Security Groups
Security Groups are the foundation of LMI’s role-based access control (RBAC) system. A security group defines a collection of permissions (roles) that can be assigned to users, controlling what features, pages, and actions they can access throughout the application.
Overview
A security group record contains:
- Basic information - Group name and description
- Roles - Collection of permissions assigned to the group
- Members - Users assigned to this security group
- Access controls - Dashboard and dataset visibility restrictions
Accessing Security Groups
Navigate to Settings > Administration > Security Groups from the sidebar.
Security Groups List
The Security Groups page displays all security groups in a searchable table.
Table Columns
| Column | Description |
|---|---|
| Name | Security group name (click to edit) |
| Description | Brief description of the group’s purpose |
| Roles | Number of roles assigned to the group |
| Members | Number of users in the group (click to view) |
Search
Use the search box to find security groups by:
- Group name
- Description
The search performs partial matching across both fields.
Viewing Group Members
Click on the members badge to see all users assigned to a security group.
The members panel displays:
- User full name
- Quick access to user management
Adding a New Security Group
- Click the Actions menu in the page header
- Select Add Security Group
- Fill in the required fields in the edit panel
- Configure role assignments
- Click Save to create the group
Editing a Security Group
Click on a security group name to open the edit panel.
Basic Information
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive name for the security group |
| Description | Yes | Explanation of the group’s purpose and intended members |
Role Assignments
Roles are organized into categories with toggleable switches for each permission.
| Category | Description |
|---|---|
| Administration | Access to security groups, user management, and page editing |
| Maintenance | Access to data catalog pages (customers, orders, tanks, etc.) |
| Analytics & Data | Access to analytics module, dashboards, and activity logs |
| Financial | Access to payments, invoices, credit card, and ACH modules |
| Operations | Access to dispatch planner and service modules |
| Mobile | Permissions for mobile app features |
| Data & Integrations | Access to datasets, workflows, and webhooks |
Each category shows the count of assigned roles (e.g., “3 of 5 Roles”).
Common Role Examples
| Role | Description |
|---|---|
| ADMINISTRATION_PAGE | Access to the administration section |
| SECURITY_GROUPS | Manage security groups |
| USER_MANAGEMENT | Manage user accounts |
| CUSTOMERS_PAGE | Access to customers in the data catalog |
| ORDERS_PAGE | Access to orders in the data catalog |
| ANALYTICS_MODULE | Access to the analytics application |
| DASHBOARD | View and interact with dashboards |
| OPERATIONS_MODULE | Access to operations applications |
| DISPATCH_PLANNER | Access to the dispatch planning tool |
Security Group Relationships
Security groups connect users to permissions and control access to resources:
Security Group├── Users (many-to-many via assignment)│ └── Aggregated roles from all groups├── Dashboards (access control)│ └── Users can only see assigned dashboards├── Datasets (access control)│ └── Users can only see assigned datasets└── Clerk Authentication └── Roles synced to user metadataUser Assignments
- Users can belong to multiple security groups
- A user’s effective permissions are the combination of all roles from all their groups
- When a security group’s roles are updated, all member users are automatically updated
Dashboard Access
- Dashboards can be restricted to specific security groups
- Users only see dashboards accessible to their groups
- See Datasets for more details
Dataset Access
- Datasets can be restricted to specific security groups
- Users only see datasets accessible to their groups
- See Datasets for more details
Default Security Groups
LMI includes pre-configured security groups to help you get started:
| Group | Purpose |
|---|---|
| Administrators | Full access to all features and settings |
| Billing Admins | Access to financial and billing features |
| Managers | Access to operations and reporting features |
| Schedulers | Access to dispatch planning and scheduling |
| Viewers | Read-only access to data and reports |
Best Practices
Designing Security Groups
- Create groups based on job functions rather than individual users
- Use descriptive names that clearly indicate the group’s purpose
- Write detailed descriptions explaining who should be in the group
- Start with the default groups and customize as needed
Managing Permissions
- Follow the principle of least privilege - assign only necessary permissions
- Review role assignments periodically to ensure they remain appropriate
- Document any custom groups and their intended purposes
- Test permission changes with a non-admin account before rolling out
User Assignment Strategy
- Assign users to groups based on their job responsibilities
- Use multiple groups for users who need permissions from different areas
- Remove users from groups promptly when their role changes
- Audit group memberships regularly
Access Control
- Use security groups to restrict dashboard access to relevant teams
- Restrict sensitive datasets to appropriate groups only
- Consider creating separate groups for different organizational units
Troubleshooting
User cannot access a feature
- Verify the user is assigned to a security group with the required role
- Check that the security group has the specific permission enabled
- Ensure the user has refreshed their session after group changes
- Review the user’s effective permissions in User Accounts
Changes not taking effect
- Security group changes sync to Clerk automatically, but users may need to log out and back in
- Verify the save completed successfully (no error messages)
- Check that the correct roles were toggled in the edit panel
Cannot find a security group
- Use the search box to filter by name or description
- Verify you have permission to view security groups (SECURITY_GROUPS role)
- Check that you’re logged into the correct company account
Members count shows zero
- This is normal for newly created groups
- Assign users to the group via User Accounts
- The count updates automatically when users are assigned