User Groups

Required OT Security User Role: EM Administrator

Use the User Groups page to view the list of users assigned to the EM Level and ICP Level User Groups. An administrator can create new user groups and edit existing groups. For more information about assigning users to a user group, see Add a Local User.

The User Groups table includes the following:

Column	Description
Name	The type of user group: EM Level and ICP Level.
Members	The user account assigned to the EM level and ICP level user group.
Role	The role assigned to the user account: EM Administrator EM Read Only ICP Administrator ICP Supervisor ICP Security Manager ICP Security Analyst

Column

Description

Name

The type of user group: EM Level and ICP Level.

Members

The user account assigned to the EM level and ICP level user group.

Role

The role assigned to the user account:

EM Administrator
EM Read Only
ICP Administrator
ICP Supervisor
ICP Security Manager
ICP Security Analyst

You can perform the following on the User Groups page:

Create an ICP-Access User Group

You can create an ICP-Access User Group to allow per-ICP permissions. These EM user groups are automatically and consistently synchronized with the linked ICP user groups, ensuring the EM user has the exact role and zone visibility defined at the ICP level.

This allows you to define specific roles per ICP, for instance, Supervisor on ICP A, Read-Only on ICP B, and no access to ICP C.

Creating ICP-Access user groups enables you to do the following:

Assign OT Security EM users to specific ICPs using EM user groups.
Inherit ICP-level roles and zone visibility without duplicate configuration.
Restrict access so that users can only view ICPs or zones for which they have authorization.
Improve security separation and limit the exposure of sensitive site information.

To create an ICP-Access User Group:

In the upper-right corner, click Create ICP-Access User Group.

The Create Site-Access User Group panel appears with the Group Details section.
In the Name box, type a name for the user group.
In the Local Members drop-down box, select one or several users you want to add to this group.
In the Authentication Servers box, select one or more servers you want to use for authentication.
Click Next.

The Group Access section appears.
Search for and select the site-level user permissions you want to assign to the group. For more information about customizing the table, see Customize Tables.
Click Create Group.

OT Security EM creates the group.

Edit an ICP-Access User Group

You can modify the settings for a user group as required.

To edit an Site-Access user group:

In the User Groups table, select a Site-Access user group to edit.

OT Security EM enables the Actions button.
Click Actions and select Edit.

The Edit Site-Access User Group panel appears.
Modify the settings as needed.
Click Next.

The Group Access panel appears.
Select or deselect site level group permissions as required.
Click Create Group.

OT Security EM saves the modified user group.

Delete an ICP-Access User Group

You can delete a site-access user group you no longer need.

In the User Groups table, select a Site-Access user group to delete.

OT Security EM enables the Actions button.
Click Actions and select Delete.

OT Security EM prompts you to confirm the deletion.
Click Delete.

OT Security EM deletes the site-access user group.