create/edit project items" permission.

Create/edit project plans

You can create and edit project plans for a given project.

Create/edit/delete local resources

You can create, edit and delete any local resources in the project (not just the ones that you created).

Set project security

You can control who can view and edit a given project. This permission allows you to configure both project security settings and item permissions.

Edit project properties

You can use the Project Properties window to edit the name, description, category and other settings of a given project.

Lock or check out project

You can:

    • Lock and unlock a given project.
    • Check in and check out a given project.

Create restore points

You can utilize restore points for a given project, which are exact replicas of the project at a particular point in time (i.e., backups).

Delete project

You can delete a given project.

Add/insert new system hierarchy items in XFMEA/RCM++

You can add/insert new items into the system hierarchy in XFMEA/RCM++. See Building the System Hierarchy in the XFMEA/RCM++ documentation.

This permission cannot be assigned unless you also have the "Create/edit project items" permission.

Edit system hierarchy items properties in XFMEA/RCM++

You can edit the item properties for system hierarchy items in XFMEA/RCM++. See Item Properties in the XFMEA/RCM++ documentation.

This permission cannot be assigned unless you also have the "Create/edit project items" permission.

Add new analyses to system hierarchy items in XFMEA/RCM++

You can create new analyses for system hierarchy items in XFMEA/RCM++. See Associated Analyses and Diagrams in the XFMEA/RCM++ documentation.

This permission cannot be assigned unless you also have the "Create/edit project items" permission.

Move system hierarchy items in XFMEA/RCM++

You can move system hierarchy items (move up, move down, promote, demote) in XFMEA/RCM++. See Building the System Hierarchy in the XFMEA/RCM++ documentation.

This permission cannot be assigned unless you also have the "Create/edit project items" permission.

Delete system hierarchy items in XFMEA/RCM++

You can delete items from the system hierarchy in XFMEA/RCM++.

This permission cannot be assigned unless you also have the "Delete project items" permission.

Activate/Manage change logs in XFMEA/RCM++

You can enable and manage change logs within a given project. Change logs can be created for FMEAs, DVP&R, Control Plan and P-Diagram analyses in XFMEA/RCM++. See Change Logs in the XFMEA/RCM++ documentation.

Deactivate change logs in XFMEA/RCM++

You can deactivate change logs within a given project.

Review change logs in XFMEA/RCM++

You can implement electronic approval tracking for change logs within a given project. See Electronic Approval Tracking in the XFMEA/RCM++ documentation.

 

Administrative permissions throughout database

These permissions apply throughout the database if they are in any of the security groups that the user belongs to. These permissions do not depend on the security settings for a particular project.

Manage users and logins

You can:

Manage project planning resources and working days

You can:

    • Use the Project Planning Resources window to manage the cost categories, teams, materials and facilities that are used for tracking resource utilization in Project Planner gates and actions.
    • Use the Working Days/Holidays window to specify the business days that will be used for Project Planner gates and actions.

Manage project/item categories

You can use the Project/Item Categories window to define the project and item categories that can be used for grouping and filtering projects and items in the database.

Manage other database settings

You can:

    • Use the Unit Settings window to define the unit and measurement settings available for use in any project within the database.
    • Use the Default Name Formats window to specify how default names for resources and blocks are created.
    • Use the Task Types window in RCM++ and MPC.
      • In RCM++ , you can map the task types that are used only in RCM++ to the task classes in the universal reliability definition (URD). See Task Types in RCM++ in the RCM++ documentation.
      • In MPC, you can modify the abbreviations used for MSG-3 task types. See Task Type Abbreviations in MPC in the MPC documentation.
    • Use the Database Settings window to set some default settings for existing and new databases. This includes enabling e-mail alerts for the database, activating history logs, etc.
    • Set up XFRACAS connection settings that allow ReliaSoft desktop applications to access the XFRACAS data stored in the database. This is available only for standard databases (*.rsr22).

Create/edit/delete global resources

You can create, edit and delete any global resources in the project (not just the ones that you created). In addition, you can transfer data from XFRACAS to the RDW. See Extracting Data from XFRACAS in the Weibull++ documentation.

Approve actions

You can review and approve actions, which are resources that allow you to track progress made in a project.

Manage all portal messages

You can edit or delete any messages that are visible to you via the Messages page in My Portal. This includes any messages for which you are the creator or one of the recipients.

Manage dashboard layouts

You can create and save layouts for use in the Dashboard Viewer in Weibull++ and BlockSim.

Manage profiles and templates in XFMEA/RCM++

This permission is available only in enterprise databases. You can:

    • Use the Profiles/Library Manager window in XFMEA/RCM++ to configure the predefined settings stored in the active library of the enterprise database. See Profiles/Library Manager in the XFMEA/RCM++ documentation.
    • Use the Templates Manager window in XFMEA/RCM++ to configure report templates stored in the enterprise database. See Templates Manager in the XFMEA/RCM++ documentation.

Manage Lambda Predict database settings

You can:

    • Use the FIDES Settings Manager window in Lambda Predict to configure the FIDES-related settings stored in the database. This applies to the FIDES prediction standard only (see FIDES Settings Manager in the Lambda Predict documentation).
    • Use the Custom Derating Standards Manager window in Lambda Predict to create, edit or delete user-defined derating standards stored in the database. See Creating Custom Derating Standards in the Lambda Predict documentation.
    • Use the MIL-217 Custom Connections window in Lambda Predict to define failure rates for user-defined connectors stored in the database. This applies to the MIL-217 prediction standard only. See MIL-217 Custom Connection Types in the Lambda Predict documentation.

Manage MPC Settings

You can:

    • Use the Manage ATA Chapters window in MPC to define the systems and subsystems that are available for use in the database. See Managing ATA Chapters in the MPC documentation.
    • Use the Manage Major Zones window in MPC to define the zones and major sub-zones that are available for use in the database. See Managing Major Zones in the MPC documentation.
    • Use the Configurable Options for Systems and Powerplant Analysis window in MPC to enable or disable the display of some item properties and task properties fields. See Configurable Options for Systems and Powerplant Analysis in the MPC documentation.
    • Use the Configurable Options for Structural Analysis window in MPC to customize the settings for environmental deterioration (ED) and accidental damage (AD) analyses that can be performed for any structural item in MPC Plus. See Configurable Options for Structural Analysis in the MPC documentation.
    • Use the Configurable Options for Zonal and L/HIRF Analysis window in MPC to customize the settings for the standard zonal, enhanced zonal and L/HIRF analyses that can be performed for any zonal item in MPC Plus. See Configurable Options for Zonal and L/HIRF Analysis in the MPC documentation.

Manage all public projects

You have all the basic and advanced project-level permissions for public projects in the database. You can also change the project owner for any public project in the database.

Manage all reference projects

You have all the basic and advanced project-level permissions for reference projects in the database. You can also change the project owner for any reference project in the database.

Manage all private projects

You have all the basic and advanced project-level permissions for private projects in the database. You can also change the project owner for any private project in the database.

Related Topics and Links