This section addresses the data and process security related to APM. Configuring data and process security typically involves configuring licenses, security groups, access grants, entity-level settings, field-level settings, and setting user roles. APM provides two licenses, three security groups, two access grants, and several user roles to simplify data and process security. The following sections provide information about the licenses, security groups, access grants, and user roles required to secure actions or data related to APM features. See Security Model Guide and Reference for more information about entity-level settings and field-level settings.

Note: The screen and function access that access grants provide is cumulative. A user who belongs to three different security groups has access to the user interface and functionality provided to all three groups combined. Therefore, to restrict certain screen and feature access, you remove the user from any security group that grants that access.

To see all security groups that are assigned specific access grants, click the Access Grants tabs in the User window. You can then:

  • Remove the user from the security group (using the Security Group tab in the User window).

  • Remove the access grants from the security group (in the Security Group window). Do this only if no one in that security group needs the access that this access grant provides.