Security Groups
Security Groups are the foundation of LMI’s role-based access control (RBAC) system. A security group defines a collection of permissions (roles) that can be assigned to users, controlling what features, pages, and actions they can access throughout the application.
Overview
Section titled “Overview”A security group record contains:
- Basic information - Group name and description
- Roles - Collection of permissions assigned to the group
- Members - Users assigned to this security group
- Access controls - Dashboard and dataset visibility restrictions
Accessing Security Groups
Section titled “Accessing Security Groups”Navigate to Settings > Administration > Security Groups from the sidebar.
Security Groups List
Section titled “Security Groups List”The Security Groups page displays all security groups in a searchable table.
Table Columns
Section titled “Table Columns”| Column | Description |
|---|---|
| Name | Security group name (click to edit) |
| Description | Brief description of the group’s purpose |
| Roles | Number of roles assigned to the group |
| Members | Number of users in the group (click to view) |
Search
Section titled “Search”Use the search box to find security groups by:
- Group name
- Description
The search performs partial matching across both fields.
Viewing Group Members
Section titled “Viewing Group Members”Click on the members badge to see all users assigned to a security group.
The members panel displays:
- User full name
- Quick access to user management
Adding a New Security Group
Section titled “Adding a New Security Group”- Click the Actions menu in the page header
- Select Add Security Group
- Fill in the required fields in the edit panel
- Configure role assignments
- Click Save to create the group
Editing a Security Group
Section titled “Editing a Security Group”Click on a security group name to open the edit panel.
Basic Information
Section titled “Basic Information”
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive name for the security group |
| Description | Yes | Explanation of the group’s purpose and intended members |
Role Assignments
Section titled “Role Assignments”Roles are organized into categories with toggleable switches for each permission.
| Category | Description |
|---|---|
| Administration | Access to security groups, user management, and page editing |
| Maintenance | Access to data catalog pages (customers, orders, tanks, etc.) |
| Analytics & Data | Access to analytics module, dashboards, and activity logs |
| Financial | Access to payments, invoices, credit card, and ACH modules |
| Operations | Access to dispatch planner and service modules |
| Mobile | Permissions for mobile app features |
| Data & Integrations | Access to datasets, workflows, and webhooks |
Each category shows the count of assigned roles (e.g., “3 of 5 Roles”).
Common Role Examples
Section titled “Common Role Examples”| Role | Description |
|---|---|
| ADMINISTRATION_PAGE | Access to the administration section |
| SECURITY_GROUPS | Manage security groups |
| USER_MANAGEMENT | Manage user accounts |
| CUSTOMERS_PAGE | Access to customers in the data catalog |
| ORDERS_PAGE | Access to orders in the data catalog |
| ANALYTICS_MODULE | Access to the analytics application |
| DASHBOARD | View and interact with dashboards |
| OPERATIONS_MODULE | Access to operations applications |
| DISPATCH_PLANNER | Access to the dispatch planning tool |
Security Group Relationships
Section titled “Security Group Relationships”Security groups connect users to permissions and control access to resources:
Security Group├── Users (many-to-many via assignment)│ └── Aggregated roles from all groups├── Dashboards (access control)│ └── Users can only see assigned dashboards├── Datasets (access control)│ └── Users can only see assigned datasets└── Clerk Authentication └── Roles synced to user metadataUser Assignments
Section titled “User Assignments”- Users can belong to multiple security groups
- A user’s effective permissions are the combination of all roles from all their groups
- When a security group’s roles are updated, all member users are automatically updated
Dashboard Access
Section titled “Dashboard Access”- Dashboards can be restricted to specific security groups
- Users only see dashboards accessible to their groups
- See Datasets for more details
Dataset Access
Section titled “Dataset Access”- Datasets can be restricted to specific security groups
- Users only see datasets accessible to their groups
- See Datasets for more details
Default Security Groups
Section titled “Default Security Groups”LMI includes pre-configured security groups to help you get started:
| Group | Purpose |
|---|---|
| Administrators | Full access to all features and settings |
| Billing Admins | Access to financial and billing features |
| Managers | Access to operations and reporting features |
| Schedulers | Access to dispatch planning and scheduling |
| Viewers | Read-only access to data and reports |
Best Practices
Section titled “Best Practices”Designing Security Groups
Section titled “Designing Security Groups”- Create groups based on job functions rather than individual users
- Use descriptive names that clearly indicate the group’s purpose
- Write detailed descriptions explaining who should be in the group
- Start with the default groups and customize as needed
Managing Permissions
Section titled “Managing Permissions”- Follow the principle of least privilege - assign only necessary permissions
- Review role assignments periodically to ensure they remain appropriate
- Document any custom groups and their intended purposes
- Test permission changes with a non-admin account before rolling out
User Assignment Strategy
Section titled “User Assignment Strategy”- Assign users to groups based on their job responsibilities
- Use multiple groups for users who need permissions from different areas
- Remove users from groups promptly when their role changes
- Audit group memberships regularly
Access Control
Section titled “Access Control”- Use security groups to restrict dashboard access to relevant teams
- Restrict sensitive datasets to appropriate groups only
- Consider creating separate groups for different organizational units
Troubleshooting
Section titled “Troubleshooting”User cannot access a feature
Section titled “User cannot access a feature”- Verify the user is assigned to a security group with the required role
- Check that the security group has the specific permission enabled
- Ensure the user has refreshed their session after group changes
- Review the user’s effective permissions in User Accounts
Changes not taking effect
Section titled “Changes not taking effect”- Security group changes sync to Clerk automatically, but users may need to log out and back in
- Verify the save completed successfully (no error messages)
- Check that the correct roles were toggled in the edit panel
Cannot find a security group
Section titled “Cannot find a security group”- Use the search box to filter by name or description
- Verify you have permission to view security groups (SECURITY_GROUPS role)
- Check that you’re logged into the correct company account
Members count shows zero
Section titled “Members count shows zero”- This is normal for newly created groups
- Assign users to the group via User Accounts
- The count updates automatically when users are assigned