Creating Security Groups

To control access to specific sections of the PPM user interface and its functionality, you create security groups, specify their members, and then configure their access grants.

To create a security group:

  1. Log on to PPM.

  2. From the menu bar, select Open > Administration > Open Workbench.

    The PPM Workbench opens.

  3. From the shortcut bar, select Sys Admin > Security Groups.

    The Security Group Workbench window opens.

  4. Click New Security Group.

    The Security Group window opens.

  5. In the Name field, type a name for the group.

  6. In the Reference Code field, accept or type a new value.                 

    The Reference Code field value is used to uniquely identify the security group across all the languages being used in you PPM implementation.

    The reference code value must be unique across all languages, use capital letters and ASCII characters, not start with an underscore (_), and not use any of the following special characters:


    System data reference codes start with an underscore (_) and should not be modified.

  7. To enable the new group, next to Enabled, click Yes.

  8. In the Description field, you can type a description of the group.

    To add members to the security group, you can either select a list of users or associate the group with an organization unit that has been defined in PPM.

  9. To make this group selectable, do one of the following:

    • To select group members directly:

      1. On the Users tab, click Add New User to this Group.

      2. The Users dialog box opens.

      3. In the Users field, click the selector button.

      4. The Validate window opens.

      5. In the Available section, select the users to add to the security group.

      6. Click OK.

      7. In the Users dialog box, click OK.

    • To add users based on their organization unit associations:

      1. In the Membership section of the Users tab, under Members are, select Determined by Organization Unit.

      2. In the Organization Unit field, provide the name of an organizational unit.

      3. If you want to associate just the members of this organization unit with the new security group, leave Direct Members Only selected. If you also want to include members of the child organization units of the selected unit, click All Members (Cascading).

  10. To specify user interface and feature access, click the Access Grants tab, and then select the access grants to assign to the security group.

    For a complete list of access grants, see Access grants.

  11. If the security group is to be used in deployment, do the following:

    1. Click the Deployment Management Workflows tab, and then specify the workflows that members of this security group can use to deploy changes.

    2. On the Deployment Management App Codes tab, restrict the security group from using specific application codes in creating package lines.

      This restricts the applications through which each user can process objects.

To minimize the maintenance of a security model around processes, consider creating and maintaining the following security groups to control who can:

  • Act on specific workflow steps by defining a list of users with no special access grants

  • Access a particular screen or function by defining a list of users and required access grants

As new users are added to the system, you can grant them the required screen and function access and associated with specific workflows.