Create security groups in PPM Workbench

This topic provides details on how to create security groups in PPM Workbench.

In this topic:

Create security groups

You create security groups, specify their members, and then configure their access grants.

To create a security group:

1. Log on to PPM.

2. From the menu bar, click Open > Administration > Open Workbench to open the PPM Workbench.

3. From the shortcut bar, select Sys Admin > Security Groups.

4. In the Security Group Workbench, click New Security Group.

5. Provide the following information for the security group:

   Field	Description
   Name	Provide a name for the security group.
   Reference Code	Use the system-generated code or provide a new one. The reference code is used to uniquely identify the security group across all the languages used in you PPM implementation. The reference code value must be unique across all languages. Use capital letters and ASCII characters. Do not start with an underscore (_), and do not use any of the following special characters: ~!@#$%^&*()+}{":?><`-=]['''';/.,', System data reference codes start with an underscore (_) and should not be modified.
   Enabled	To enable this security group, select Yes. Only enabled security groups are available when generating or updating users or workflows.
   Description	Provide a description for the security group.

6. In the This Security Group will be used by field, select the PPM entities that can use the security group.

   The options include the following:

   Option	Description
   Requests	Determines whether this security group can be used in request processing. If you do not select this option, the security group is not displayed in the following places: Assigned Group field on the request User Access tab in the Request Type window. This restricts users in the security group from selecting a request type when creating a request. Note: If a user has the System: Override Key Fields Segmentation access grant, then the security group is displayed in the Assigned Group field.
   Projects	Determines whether this security group participates in project management activities.
   Packages	Determines whether this security group can be used in package processing. If you do not select this option, the security group is not displayed in the Assigned Group field in the Package window. Note: If a user has the System: Override Key Fields Segmentation access grant, then the security group is displayed in the Assigned Group field.
   Timesheets	If you select this option, the Charge Code Rules tab is enabled for the security group. You can use this tab to specify who has access to certain charge codes in Time Management.

7. Use the Users tab to add members to the security group. You can either select a list of users to add to the security group or associate the security group with an organization unit.

   Option	Details
   Select a list of users to the security group	To select a list of users to add to the security group: On the Users tab, in the Membership section, select Specified Directly. Click Add new user to this group to open the Users window. In the Users field, select one or more users. Click OK.
   Associate the security group with an organization unit	To associate the security group with an organization unit: Note: If you select an organization unit to control user access to the security group, any users selected in the Users list are replaced by the members of the organization unit. On the Users tab, in the Membership section, select Determined by Organization Unit. Click Yes in the confirmation dialog box to continue. In the Organization Unit field, select the organization unit. To include only direct members of the specified organization unit, and exclude its child organization units, select Direct Members Only. To include members of this organization unit and its child unit, select All Members (Cascading). For example, suppose your Quality Assurance organization unit consists of the Testers and Bug Fixers sub-units. If you select to include members of child organization units for the Quality Assurance unit, then the list of users contains all of the resources defined in each of the units (Quality Assurance, Testers, and Bug Fixers).

8. On the Access Grants tab, link access grants to the security group, as follows:

   Note: The access grant enables certain functions performed in PPM modules. For details on access grants, see Access grants.

   1. In the Available Access Grants list, select one or more access grants.
   2. Click the right-pointing arrow.
   3. Click OK.

9. On the Ownership tab, specify who can edit, copy, and delete this security group, as follows:

   1. Click the Ownership tab in the Security Group window.

   2. To allow all users that have the Edit Security Groups Access Grant to edit the security group, select the All users with the Edit Security Groups Access Grant option.

   3. To allow users from specific groups to edit the security group, do the following:

      1. Select Only groups listed below that have the Edit Security Groups Access Grant.
      2. Click Add.
      3. Select the one or more security groups and click OK.

      4. Click OK.

10. Click OK.

Back to top

Restrict workflows and application codes for security groups

If a security group contains Deployment Management users, you can limit the following to its members:

• The workflows available when processing packages
• The application codes (or app codes) available when new package lines are generated

To restrict workflows available to a security group:

1. From the PPM Workbench, select the security group.

2. Click the Deployment Management Workflows tab.

3. Select the workflows in the Allowed Deployment Management Workflows list.

4. Click the left-pointing arrow. The selected items are moved to the Restricted Deployment Management Workflows list.

5. To exclude all future workflows, select the Always restrict new Workflows checkbox.

6. Click OK.

To restrict application codes available to a security group:

1. From the PPM Workbench, select the security group.

2. Click the Deployment Management App Codes tab.

3. Select the app codes in the Allowed Deployment Management App Codes list.

4. Click the left-pointing arrow. The selected items removed to the Restricted Deployment Management App Codes list.

5. To exclude all future app codes, select the Always restrict new App Codes checkbox.

6. Click OK.

Back to top

Restrict charge code access for security groups

You can use the Charge Code Rules tab of a security group to control the charge codes that are visible to the members of that security group.

Overview

You define charge code rules on the Charge Code Rules tab of a security group. A charge code that satisfies the value set in the charge code rule is visible to the members of the security group.

Restrict charge code access for security groups

To restrict charge code access for a security group:

1. From the PPM Workbench, select the security group.

2. Click the Charge Code Rules tab.

3. Select Restrict Charge Codes to the following rules.

   Note: If you do not select this option, the security group has no application code restrictions imposed on it, members of this security group have access to all charge codes. We recommend that you enable charge code rules for all security groups.

4. Click New.

5. Complete the fields in the Charge Code Rule window:

   Field	Description
   Type	Define the type of charge code rule. You can restrict charge codes based on charge code category, client, or department.
   Value	The value of the category, client, or department for the allowed charge code.
   Enabled	To enable the charge code rule, select Yes.

6. Click OK to add the charge code, or click Add to continue adding another rule.

7. Click OK.

Back to top

See also:

• Manage security groups from web UI