User Guide | 2019.2

Managing security groups

Helix ALM uses security groups to control user access to project data and actions. Security groups have two levels of security you can set:

  • Command security limits the actions users can perform. See Command security.
  • Field security limits the information users can view and change in items and workflow events. See Field security.

Users must be assigned to a security group before they can work in a project. To view and manage security groups, choose View > Security Groups. See Using the Security Groups list window.

When setting up new projects, carefully consider the types of users, actions they need to perform, and information they need to access. This can help you identify how to set up the groups and establish a security structure that best fits your team's needs. You can add multiple groups to provide the appropriate level of security for different types of users based on their roles and responsibilities. Users can be in multiple security groups. If any group a user is in gives permission to perform an action through command security or work with fields through field security, then the user has permission. See Adding security groups.

Note:  An Administration group is automatically created in new projects. Because this group has access to most commands, only add high-level users responsible for managing the project to it. You can rename this group or delete it if you add your user record to another group with the Edit Security Groups and See Security Tabs commands enabled.

Example

You can create groups with different levels of security that incrementally provide access to more actions based on team hierarchy.

Group name Security level Access to:
Level 1 Low View items only
Level 2 Medium View and add items
Level 3 High View, add, and edit items
Level 4 Highest View, add, edit, and delete items and perform administrative tasks

As an alternative, you can use the same structure to provide access to actions and name groups based on role.

Group name Security level Access to:
Technical Writers Low View items only
Engineers Medium View and add items
QA Testers High View, add, and edit items
Managers Highest View, add, edit, and delete items and perform administrative tasks

Tip:  See the Security Best Practices for recommendations about user, database, and server management to keep data secure.