Roles

About Roles

Roles can be associated with numerous Security Groups. When a Security Role is assigned to a Security User, the user is granted all the privileges that have been granted to the Security Groups associated with the Security Role. Assigning Security Roles to Security Users is an efficient way to provide data permissions to the users that they will need to execute tasks in GE Digital APM.

Note: Regardless of the Security Group membership, Super Users have access to all the GE Digital APM features and functionalities.

Important: To avoid granting unintended privileges to a Security User, before assigning a Security User to a Security Role, make sure that you review all the privileges granted to the Security Groups that are assigned to the Security Role. Additional Security Roles, as well as Security Groups assigned to existing Security Roles, can be added via Security Manager.

The following table lists the baseline Security Roles available for the users within GE Digital APM, the baseline Security Groups assigned to each Security Role, and the privileges associated with each Security Role.

Role	Group	Role Privileges
MI Analytics Administrator	MI Cognitive Administrator	The users can view, create, update, and delete cognitions, cognition-related logs, and standard lists.
MI Analytics Power	MI Cognitive User	The users can: View, create, update, and delete cognitions. View the cognition-related logs and standard lists.
MI APMNow Admin	MI APMNow Admin	The users can access Tools and certain administrative features .
	MI Metrics Administrator
	MI Policy Designer
MI APM Viewer	MI ACA Member	The users have the view privileges for most of the GE Digital APM records.
	MI AHI Viewer
	MI AMS Asset Portal Viewer
	MI ASI Viewer
	MI ASM Viewer
	MI Calibration Viewer
	MI eLog Viewer
	MI GAA Viewer
	MI GE Viewer
	MI Hazards Viewer
	MI Inspection Viewer
	MI LCC Viewer
	MI Metrics Viewer
	MI MOC Viewer
	MI Policy Viewer
	MI PROACT Viewer
	MI Production Loss Accounting Manager
	MI RBI Viewer
	MI RCM Viewer
	MI Reliability Viewer
	MI Rounds Designer Viewer
	MI SIS Viewer
	MI Thickness Monitoring Viewer
MI Data Loader Admin	MI Calibration Administrator	The users have all the privileges applicable to the users assigned to the MI Data Loader User role. Additionally, the users can delete the data load configuration records and interface log records. To use a data loader specific to a module, the users need additional permissions specific to that module. For more information, refer to the appropriate Mappings documentation.
	MI CMMS Interface Admin
	MI Site Reference User
MI Data Loader User	MI Calibration User	The users can access to the Data Loaders feature, and can view, update, and create data load configuration records and interface log records. To use a data loader specific to a module, the users need additional permissions specific to that module. For more information, refer to the appropriate Requirements Mappings documentation.
	MI CMMS Interface User
	MI Site Reference User
MI FE Administrator	MI GAA Administrator	The users have all the privileges applicable to the users assigned to the MI FE PowerUser role. Additionally, the users have administrative privileges for the Generation Availability Analysis, Root Cause Analysis, Production Loss Analysis, and Reliability Analytics features.
	MI Policy Designer
	MI Policy User
	MI Policy Viewer
	MI PROACT Administrator
	MI PROACT Team Member
	MI Production Loss Accounting Administrator
	MI Production Loss Accounting Manager
	MI Production Loss Accounting User
	MI PROACT Viewer
	MI Production Loss Accounting Service
	MI Reliability Administrator
	MI Reliability User
	MI Reliability Viewer
MI FE PowerUser	MI GAA Analyst	The users have all the privileges applicable to the users assigned to the MI FE User role. Additionally, the users can: Create, update, and delete Root Cause Analyses, Production Plans, Production Events, Production Losses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules. Update Production Data and link Production Events to Root Cause Analyses. Create and update GAA Events and GAA Performance records.
	MI Policy User
	MI Policy Viewer
	MI PROACT Team Member
	MI Production Loss Accounting Manager
	MI Production Loss Accounting User
	MI PROACT Viewer
	MI RCM Viewer
	MI Reliability User
	MI Reliability Viewer
MI FE User	MI GAA Analyst	The users can access the GAA Company, GAA Plants, GAA Units, GAA Events, GAA Performance records, Root Cause Analyses, Production Loss Analyses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules features.
	MI GAA Viewer
	MI Policy User
	MI Policy Viewer
	MI PROACT Team Member
	MI Production Loss Accounting User
	MI PROACT Viewer
	MI RCM Viewer
	MI Reliability User
	MI Reliability Viewer
MI Foundation Admin	Everyone	The users have all the privileges applicable to the users assigned to the MI Foundation Power role. Additionally, the users can configure mappings for the devices and view the SAP System records. In addition, the users have administrative privileges for the Catalog, Tasks, and ACA records features.
	MI Devices Power Users
	MI Devices Administrators
	MI Devices Users
	MI Recommendation Management User
	MI Task Manager User
	MI Task Manager Administrator
	MI Site Reference Administrator
	MI Site Reference User
	MI ACA Administrator
	MI ACA Member
	MI ACA Owner
	MI SAP Interface User
	MI Configuration Role
	MI Security Role
	MI Catalog Administrator
	MI Metrics Administrator
	MI Policy Administrators
	MI eLog Administator
	MI eLog Contributor
	MI eLog Viewer
MI Foundation Power	Everyone	The users have all the privileges applicable to the users assigned to the MI Foundation User role. Additionally, the users can: Save data from the devices in the GE Digital APM database. Create and manage the Site Reference records. Update, add, and delete the ACA records. View the SAP System records. Add the users to the states. Remove the users from the states.
	MI Devices Power Users
	MI Devices Users
	MI Recommendation Management User
	MI Task Manager User
	MI Site Reference User
	MI Policy Designer
	MI ACA Member
	MI ACA Owner
	MI SAP Interface User
	MI Power User Role
	MI Metrics User
	MI eLog Contributor
	MI eLog Viewer
MI Foundation User	Everyone	The users can: Send and receive data from the devices. Create and manage the recommendations Create and update the tasks. View and create the ACA records. View the KPIs, Scorecards, and Metric Views. View the SAP System records.
	MI Devices Power Users
	MI Devices Users
	MI Recommendation Management User
	MI Task Manager User
	MI ACA Member
	MI Policy User
	MI ACA Owner
	MI Metrics User
	MI SAP Interface User
	MI eLog Contributor
	MI eLog Viewer
MI Health Admin	MAPM Security Group	The users have all the privileges applicable to the users assigned to the MI Health Power role. Additionally, the users can access the Rounds, Asset Health Manager, Process Data Integration, AMS Analytics, and GE Analytics features.
	MI AHI Administrator
	MI AMS Suite APM Administrator
	MI GE Administrator
	MI Lubrication Management Administrator
	MI Lubrication Management User
	MI Operator Rounds Administrator
	MI Operator Rounds Mobile User
	MI Policy Administrator
	MI Policy Designer
	MI Process Data Integration Administrator
MI Health Power	MI AMS Suite APM Power User	The users have all the privileges applicable to the users assigned to the MI Health User role. Additionally, the users can create, update, and delete policies, policy instances, policy recommendations, and health indicator values.
	MI Operator Rounds Mobile User
	MAPM Security Group
	MI AHI User
	MI Policy Designer
	MI Process Data Integration User
	MI GE User
	MI Lubrication Management User
MI Health User	MI AMS Suite APM User	The users can: Access the Rounds Data Collection mobile features. Create recommendations and acknowledge heath indicators in Asset Health Manager. View policy data. Create policy instances in Policy Designer. View GE and AMS Analytics data. Create and modify AMS Asset recommendations.
	MI Operator Rounds Mobile User
	MAPM Security Group
	MI AHI User
	MI Policy User
	MI Process Data Integration User
	MI GE User
MI Mechanical Integrity Administrator	Criticality Calculator	The users have all the privileges applicable to the users assigned to the MI Mechanical Integrity Power role. Additionally, the users have the administrative privileges for the Thickness Monitoring and RBI features and can access the RBI data mapping and reference tables.
	MI Inspection
	MI Policy Viewer
	MI RBI Administrator
	MI RBI Analyst
	MI RBI Calculation Policy Viewer
	MI RBI Recommendation Policy Viewer
	MI RBI Risk Mapping Policy Viewer
	MI Thickness Monitoring Administrator
	MI Thickness Monitoring Inspector
	MI Thickness Monitoring User
MI Mechanical Integrity Power	Criticality Calculator	The users have all the privileges applicable to the users assigned to the MI Mechanical Integrity User role. Additionally, the users can access the criticality calculator family and RBI features (except data mapping). The users have the view privileges for all the RBI families.
	MI Inspection
	MI Policy Viewer
	MI RBI Analyst
	MI RBI Calculation Policy Viewer
	MI RBI Recommendation Policy Viewer
	MI RBI Risk Mapping Policy Viewer
	MI Thickness Monitoring Inspector
	MI Thickness Monitoring User
MI Mechanical Integrity User	MI Inspection	The users can access the T-Min Calculator, Archive Corrosion Rates, Exclude TMLs, and Renew TMLs features. Additionally, the users have basic access to the Inspection and Thickness Monitoring features.
	MI Thickness Monitoring Inspector
	MI Thickness Monitoring User
MI Mechanical Integrity Viewer	MI Inspection Viewer	The users have view privileges to all the families used in Risk Based Inspection, Thickness Monitoring, and Inspection Management.
	MI RBI Viewer
	MI Thickness Monitoring Viewer
MI Safety Admin	MI Calibration User	The users have all the privileges applicable to the users assigned to the MI Safety Power role. Additionally, the users can create, modify, and delete all the records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management.
	MI Calibration Administrator
	MI Calibration Viewer
	MI HA Administrator
	MI HA Facilitator
	MI HA Member
	MI HA Owner
	MI Hazards Viewer
	MI MOC Administrator
	MI MOC Viewer
	MI SIS Administrator
	MI SIS Engineer
	MI SIS User
	MI SIS Viewer
MI Safety Power	MI Calibration User	The user can access the following records: Initiating Event Consequence Adjustment Probabilities IPL Checklist Active IPL Passive IPL Human IPL Asset Safety Preferences Additionally, the users have all the privileges applicable to the users assigned to the MI Safety User role, and can create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, and SIS Management.
	MI Calibration Viewer
	MI HA Facilitator
	MI HA Member
	MI HA Owner
	MI Hazards Viewer
	MI MOC Approver
	MI MOC Viewer
	MI SIS Engineer
	MI SIS User
	MI SIS Viewer
MI Safety User	MI Calibration User	The users can access the Recommendations, Calibration Templates, Risk Threshold records, Protective Instrument Loops, SIL Assessments, and SIL Threshold records features. Additionally, the users can access, create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management. In MOC, the users can access, create, modify, and delete General Recommendations.
	MI Calibration Viewer
	MI HA Facilitator
	MI HA Member
	MI Hazards Viewer
	MI MOC User
	MI MOC Viewer
	MI SIS Engineer
	MI SIS User
	MI SIS Viewer
MI Strategy Admin	MI AHI Administrator	The users have all the privileges applicable to the users assigned to the MI Strategy Power role. Additionally, the users have administrative privileges for the Reliability Centered Maintenance, Failure Modes and Effects Analysis, Asset Strategy Implementation, and Life Cycle Cost Analysis features.
	MI AHI User
	MI ASI Administrator
	MI ASI User
	MI ASI Viewer
	MI ASM Administrator
	MI ASM Analyst
	MI ASM Reviewer
	MI ASM Viewer
	MI Calibration User
	MI Calibration Viewer
	MI Inspection
	MI LCC Administrator
	MI LCC User
	MI LCC Viewer
	MI Lubrication Management Administrator
	MI Operator Rounds Administrator
	MI RBI Analyst
	MI RCM Administrator
	MI RCM User
	MI RCM Viewer
	MI SIS User
MI Strategy Power	MI AHI Administrator	The users have all the privileges applicable to the users assigned to the MI Strategy User role, and the administrative privileges for the Asset Health Manager feature.
	MI AHI User
	MI ASI User
	MI ASI Viewer
	MI ASM Analyst
	MI ASM Reviewer
	MI ASM Viewer
	MI Calibration User
	MI Calibration Viewer
	MI Inspection
	MI LCC User
	MI LCC Viewer
	MI Lubrication Management Administrator
	MI Operator Rounds Administrator
	MI RBI Analyst
	MI RCM User
	MI RCM Viewer
	MI SIS User
MI Strategy User	MI AHI User	The users have the view, create, update, and delete privileges for the Reliability Centered Maintenance, Failure Modes and Effect Analysis, Asset Strategy Implementation, Asset Strategy Management, and Life Cycle Cost Analysis features. Additionally, the users have the administrative privileges for Rounds feature, and view privileges for Asset Health Manager and Calibration Management features.
	MI ASI User
	MI ASI Viewer
	MI ASM Analyst
	MI ASM Viewer
	MI Calibration Viewer
	MI Inspection
	MI LCC User
	MI LCC Viewer
	MI Lubrication Management Administrator
	MI Operator Rounds Administrator
	MI RCM User
	MI RCM Viewer
	MI SIS User

About Administrative Feature Access for the MI APMNow Admin Security Role

The following table describes the administrative features accessible to users associated with the MI APMNow Admin Security Role. To access additional administrative features available in APM Now, users must be associated with additional Security Roles.

Admin Module	Admin Feature	MI APMNow Admin Access?
Application Settings	Metrics and Scorecards	Yes
Configuration Manager	Content Change Management	No
	Content Validation	No
	Export	No
	Family Management	Yes
	Import	No
	Manage Translations	No
	Sites	Yes
	System Codes and Tables	Yes
	Units of Measure and Conversions	Yes
Operations Manager	Activate Licenses	No
	APM Connect Configuration	No
	APM Connect EAM Jobs	Yes
	APM System Monitoring	Yes
	Asset Hierarchy Configuration	Yes
	Connections	No
	Data Sources	No
	Email Settings	No
	GIS Configuration	No
	Help Configuration	No
	Host Names	No
	Monitoring	No
	Query Timeouts	Yes
	Reference Document Server Credentials	No
	Risk Matrix	Yes
	Schedule Logs	Yes
	Search Configuration	No
	SQL Server Reporting Services	No
	Strategy Macros	Yes
	Systems and Tags	No
Security Manager	Data Permissions	No
	Groups	No
	LDAP	No
	Password Policy	No
	Roles	No
	Users	No
	User Defaults	No

The following table describes the baseline privileges related to Configuration Manager features that are granted to members of the MI APMNow Admin Security Role. Family Management features not listed in the table below are not accessible.

Configuration Manager Feature	Privileges	Notes
Associated Pages	Add, Edit, or Delete	None
Datasheet	Add, Edit, or Delete	None
Family Reports	Add, Edit, or Delete	There is no edit function that you can perform on this feature, but you can mark a report as default.
Field	Edit	None
Field Behavior	Edit	None
Family Policies	Add, Edit, or Delete	None
State Configuration	Add, Edit, or Delete	None
System Codes and Tables	Add, Edit, or Delete	None
Units of Measure and Conversions	Add, Edit, or Delete	None

Access the Security Roles Page

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.

The Security Roles page appears.

Create a Security Role

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select .
The New Role workspace appears, displaying a blank Security Role form.
-or-
If you want to create a new subgroup, in the left pane, select the Security Role to which you want to add the subgroup, and then select New Role.
The New Role workspace appears, displaying a blank Security Role form.
As needed, enter values in the available fields.
Select .
The Security Role is saved.

What To Do Next

Assign Security Users to Roles.

Security Role Records

Security Role records contain information related to each unique Security Role in GE Digital APM. This topic provides an alphabetical list and description of the fields that exist for the Security Role family. The information in the table reflects the baseline state and behavior of these fields.

Field	Data Type	Description	Behavior and Usage
Caption	Character	A title or explanation that identifies the Security Role. A property that specifies how the Security Role is labeled throughout the software interface. Note that most captions can be localized.	This field is required. You can enter text to define this value manually.
Description	Character	A detailed description of the Security Role	This field is optional. You can enter text to define this value manually.
ID	Character	The ID for the Security Role	This field is required. You can enter text to define this value manually.

Assign Security Users to Roles

Before You Begin

About This Task

This topic describes how to assign multiple Security Users to a Security Role on the Security Roles page. You can also assign multiple Security Roles to a Security User on the Security Users page.

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role that you want to assign to the Security User.
The workspace for the selected Security Role appears.
In the Security Users section, select .
The Assign Users window appears, displaying the available users.
Beside each Security User that you want to assign the to the Security Role, select the check box.
Select .
The updated Security Role properties are saved.

Remove Security Users from Roles

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role from which you want to remove Security Users.
The workspace for the selected Security Role appears.
In the Security Users section, beside each Security User that you want to remove, select the check box.
Select .
The selected Security Users are removed.
Select .
The updated Security Roles properties are saved.

Assign Security Groups to Security Roles

Before You Begin

About This Task

This topic describes how to assign multiple Security Groups to a Security Role on the Security Roles page. You can also assign multiple Security Roles to a Security Group on the Security Groups page.

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role that you want to add to the Security Group.
The workspace for the selected Security Role appears.
In the Security Group section, select .
The Assign Groups window appears.
Beside each Security Group that you want to assign the to the Security Role, select the check box.
Select .
The updated Security Role properties are saved.

Remove Security Groups from Roles

Procedure

In the module navigation menu, select Admin > Security Manager > Roles.
In the left pane, select the Security Role for which you want to remove the Security Group.
The workspace for the selected Security Role appears.
In the Security Groups section, beside each Security Group that you want to remove, select the check box.
Select .
The Security Groups are removed.
Select .
The updated Security Roles properties are saved.