Security Groups
Security Groups are the foundation of LMI’s role-based access control (RBAC) system. A security group defines a collection of permissions (roles) that can be assigned to users, controlling what features, pages, and actions they can access throughout the application.
Overview
Section titled “Overview”A security group record contains:
- Basic information - Group name and description
- Roles - Collection of permissions assigned to the group
- Members - Users assigned to this security group
- Access controls - Dashboard and dataset visibility restrictions
Accessing Security Groups
Section titled “Accessing Security Groups”Navigate to Settings > Administration > Security Groups from the sidebar.
Security Groups List
Section titled “Security Groups List”The Security Groups page displays all security groups in a searchable table.
Table Columns
Section titled “Table Columns”| Column | Description |
|---|---|
| Name | Security group name (click to edit) |
| Description | Brief description of the group’s purpose |
| Roles | Number of roles assigned to the group |
| Members | Number of users in the group (click to view) |
Search
Section titled “Search”Use the search box to find security groups by:
- Group name
- Description
The search performs partial matching across both fields.
Viewing Group Members
Section titled “Viewing Group Members”Click on the members badge to see all users assigned to a security group.
The members panel displays:
- User full name
- Quick access to user management
Adding a New Security Group
Section titled “Adding a New Security Group”- Click the Actions menu in the page header
- Select Add Security Group
- Fill in the required fields in the edit panel
- Configure role assignments
- Click Save to create the group
Editing a Security Group
Section titled “Editing a Security Group”Click on a security group name to open the edit panel.
Basic Information
Section titled “Basic Information”
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive name for the security group |
| Description | Yes | Explanation of the group’s purpose and intended members |
Role Assignments
Section titled “Role Assignments”Roles are organized into categories with toggleable switches for each permission.
| Category | Description |
|---|---|
| Accounts | Permissions to create and edit accounts |
| Administration | Access to admin module, security groups, user management, page editing |
| Analytics & Data | Access to analytics workspace, activity log, dashboards, chart management |
| Availability | Create and edit availability records |
| Bulk Email | Access to bulk email functionality |
| Configuration & Lookups | Reserved for lookup table configuration |
| Contacts | Create and edit contacts |
| Customers | Create and edit customers |
| Data & Integrations | Access to datasets, webhooks, workflows, adapters, external systems |
| Documents | Access, upload, and delete documents |
| Drivers | Create and edit driver/resource records |
| Financial | Access to payments, invoices, credit cards, ACH, dunning, payment tokens |
| Human Resources | Update expiration records |
| Leads | Create and edit leads |
| Locations | Create and edit locations |
| Maintenance | Access to data catalog pages (customers, orders, tanks, vehicles, etc.) |
| Mobile | Permissions for mobile app features across all modules |
| Operations | Access to operations module, dispatch planner, bobtail scheduling, service |
| Opportunities | Create and edit sales opportunities |
| Optimization | Create, run, and delete optimization scenarios |
| Orders | Create orders, edit orders, view revenue |
| Sales | Access to sales module, opportunities, leads, accounts, contacts pages |
| Sales Reps | Create and edit sales reps |
| Tanks | Create tanks, edit tanks, manage tank certifications |
| Task Management | Access to task admin, task types, statuses, labels |
| Vehicles | Create and edit vehicles |
Each category shows the count of assigned roles (e.g., “3 of 5 Roles”).
Common Role Examples
Section titled “Common Role Examples”Roles follow consistent naming patterns that indicate their purpose:
| Pattern | Example | Description |
|---|---|---|
*_MODULE | ANALYTICS_MODULE, OPERATIONS_MODULE, SALES_MODULE | Access to an entire application module |
*_PAGE | CUSTOMERS_PAGE, ORDERS_PAGE, TANKS_PAGE | Access to a specific page within a module |
CREATE_* | CREATE_ORDER, CREATE_CUSTOMERS, CREATE_TANKS | Permission to create new records |
EDIT_* | EDIT_ORDER, EDIT_CUSTOMERS, EDIT_TANKS | Permission to modify existing records |
DELETE_* | DELETE_DOCUMENTS, DELETE_SCENARIO | Permission to remove records |
MOBILE_* | MOBILE_DISPATCH, MOBILE_ORDERS, MOBILE_TANKS | Access to features in the mobile app |
Frequently Used Roles
Section titled “Frequently Used Roles”| Role | Description |
|---|---|
| ADMINISTRATION_PAGE | Access to the administration section |
| SECURITY_GROUPS | Manage security groups |
| USER_MANAGEMENT | Manage user accounts |
| MAINTENANCE_MODULE | Access to the data catalog (maintenance) module |
| CUSTOMERS_PAGE | Access to customers in the data catalog |
| ORDERS_PAGE | Access to orders in the data catalog |
| ANALYTICS_MODULE | Access to the analytics application |
| DASHBOARD | View and interact with dashboards |
| OPERATIONS_MODULE | Access to operations applications |
| DISPATCH_PLANNER | Access to the dispatch planning tool |
| FINANCIAL | Access to payments and billing features |
| TASK_MANAGEMENT | Access to task management module |
Security Group Relationships
Section titled “Security Group Relationships”Security groups connect users to permissions and control access to resources:
Security Group├── Users (many-to-many via assignment)│ └── Aggregated roles from all groups├── Dashboards (access control)│ └── Users can only see assigned dashboards├── Datasets (access control)│ └── Users can only see assigned datasets└── Clerk Authentication └── Roles synced to user metadataUser Assignments
Section titled “User Assignments”- Users can belong to multiple security groups
- A user’s effective permissions are the combination of all roles from all their groups
- When a security group’s roles are updated, all member users are automatically updated
Dashboard Access
Section titled “Dashboard Access”- Dashboards can be restricted to specific security groups
- Users only see dashboards accessible to their groups
- Security group assignments are configured when creating or editing a dashboard
- See Analytics for more details on dashboards
Dataset Access
Section titled “Dataset Access”- Datasets can be restricted to specific security groups
- Users only see datasets accessible to their groups
- Security group assignments are configured when creating or editing a dataset
- See Datasets for more details
Default Security Groups
Section titled “Default Security Groups”LMI includes pre-configured security groups to help you get started:
| Group | Purpose |
|---|---|
| Administrators | Elevated access to most features except billing; includes resource management, events, and availability |
| Billing Admins | Access to billing and payment features |
| Managers | Elevated access to scheduling features including resource management and availability |
| Schedulers | Access to basic scheduling features including events and availability |
| Viewers | Read-only access to view the system (no action permissions) |
Best Practices
Section titled “Best Practices”Designing Security Groups
Section titled “Designing Security Groups”- Create groups based on job functions rather than individual users
- Use descriptive names that clearly indicate the group’s purpose
- Write detailed descriptions explaining who should be in the group
- Start with the default groups and customize as needed
Managing Permissions
Section titled “Managing Permissions”- Follow the principle of least privilege - assign only necessary permissions
- Review role assignments periodically to ensure they remain appropriate
- Document any custom groups and their intended purposes
- Test permission changes with a non-admin account before rolling out
User Assignment Strategy
Section titled “User Assignment Strategy”- Assign users to groups based on their job responsibilities
- Use multiple groups for users who need permissions from different areas
- Remove users from groups promptly when their role changes
- Audit group memberships regularly
Access Control
Section titled “Access Control”- Use security groups to restrict dashboard access to relevant teams
- Restrict sensitive datasets to appropriate groups only
- Consider creating separate groups for different organizational units
Troubleshooting
Section titled “Troubleshooting”User cannot access a feature
Section titled “User cannot access a feature”- Verify the user is assigned to a security group with the required role
- Check that the security group has the specific permission enabled
- Ensure the user has refreshed their session after group changes
- Review the user’s effective permissions in User Accounts
Changes not taking effect
Section titled “Changes not taking effect”- Security group changes sync to Clerk automatically, but users may need to log out and back in
- Verify the save completed successfully (no error messages)
- Check that the correct roles were toggled in the edit panel
Cannot find a security group
Section titled “Cannot find a security group”- Use the search box to filter by name or description
- Verify you have permission to view security groups (SECURITY_GROUPS role)
- Check that you’re logged into the correct company account
Members count shows zero
Section titled “Members count shows zero”- This is normal for newly created groups
- Assign users to the group via User Accounts
- The count updates automatically when users are assigned