How do I manage security groups?

In this article, you will learn how to mange the EPM Live Groups.  To meet the needs of the organization, many options are available for customizing Groups. For example, create a new Group or customize an existing one to include custom Permission Levels as desired.

If the organization has people who should all have the same permissions on one or more securable object(s), consider creating a Group for them. For example, create a new Group for analysts called Analysts.  Then, you would appoint the Permission Level that all the users in the Analysts Group will share.

1. Navigate to SharePoint Site Settings

  1. Select the Settings Gear icon on the Icon Bar.
  2. Under the Settings heading, select SharePoint Site Settings.

2. Open Site Permissions

Under the Users and Permissions heading, select Site Permissions.

3. Default EPM Live Groups

The following Groups are available in the default EPM Live site, as shown on the Site Permissions Page: Administrators, Executives, Portfolio Managers, Project Managers, Resource Managers, Team Members, and Visitors.  The user who is the owner/creator of the site will also show on the Site Permissions Page.  You  may add new Groups, modifying the existing Groups, and Delete Groups.

Note: The PortfolioEngine Permissions Groups align with the default Groups shown here.  If you add a new Group, you would want to create the same Group name on the PortfolioEngine Permissions page.  And if users in that new Group should have access to the Portfolio Tools for Cost and Resource Management, be sure to configure those Permissions for the new Group there as well.

4. Create a New Group

On the Permission Tools Ribbon, click the Create Group button.

Note: When a new Group is created on this Permissions Page, it will become an available option for selection in the Resource Pool when adding/modifying a Resource.  

Additional Configuration - In order for the new group to show in the Resource Pool, you must run the Reporting Refresh, since the Resource Pool uses the Reporting Database as its Data Source.  By running the Reporting Refresh, the new group is added to the Security table in the Reporting Database.

4.1. Enter Name and Description

  1. Name: Enter the Name for this Group.
  2. About Me: Enter an optional description for this Group.

4.2. Specify Group Owner

Specify the owner of this Group. The Group Owner is the person in charge of the group that can modify any settings to the Group. The Owner can be a specific User or it can be another Group.  For example, if the owner is the Administrators Group, then any user in the Administrators Group can modify this Group as needed.

4.3. Set Group Settings

Specify who can view and edit the membership of this Group. To allow others the ability to modify the users associated to this Group, in the “Who can edit the membership of the group?” section, select the Group Members radio button.

4.4. Set Membership Request Settings

  1. Select whether or not users may request to join or leave this Group.
  2. If yes to the first option, then select whether the requests are auto-accepted.
  3. If yes to the first option, then enter the email address for who should receive the membership request emails.

4.5. Give Group Permission for this Site

Select one or more Permission Level for this Group.

Note: Specify at least one permission level, or the group will not be available to associate to user accounts on the site. When selecting permission levels, the highest permission level supersedes all other permission levels. The best practice is a 1:1 relationship between custom permission levels and custom groups. It is better to add users to multiple groups than try to troubleshoot security.

4.6. Create and Close New Group

When finished, click the Create button.

5. Modify Group Settings for an Existing Group

Click the Group name link.

5.1. Select Group Settings

On the Settings drop down menu, select Group Settings.  Modify the Group name, owner, and membership settings as needed.

5.2. Edit User Permissions

  1. Check the box for the Group.
  2. Click the Edit User Permissions button.


  1. Check the box(es) for the Permission Levels for the selected Group.
  2. When finished, click the OK button.

6. Remove User Permissions

  1. Check the box for the Group.
  2. Click the Remove User Permissions button.
  3. Click the OK button to confirm removal of permissions.

Note: This does not delete the Group itself.  This only removes any permissions for the Group.

7. Open Manage Access Requests

If a user tries to access the EPM Live Site App, but doesn't have permissions on the site, they may be able to submit a request for access.

Click the button for Manage Access Requests.

7.1. Configure the Manage Access Requests Settings

  1. Check the box to allow users to submit requests for access.
  2. If the box is checked, enter the email address for who should receive the access request emails.
  3. When finished, click the Ok button.

8. Note about Grant Permissions

Note: The recommended method to grant permissions is to add a user to the Resource Pool and assign the user to one or more Groups.  The Grant Permissions button is not the recommended standard method of granting users permissions.  However, the Grant Permissions button is available for more advanced custom security and permissions requirements.



Please sign in to leave a comment.