Create security groups in workbench
This topic provides details on how to create security groups in the workbench.
Create security groups
You create security groups, specify their members, and then configure their access grants.
To create a security group:
-
Click the Administration button in the masthead.
-
From the Administration menu, select Workbench > Open Workbench on Desktop to open the workbench.
-
From the shortcut bar, select Sys Admin > Security Groups.
-
In the Security Group Workbench, click New Security Group.
-
Provide the following information for the security group:
Field Description Name Provide a name for the security group. Reference Code Use the system-generated code or provide a new one.
The reference code is used to uniquely identify the security group across all the languages used in you PPM implementation.
The reference code value must be unique across all languages. Use capital letters and ASCII characters. Do not start with an underscore (_), and do not use any of the following special characters:
~!@#$%^&*()+}{":?><`-=]['''';/.,',
System data reference codes start with an underscore (_) and should not be modified.
Enabled To enable this security group, select Yes.
Only enabled security groups are available when generating or updating users or workflows.
Description Provide a description for the security group. -
In the This Security Group will be used by field, select the PPM entities that can use the security group.
The options include the following:
Option
Description
Requests
Determines whether this security group can be used in request processing. If you do not select this option, the security group is not displayed in the following places:
-
Assigned Group field on the request
-
User Access tab in the Request Type window. This restricts users in the security group from selecting a request type when creating a request.
Note: If a user has the System: Override Key Fields Segmentation access grant, then the security group is displayed in the Assigned Group field.
Projects
Determines whether this security group participates in project management activities.
Packages
Determines whether this security group can be used in package processing. If you do not select this option, the security group is not displayed in the Assigned Group field in the Package window.
Note: If a user has the System: Override Key Fields Segmentation access grant, then the security group is displayed in the Assigned Group field.
Timesheets
If you select this option, the Charge Code Rules tab is enabled for the security group. You can use this tab to specify who has access to certain charge codes in Time Management.
-
-
Use the Users tab to add members to the security group. You can either select a list of users to add to the security group or associate the security group with an organization unit.
Option Details Select a list of users to the security group To select a list of users to add to the security group:
- On the Users tab, in the Membership section, select Specified Directly.
- Click Add new user to this group to open the Users window.
- In the Users field, select one or more users.
- Click OK.
Associate the security group with an organization unit To associate the security group with an organization unit:
Note: If you select an organization unit to control user access to the security group, any users selected in the Users list are replaced by the members of the organization unit.
-
On the Users tab, in the Membership section, select Determined by Organization Unit.
-
Click Yes in the confirmation dialog box to continue.
-
In the Organization Unit field, select the organization unit.
-
To include only direct members of the specified organization unit, and exclude its child organization units, select Direct Members Only.
To include members of this organization unit and its child unit, select All Members (Cascading).
For example, suppose your Quality Assurance organization unit consists of the Testers and Bug Fixers sub-units. If you select to include members of child organization units for the Quality Assurance unit, then the list of users contains all of the resources defined in each of the units (Quality Assurance, Testers, and Bug Fixers).
-
On the Access Grants tab, link access grants to the security group, as follows:
Note: The access grant enables certain functions performed in PPM modules. For details on access grants, see Access grants.
- In the Available Access Grants list, select one or more access grants.
- Click the right-pointing arrow.
- Click OK.
-
On the Ownership tab, specify who can edit, copy, and delete this security group, as follows:
- Click the Ownership tab in the Security Group window.
-
To allow all users that have the Edit Security Groups Access Grant to edit the security group, select the All users with the Edit Security Groups Access Grant option.
-
To allow users from specific groups to edit the security group, do the following:
- Select Only groups listed below that have the Edit Security Groups Access Grant.
- Click Add.
- Select the one or more security groups and click OK.
-
Click OK.
-
Click OK.
Restrict workflows and application codes for security groups
If a security group contains Deployment Management users, you can limit the following to its members:
- The workflows available when processing packages
- The application codes (or app codes) available when new package lines are generated
To restrict workflows available to a security group:
-
From the workbench, select the security group.
-
Click the Deployment Management Workflows tab.
-
Select the workflows in the Allowed Deployment Management Workflows list.
-
Click the left-pointing arrow. The selected items are moved to the Restricted Deployment Management Workflows list.
-
To exclude all future workflows, select the Always restrict new Workflows checkbox.
-
Click OK.
To restrict application codes available to a security group:
-
From the workbench, select the security group.
-
Click the Deployment Management App Codes tab.
-
Select the app codes in the Allowed Deployment Management App Codes list.
-
Click the left-pointing arrow. The selected items removed to the Restricted Deployment Management App Codes list.
-
To exclude all future app codes, select the Always restrict new App Codes checkbox.
-
Click OK.
Restrict charge code access for security groups
You can use the Charge Code Rules tab of a security group to control the charge codes that are visible to the members of that security group.
Overview
You define charge code rules on the Charge Code Rules tab of a security group. A charge code that satisfies the value set in the charge code rule is visible to the members of the security group.
Example: If you define a charge code rule of the Category type with the Billable value, then only charge codes in the Billable category are visible to the security group members. No charge codes of other category are displayed.
Restrict charge code access for security groups
To restrict charge code access for a security group:
-
From the workbench, select the security group.
-
Click the Charge Code Rules tab.
-
Select Restrict Charge Codes to the following rules.
Note: If you do not select this option, the security group has no application code restrictions imposed on it, members of this security group have access to all charge codes. We recommend that you enable charge code rules for all security groups.
-
Click New.
-
Complete the fields in the Charge Code Rule window:
Field Description Type Define the type of charge code rule. You can restrict charge codes based on charge code category, client, or department. Value The value of the category, client, or department for the allowed charge code. Enabled To enable the charge code rule, select Yes. -
Click OK to add the charge code, or click Add to continue adding another rule.
-
Click OK.
See also: