Security Groups

Security Groups are how you control who sees what in the platform. They are permission containers that connect people to the equipment and facilities they need to work with — giving every user access to exactly the right assets and systems, and nothing beyond that.

🧩 How Security Groups Work

The concept is straightforward: place a user in a Security Group, and they automatically gain access to every asset and system in that same group. There are no individual permission assignments, no complex access matrices — just logical grouping.

Every Security Group has three types of members:

Member Type	Description
Users	The people who need access
Assets	The equipment they can view and manage
Systems	The facilities or locations they can access

📌 The core rule: Everyone in a group can access everything in that group. Access is granted at the group level, not the individual record level.

Why This Matters

Challenge	How Security Groups Solve It
Multiple customers sharing one platform	One group per customer keeps data fully isolated
Regional teams with separate equipment	Groups scoped by geography keep each team focused
Large fleets to manage	Assign once to a group — no individual assignments needed
Growing business with changing access needs	Add or remove members from a group at any time

A Practical Example

Consider a Security Group named SG_Distributor_MidwestRegion:

SG_Distributor_MidwestRegion
├── 👤 Users
│   ├── Regional Account Manager
│   └── Field Service Technician
├── 🔩 Assets
│   ├── Centrifugal Pump Unit 4
│   └── Conveyor Drive Assembly
└── 🏗 Systems
    ├── Chicago Processing Plant
    └── Milwaukee Distribution Hub

Both users immediately gain access to both assets and both systems — no further configuration required.

📋 Security Groups List

The list view displays all Security Groups in your account.

List Columns

Column	Description
Name	The Security Group name
Action	🗑 Delete option

Available controls: Search by group name · Toggle between grid and list views · ➕ Add new group · Export Security Groups data

🔍 Security Group Detail View

Click any Security Group name to open its detail page, which contains three tabs.

Tab	What It Shows
Users	All users in the group — name, email, and date added
Assets	All assets in the group — name, serial number, owner, and model
Systems	All systems in the group — system ID, name, type, integrator, and status

➕ Creating a Security Group

Click + on the Security Groups list to begin. Creation takes two steps.

Step 1 — Name and Description

Provide a unique name and a brief description of the group's purpose.

⚠️ Non-obvious: Security Group names must be unique within your account. The platform will not allow duplicate names.

Recommended naming convention:

Prefix	Use For	Example
SG_Customer_	Customer-specific groups	SG_Customer_AcmeManufacturing
SG_Distributor_	Regional distributor groups	SG_Distributor_SoutheastRegion
SG_Internal_	Internal team groups	SG_Internal_SupportTeam

💡 A consistent naming convention becomes essential once you have many Security Groups. Establish your pattern before you scale.

Step 2 — Add Members via Transfer Lists

Three transfer lists are presented — one for Assets, one for Systems, and one for Users. Each list has two sides:

Side	Description
Choices (left)	All available items in your account, not yet in this group
Chosen (right)	Items selected for this Security Group

Select items from the left, move them to the right with the arrow control, and repeat for each category. To deselect, move items back from right to left.

📌 Administrator visibility note: Super Administrators see all users in the account. Administrators see all users except other Super Administrators.

✅ Result: The Security Group is created instantly. All added users immediately gain access to all added assets and systems.

✏️ Editing a Security Group

Open the Security Group from the list.
Click the EDIT button on the detail page.
Update the name or description if needed.
Use the same transfer lists to add or remove assets, systems, and users.
Submit to save.

⚠️ Non-obvious: Changes take effect immediately upon saving. Users gain or lose access the moment the update is confirmed.

When editing, the Choices list automatically excludes items already in the group, so you only see what is available to add — reducing clutter when managing large groups.

🗑️ Deleting a Security Group

Click the 🗑 delete icon on the Security Groups list row for the group you wish to remove.

What happens on deletion:

The Security Group is disabled and can no longer be assigned.
All users in the group immediately lose access to the associated assets and systems.
The users, assets, and systems themselves are not deleted — only the access relationships are removed.

⚠️ Non-obvious: Deletion cannot be undone. Verify that removing access for all members is intentional before proceeding. If in doubt, communicate the change to affected users in advance.

🏗️ Common Access Structures

By Customer (most common for multi-customer platforms)

One Security Group per customer ensures complete data isolation. No customer can view another's equipment or facilities.

SG_Customer_CompanyA
├── Users: CompanyA personnel
├── Assets: CompanyA equipment
└── Systems: CompanyA facilities

SG_Customer_CompanyB
├── Users: CompanyB personnel
├── Assets: CompanyB equipment
└── Systems: CompanyB facilities

By Geography (for regional operations)

One Security Group per territory keeps regional teams focused on their own equipment without visibility into other regions.

SG_Distributor_NortheastRegion
├── Users: Northeast distributor team
├── Assets: Northeast equipment
└── Systems: Northeast facilities

SG_Distributor_SouthwestRegion
├── Users: Southwest distributor team
├── Assets: Southwest equipment
└── Systems: Southwest facilities

Hybrid (for complex organizations)

Combine customer-facing and internal groups to give your support team full visibility while keeping customers isolated from each other.

SG_Customer_AcmeMfg_External
├── Users: Acme's own personnel
├── Assets: Acme's equipment
└── Systems: Acme's facilities

SG_Customer_AcmeMfg_Internal
├── Users: Your internal support staff
├── Assets: Acme's equipment
└── Systems: Acme's facilities

🔄 Common Workflows

Workflow 1 — Onboarding a New Customer

Click + to create a new Security Group.
Name it using the SG_Customer_ convention.
Add the customer's users in the Users transfer list.
Add the customer's assets in the Assets transfer list.
Add the customer's facilities in the Systems transfer list.
Save.

✅ Result: The customer's users immediately have access to their equipment and facilities — and nothing belonging to any other customer.

Workflow 2 — Removing Access When a User Leaves

Open the relevant Security Group.
Click EDIT.
In the Users transfer list, move the departing user from Chosen back to Choices.
Submit.

✅ Result: The user's access is revoked instantly across all assets and systems in the group.

Workflow 3 — Reassigning an Asset to a New Group

Open the Security Group that currently contains the asset.
Click EDIT and move the asset from Chosen back to Choices — then save.
Open the destination Security Group.
Click EDIT and move the asset from Choices to Chosen — then save.

✅ Result: The asset is accessible to the new group and removed from the old one. Historical data for the asset is preserved.

🗂️ Planning Your Security Group Structure

Before creating groups, consider how your business is organized. A few key questions to guide your structure:

Are you organized by customer, geography, or product line? The answer determines whether your primary grouping unit is a company, a region, or a product category.
What are your data isolation requirements? If customers must never see each other's data, one group per customer is non-negotiable.
Which internal teams need cross-customer visibility? Support and service teams typically need broader access — plan for a separate internal group structure rather than adding internal staff to every customer group.
What does compliance require? Export your Security Group list periodically and retain it as an access audit record.

✅ Best Practices

Apply the principle of least privilege. Add users only to the Security Groups they genuinely need. If a user works exclusively with one customer's equipment, do not include them in any other customer's group.
Establish a naming convention before you scale. A clear, consistent prefix system (SG_Customer_, SG_Distributor_, SG_Internal_) makes managing many groups significantly easier.
Review Security Groups monthly. Remove users who have left or changed roles, decommission groups containing no active members, and remove assets that have been retired.
Document your structure. Maintain a reference that describes the purpose of each Security Group, who should be in it, and what it should contain. This is invaluable when onboarding new administrators.
Test after major changes. After restructuring groups, verify access by reviewing the Users, Assets, and Systems tabs on the affected groups to confirm membership is correct.

🛠️ Troubleshooting

A user cannot see an asset they need access to

Work through this checklist in order:

Open the relevant Security Group and check the Users tab — confirm the user is listed.
Check the Assets tab — confirm the asset is in the same group.
Verify the group was saved after the last edit (check the group's current membership against what you intended).
If the issue persists, remove the user and re-add them, then save.

There are too many Security Groups to manage efficiently

Identify groups with no users — these can likely be deleted.
Identify groups with identical or overlapping membership — consider consolidating them.
Shift toward fewer, broader groups where data isolation requirements allow it.

Managing Security Groups is taking too much time

Use the search function within transfer lists rather than scrolling through large lists.
Select multiple items at once instead of moving them individually.
Build a standard checklist for common setups such as new customer onboarding, so the process is consistent and fast.

💡 Tips & Shortcuts

Tip	How
Find a group quickly	Use the search bar on the Security Groups list
Bulk select in transfer lists	Select multiple items at once — no need to move them one by one
Search within transfer lists	Use the search box inside a transfer list when the list is long
Audit access	Use the export feature to generate a record of all Security Groups and their members
Track your changes	Note why you created or modified a group — the reason may not be obvious later

🧩 How Security Groups Work​

Why This Matters​

A Practical Example​

📋 Security Groups List​

List Columns​

🔍 Security Group Detail View​

➕ Creating a Security Group​

Step 1 — Name and Description​

Step 2 — Add Members via Transfer Lists​

✏️ Editing a Security Group​

🗑️ Deleting a Security Group​

🏗️ Common Access Structures​

By Customer (most common for multi-customer platforms)​

By Geography (for regional operations)​

Hybrid (for complex organizations)​

🔄 Common Workflows​

Workflow 1 — Onboarding a New Customer​

Workflow 2 — Removing Access When a User Leaves​

Workflow 3 — Reassigning an Asset to a New Group​

🗂️ Planning Your Security Group Structure​

✅ Best Practices​

🛠️ Troubleshooting​

A user cannot see an asset they need access to​

There are too many Security Groups to manage efficiently​

Managing Security Groups is taking too much time​

💡 Tips & Shortcuts​