Security Access Groups

A Security Access Group (SAG) enables you to restrict the visibility of objects in the AIM Dashboard. After you have created a SAG and associated it with an object, that object can only be seen by Users who have that SAG assigned to them, either directly or indirectly through a Role.

This section covers creating a SAG and assigning it to Users and Roles.

Note: You can create a SAG and associate it with object(s) directly when importing data, see Importing Data for more information.

Managing Security Access Groups

To see a list of existing SAGs:

1. In the Manager pane expand Users, Roles, Rights and Groups.

2. Select Manage Roles, Rights and Groups.

3. Select the Groups option.

   Note: There are no built-in SAGs.

To create a SAG:

4. Make sure the existing SAGs list is open.

5. Type the name of the new SAG in the Name box.

6. Select Create New.

To delete a SAG:

7. Make sure the existing SAGs list is open.

8. Select the SAG you want to delete.

9. Select Delete Existing.

Assigning Security Access Groups

A User can have a SAG assigned to them:

• directly, or

• indirectly, through a Role.

To assign a SAG directly to a User:

10. In the Manager pane expand Users, Roles, Rights and Groups.

11. Select Assign Roles, Rights and Groups.

12. Select the User from the Existing Users list (top-left).

13. Select a SAG from the All Existing Groups list (bottom-Center).

14. On the left side of the list select <-.

15. The SAG appears in the User's Total Groups list (bottom-left) , coloured green to show it has been directly assigned.

To assign a SAG to a Role:

16. In the Manager pane expand Users, Roles, Rights and Groups.

17. Select Assign Roles, Rights and Groups.

18. Select the Role from the All Existing Roles list (top-right).

19. Select a SAG from the All Existing Groups list (bottom-Center).

20. On the right side of the list select ->.

21. The SAG appears in the Role's Current Groups list (bottom-right).

22. All Users that have the Role assigned to them will now also have the SAG.

Viewing SAGs for Objects

To see existing SAGs for Objects:

23. In the Class Library pane expand the classes.

24. Select the class containing the object you are looking for.

25. In the Objects of Class pane, select the object.

26. In the Manager pane expand Security.

27. Select Security Access.

    The SAGs associated with the selected object and the Users who have access are shown. If more than one SAG is associated to the object, you can see which Users have access via which SAG.

To see Users that have access to the object via a specific SAG:

• Select the appropriate SAG.

  The list of Users having access to the object is updated.

  Note: After you have the Security Access tab open, selecting a different object in the Objects of Class pane, will show the details for that object.

  Associating Objects with SAGs

You can associate Objects with the SAG, using the Import Controller.

To associate Objects with SAG:

28. Create an XML file (For example, SAG_null.xml) in the following format:

    <?xml version="1.0" encoding="utf-8"?>

    <vl:VNETList xmlns:vl="http://www.aveva.com/VNET/List"

    xmlns="http://www.aveva.com/VNET/eiwm">

    <Template>

    <ID>SAG</ID>

    <Object>

    <ID>[Object ID] </ID>

    <Context>

    <ID>[Name of the Context]</ID>

    </Context>

    <ClassID>[Class ID of the Object]</ClassID>

    <Association type="is in security access group">

    <Object>

    <ID>[Name of the Security Access Group]</ID>

    <Context>

    <ID>[Name of the Context]</ID>

    </Context>

    <ClassID>SECURITY ACCESS GROUP</ClassID>

    </Object>

    </Association>

    </Object>

    <!-- More objects can be added to SAGs by using the <object> tag as shown above-->

    </Template>

    </vl:VNETList>

29. Replace the highlighted scripts with relevant values.

30. Save the script in the Staging Area.

31. Process the file, using the Import Controller.