Permission Set Definitions

Default Permission Set Definitions

Permissions are required for Essentials modules to function. The following topics describe the entities to which each permission in a permission set grants the user access.
Important: Ensure that the APM Next permission set is activated for all the users. Only then, users can access Essentials. If you have upgraded from a previous version, the GE Vernova Customer Support team automatically activates the APM Next permission set for all the existing users. For new users, however, you must activate the permission set.

Administration

PermissionDescription
Manage Users
  • Can add and deactivate users
  • add and deactivate user groups
  • create new permission sets
  • assign users to user groups, permission sets, and assets
  • create ingestor tokens in Setup

Alerts

PermissionDescription
Alerts
Allows a user to perform the following tasks:
  • Create Alerts
  • Manage Alerts
  • Manage Internal Notes
  • View Limited Visibility Alerts
  • View alert details for General Visibility alerts
Note: To create an alert, you must have either the Alerts permission, or Manage Alerts and Limited Visibility Alerts permissions.
View Alert Detail
Allows a user to perform the following tasks:
  • View Disposition value
  • View Evidence
  • View the Analysis Template Chart
  • Navigate to Analysis
  • View Asset faceplate
  • View Linked Cases
Note: When only View Internal Notes or Manage Internal Notes is selected, then the View Alert Detail permission is selected by default. In addition, the Manage permission always supersedes the View permission.
Manage Alerts
Allows a user to perform the following tasks:
  • Manually create an Alert
  • Change the Alert template
  • Claim an Alert
  • View all the Alert details (see View Alert Detail permissions above)
  • Change Disposition
  • Mark an Alert as Processed
  • Release claim
  • Add Evidence
  • Create a Case from an Alert
  • Create Case bulk action in grid
  • Add notes in bulk edit
  • Create reminder alerts
  • View reminder alert criteria
    Note: Users with Manage Alerts cannot view, add, or delete an Internal Note.
View Internal Notes
Allows a user to perform the following tasks:
  • View all the Alert details
  • View Internal Notes
    Note:
    • Users will not see the Internal Notes section if they do not have this permission.
    • Users have view permissions only; they cannot perform any actions.
    • When only View Internal Notes or Manage Internal Notes is selected, then the View Alert Detail permission is selected by default. In addition, the Manage permission always supersedes the View permission.
Manage Internal Notes
Allows a user to perform the following tasks:
  • View all the Alert Details permissions
  • View, add, and delete Internal Notes. Users can only delete Internal Notes that they created.
    Note: Admin must assign the Manage Alerts permission for a user, for that user to perform any actions on alerts.
  • When only View Internal Notes or Manage Internal Notes is selected, then the View Alert Detail permission is selected by default. In addition, the Manage permission always supersedes the View permission.
View Limited Visibility Alerts

Allows a user to view alert details for limited visibility alerts and general visibility alerts.

Analysis

PermissionDescription
Analysis ViewUser can:
  • Perform ad hoc Analysis on assets to which they have access, but they cannot save the analyses that they create
Analysis CreateUser can:
  • Perform ad hoc Analysis on assets to which they have access
  • Save analyses as Templates to support additional research

Analytics

PermissionDescription
Manage AnalyticsAccess and/or modify analytic templates and orchestrations.
Manage Deployments and FiltersAccess and/or modify deployments and asset filters.
Manage Analytic ConfigurationsAccess and/or modify asset filter configuration.
View Deployments and FiltersAccess deployments and asset filters.
View Analytic ConfigurationsAccess asset filter configuration.
BlueprintsAccess and/or modify blueprints (applicable to Smart Signal only).

APM Connect

PermissionDescription
MI Data Loader Admin

The users have all the privileges applicable to the users having MI Data Loader User permissions. Additionally, the users can delete the data load configuration records and interface log records.

To use a data loader specific to a module, the users need additional permissions specific to that module. For more information, refer to the appropriate Mappings documentation.

MI Data Loader User

The users can access to the Data Loaders feature, and can view, update, and create data load configuration records and interface log records.

To use a data loader specific to a module, the users need additional permissions specific to that module. For more information, refer to the appropriate Requirements Mappings documentation.

Asset

Important: In Essentials, assign only the View Assets permission to users to keep the data synchronized in the Essentials databases.
Note: If user has access to all resources (such as an administrator), all asset restriction policies are ignored.
PermissionDescription
Ingest Assets apiNone
View Assets apiNone
Edit Assets apiNone
Ingest AssetsUser can create and edit the asset model for the tenant. User can also view related ingestion logs.
Important: In Essentials, users with Ingest Assets permission can edit asset-related data using the Essentials UI. However, the users must not edit asset data other than the groups, templates, tags, geolocation, and classifications to avoid asset data in the Essentials databases to become out of sync.
View AssetsUser can view all data related to assets, including Asset Instances and Classifications.
Edit AssetsUser can modify all editable asset data via the user interface. This permission includes: view asset and allows deletion of asset instance.

Asset Health

PermissionDescription
MI Health Power
  • Users can create, update, and delete policies, policy instances, policy recommendations, and health indicator values.
  • Users can access the eLog module. If they are assigned to a Shift, they can also create log entries.
MI Health Admin
  • Users can access the eLog Administrator pages to create Shifts, Templates, and assign Teams to Shifts.
MI Health UserUser can:
  • Access the Rounds Data Collection mobile features.
  • Create recommendations and acknowledge heath indicators in Asset Health Manager.
  • View policy data.
  • Create policy instances in Policy Designer.
  • Create and modify AMS Asset recommendations.
  • Access the eLog module. If they are assigned to a Shift, they can also create log entries and manage assignments.
MI Rounds-Pro AdminUsers can access Rounds Pro Manager and perform all the related tasks.
MI Rounds-Pro UserUsers can access Rounds Pro Mobile application and perform all the related tasks.

Asset Strategy

PermissionDescription
MI Strategy PowerThe users have all the privileges applicable to the users having MI Strategy User permission, and the administrative privileges for the Asset Health Manager feature.
MI Strategy AdminThe users have all the privileges applicable to the users having MI Strategy Power permissions. Additionally, the users have administrative privileges for the Reliability Centered Maintenance, Failure Modes and Effects Analysis, Asset Strategy Management, Asset Strategy Implementation, and Life Cycle Cost Analysis features.
MI Strategy UserThe users have the view, create, update, and delete privileges for the Reliability Centered Maintenance, Failure Modes and Effect Analysis, Asset Strategy Implementation, Asset Strategy Management, and Life Cycle Cost Analysis features. Additionally, the users have the administrative privileges for Rounds feature, and view privileges for Asset Health Manager and Calibration Management features.

Audit Logs

PermissionDescription
User Management Audit LogTenant admin can view details about changes to Administration items

BI

PermissionDescription
OData Extract-CasesAllows a user to extract Cases data.
OData Extract-AlertsAllows a user to extract Alerts data.

Cases

PermissionDescription
CasesAllows a user to perform the following tasks:
  • View a case
  • Claim a case
  • Create a case
  • Change the status of a case
  • Update the report
  • Add evidence and notes
  • Create a case from an alert
Note: To create a case, you must have the Cases and View Limited Visibility Cases permissions.
View Case Detail
Allows a user to perform the following tasks:
  • View Case Details
  • View Actions section
  • View Evidence section
  • View Interpretation section
  • View Closure section, if available
  • View any custom sections
  • Access only the Export to PDF option.
  • View the Notes section, add notes or delete notes created by the user.
Users cannot perform the following tasks:
  • Claim a case
  • Change the case status
  • Create a case
  • Mark any similar case as reference or remove a related case from the Similar Cases section
  • Modify the information in the Evidence, Actions, Case Info, Interpretation, or Closure sections
Edit Case DetailAllows a user to view or edit a case. However, the user cannot create a case from an alert or create a case in Cases. Therefore, when a user with this permission claims an alert, the user will not see the Create Case button.
View Limited Visibility CasesAllows a user to view case details of the limited visibility cases and general visibility cases.

Cost Benefit Analysis

PermissionDescription
Configure Asset TypeAllows the user to perform the following tasks during tenant onboarding:
  • Create metadata related to tenant
  • Modify metadata related to tenant
  • Delete metadata related to tenant
Cost Benefit AnalysisAllows the user to perform the following tasks:
  • Create a Cost Benefit Analysis for a case
  • Modify the Cost Benefit Analysis for a case
  • Access the CBA Dashboard module

Cross Tenancy

PermissionDescription
Cross TenancyAdmin user can see the cross tenancy sharing tab.

Dashboard

PermissionDescription
Dashboard-UpdateUser can update an existing dashboard. This permission is required to create dashboards as well.
Dashboard-CreateUser can create a new dashboard and save it.
Class-DashboardUser can create a class level dashboard.
Dashboard-ViewUser can view existing dashboards and create a private dashboard.
Default-Dashboard-InstanceUser can set an instance level default dashboard.
Default-Dashboard-ClassUser can set a class level default dashboard.

eLog

PermissionDescription
MI eLog ViewerUsers can access the eLog module. If they are assigned to a Shift, they can also create log entries.
MI eLog AdministratorUsers can access the eLog Administrator pages to create Shifts, Templates, and assign Teams to Shifts.
MI eLog ContributorUsers can access the eLog module. If they are assigned to a Shift, they can also create log entries and manage assignments.

Failure Elimination

PermissionDescription
MI FE PowerUser

The users have all the privileges applicable to the users having MI FE User permission. Additionally, the users can:

  • Create, update, and delete Root Cause Analyses, Production Plans, Production Events, Production Losses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules.
  • Update Production Data and link Production Events to Root Cause Analyses.
  • Create and update GAA Events and GAA Performance records.
MI FE AdministratorThe users have all the privileges applicable to the users having MI FE PowerUser permissions. Additionally, the users have administrative privileges for the Generation Availability Analysis, Root Cause Analysis, Production Loss Analysis, and Reliability Analytics features.
MI Analytics PowerThe users can:
  • View, create, update, and delete cognitions.
  • View cognition-related logs and standard lists.
MI FE UserThe users can access the GAA Company, GAA Plants, GAA Units, GAA Events, GAA Performance records, Root Cause Analyses, Production Loss Analyses, Production Analyses, System Reliability Analyses, Spares Analyses, Reliability Distribution Analyses, Probability Distribution Analyses, Reliability Growth Analyses, and Automation Rules features.
MI Analytics AdministratorThe users can view, create, update, and delete cognitions, cognition-related logs, and standard lists.

Foundation

Important: If the Foundation permission set is available in a tenant, you must assign at least one permission from this set to all the users of the tenant. We recommend that the users are assigned the APM Basic User Permission set for the assets they need to access.
PermissionDescription
MI Foundation PowerThe users have all the privileges applicable to the users having MI Foundation User permissions. Additionally, the users can:
  • Save data from the devices in the Essentials database.
  • Create and manage the Site Reference records.
  • Update, add, and delete the ACA records.
  • View the SAP System records.
  • Add the users to the states.
  • Remove the users from the states.
MI APM ViewerThe users can view most of the Essentials records.
MI APMNow AdminThe users can access Tools and certain administrative features.
MI Foundation UserThe users can:
  • Send and receive data from the devices.
  • Create and manage the recommendations.
  • Create and update the tasks.
  • View and create the ACA records.
  • View the KPIs, Scorecards, and Metric Views.
  • View the SAP System records.
Administrator (Super User)The users can access all the administrative applications and Essentials features and functionalities.
MI Foundation AdminThe users have all the privileges applicable to the users having MI Foundation Power permissions. Additionally, the users can configure mappings for the devices and view the SAP System records. In addition, the users have administrative privileges for the Catalog, Tasks, and ACA records features.

Generation Availability Analysis

PermissionDescription
MI GAA Viewer

Users have View privileges forthe Generation Availability Analysis module.

Users can view Event and Performance records related to the GAA Analyses.
MI GAA AdministratorUsers have administrative privileges for the Generation Availability Analysis module and can perform the following operations:
  • Access and modify all pages in the GAAApplication Settings.
  • View, update, insert, and delete Performance records and Reports configured for a GAA Unit.
MI GAA AnalystUsers have view, update, and insert privileges for the Generation Availability Analysis module, which supports GAA Reporting.

Generation Availability Analysis Wind

PermissionDescription
MI GAA Wind OperatorUsers have View privileges for the Generation Availability Analysis Wind module and related policy instances.
MI GAA Wind Super AdministratorUsers have administrative privileges for the Generation Availability Analysis Wind module and can perform the following operations:
  • Access and modify all pages in the GAAWind Application Settings.
  • Create, view, update, insert, and delete a Performance record and generate Performance and Sub Group reports.
MI GAA Wind AdministratorUsers have administrative privileges for the Generation Availability Analysis Wind module and can perform the following operations:
  • Access and modify all pages in the GAAWind Application Settings.
  • Create, view, update, insert, and delete a Performance record and generate Performance and Sub Group reports.
MI GAA Wind AnalystUsers have view, insert, update, and delete privileges to import and modify event data for the Generation Availability Analysis Wind module.

Knowledge Management

PermissionDescription
Knowledge ManagementUser can search the Knowledge Management System.

KPI Management

PermissionDescription
Search Knowledge Management SystemAllows user to search the knowledge management system.

Life Cycle Cost Analysis

PermissionDescription
MI LCC AdministratorUsers have administrative privileges for Life Cycle Cost Analysis.
MI LCC UserUsers have user privileges for Life Cycle Cost Analysis.
MI LCC ViewerUsers have view privileges for Life Cycle Cost Analysis.

Mechanical Integrity

PermissionDescription
MI Mechanical Integrity Power
  • The users have all the privileges that are applicable to the MI Mechanical Integrity User. Additionally, users can access the criticality calculator family and RBI features (except data mapping).
  • The users have view privileges for all the RBI families.
MI Mechanical Integrity AdministratorThe users have all the privileges that are applicable to users with MI Mechanical Integrity Power permissions. Additionally, users have administrative privileges for the Thickness Monitoring and RBI features and can access the RBI data mapping and reference tables.
MI Mechanical Integrity UserThe users can access the T-Min Calculator, Archive Corrosion Rates, Exclude TMLs, and Renew TMLs features. Additionally, users have basic access to the Inspection and Thickness Monitoring features.
SC Recommendation Management ImplementerThe users can change the status of the Recommendations from the Approved or In Progress state to the Completed state.
SC Recommendation Management ReviewerThe users can change the status of the Recommendations from the Pending Approval state to one of the following states:
  • Pending Review
  • Approved
  • Canceled
  • Rejected
MI Mechanical Integrity ViewerThe users have view privileges to all the families in Risk Based Inspection, Thickness Monitoring, and Inspection Management.
MI Inspection ViewerThe users have view privileges to all the families in Inspection Management.
MI InspectionThe users have access to all the families in Inspection Management. Additionally, users can access Compliance Strategy and Compliance Policy Mapping.
MI Inspection SupervisorThe users are populated in the Reviewers Name field of the baseline inspection workflow, and can create, update, review, and approve an inspection.
Note: This role does not have an added group. To access a specific module or a feature, add the relevant group to the user.
MI InspectorThe users are populated in the Inspection Report Owner field of the baseline inspection workflow, and can create, update, review, and send inspections for approval.
Note: This role does not have an added group. To access a specific module or a feature, add the relevant group to the user.
MI Contract InspectorThe users have privileges to create and update an inspection as a third-party inspector.
Note: This role does not have an added group. To access a specific module or a feature, add the relevant group to the user.
MI Thickness Monitoring AdministratorThe users have all the privileges that are applicable to the MI Thickness Monitoring Inspector. Additionally, users have administrative privileges for Thickness Monitoring features and can access the TM Rules Lookup, data mapping, and reference tables.
MI Thickness Monitoring InspectorThe users have all the privileges that are applicable to the MI Thickness Monitoring Viewer. Additionally, users can access the Thickness Measurement Locations, Datapoints, T-Min Calculator, Archive Corrosion Rates, Exclude TMLs, and Renew TMLs features along with other basic TM features.
MI Thickness Monitoring UserThe users have all the privileges that are applicable to the MI Thickness Monitoring Inspector. However, the Thickness Monitoring User is restricted from deleting some of the Thickness Monitoring records like Datapoint Measurement.
MI Thickness Monitoring ViewerThe users have view privileges to all the families in Thickness Monitoring.
MI Compliance AdministratorThe users have all the privileges that are applicable to the MI Compliance Analyst. Additionally, users can create, update, or delete Compliance Strategy Templates and link/unlink assets to the Compliance Strategy Template.
Note: This role does not have an added group. To access a specific module or a feature, add the relevant group to the user.
MI Compliance AnalystThe users have privileges to suggest and apply Compliance Strategy Templates, create Inspection Plans, and update Compliance Recommendations.
Note: This role does not have an added group. To access a specific module or a feature, add the relevant group to the user.
MI Inspection Plan ApproverThe users have privileges to update and approve an Inspection Plan. Additionally, users have view privileges for Compliance Management, Inspection Management, and Risk Based Inspection.
MI RBI AdministratorThe users have all the privileges that are applicable to the MI RBI Analyst. Additionally, users have administrative privileges for RBI features and can access the RBI data mapping and reference tables, but cannot update an Inspection Plan.
MI RBI AnalystThe users have all the privileges that are applicable to the MI RBI Viewer. Additionally, users have the privileges for calculating RBI Analysis and associated functionalities related to an RBI Analysis such as Duplicate Analysis, Apply Analysis, and Create What-If Analysis. Users can also update an Inspection Plan.
MI RBI ViewerThe users have view privileges to all the families in Risk Based Inspection.

Policy Designer

PermissionDescription
MI Policy Administrator
  • Users can modify application settings for Policy Designer and Family Policies.
  • Users can create, update, and delete policies, policy instances, policy recommendations, and health indicator values.
  • Users can view policy execution results.
MI Policy Designer
  • Users can create, update, and delete policies, policy instances, policy recommendations, and health indicator values.
  • Users can view policy execution results.
MI Policy User
  • Users can create, update, and delete policy instances, policy recommendations, and health indicator values.
  • Users can view policies and policy execution results.
MI Policy ViewerUsers can view policies, policy instances, and policy execution results.

Predix Workorder Management

PermissionDescription
Predix Workorder Management
Note: This permission is only for Essentials, not Legacy Predix Essentials users.
Users must be assigned this permission to perform the following activities:
  • Create Recommendations from Alerts and Cases
  • View list of recommendations in Alert and Case Details pages
  • View Work Orders in Alert and Case Details pages
  • View Criticality number in Alert and Case Details pages and Asset dashboard
  • View open work orders, completed work orders, and recommendations data in an asset dashboard.

Production Loss Analysis

PermissionDescription
Production Loss Accounting UserUsers can update Production Plans, Production Data, and Production Events.
Production Loss Accounting ViewerUsers have view privileges for Production Loss Analysis and can view Production Plans, Production Data, and Production Events. However, the users cannot update the Production Plans, Production Data, or Production Events.
Production Loss Accounting ServiceUsers can perform the following operations:
  • Access Production Plans.
  • Enter Production Data.
  • Reconcile Production Losses.
  • Create Production Events.
However, users cannot create Production Plans.
Production Loss Accounting AdministratorUsers have administrative privileges for Production Loss Analysis and can perform the following operations:
  • Access the PLA Administrator page.
  • Create Plan Templates, Production Units, Production Profiles, and Products.
  • Update Production Data.

Reliability Analytics

PermissionDescription
MI Reliability AdministratorUsers have administrative privileges for Reliability Analytics workflows.
MI Reliability AnalystUsers have user privileges for Reliability Analytics.
MI Reliability ViewerUsers have view privileges for Reliability Analytics.

Root Cause Analysis

PermissionDescription
MI PROACT AdministratorUsers have administrative privileges for Root Cause Analysis.
MI PROACT Team MemberUsers have user privileges for Root Cause Analysis.
MI PROACT ViewerUsers have view privileges for Root Cause Analysis.

Rounds

PermissionDescription
MI Operator Rounds AdministratorUsers can access the Data Collection, Rounds Designer, and Rounds Mobile applications and perform all administrative tasks.
MI Operator Rounds Mobile UserUsers can access the Rounds Mobile application and perform all the related tasks.

Safety

PermissionDescription
MI Safety PowerThe user can access the following records:
  • Initiating Event
  • Consequence Adjustment Probabilities
  • IPL Checklist
  • Active IPL
  • Passive IPL
  • Human IPL
  • Asset Safety Preferences

Additionally, the users have all the privileges applicable to the users having MI Safety User permissions, and have the ability to create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, and SIS Management.

MI Safety AdminThe users have all the privileges applicable to the users having MI Safety Power permission. Additionally, the users can create, modify, and delete all the records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management.
MI Safety UserThe users can access the Recommendations, Calibration Templates, Risk Threshold records, Protective Instrument Loops, SIL Assessments, and SIL Threshold records features. Additionally, the users can access, create, modify, and delete all other records in Calibration Management, Hazards Analysis, LOPA, MOC, and SIS Management. In MOC, the users can access, create, modify, and delete General Recommendations.

Setup

PermissionDescription
SetupIncluded with Manage Users from Administration
  • Available to User Admins to create and view ingestor URLs, username and passwords.
  • Provides the ability to reset ingestion password.

SmartSignal

Note: By default, Essentials does not give users access to the SmartSignal microapps. An administrator must provide each user with permissions to access the SmartSignal applications, as well as modify the permissions for the ingestor user (used to upload assets into Essentials).
PermissionDescription
SmartSignal EvidenceCan view SmartSignal Alerts and charting data for Analysis.
SmartSignal Host and TenantSetup SmartSignal Hosts and Tenants
  • User can configure SmartSignal hosts.
  • User can configure SmartSignal tenant mappings.
SmartSignal Mapping
  • Setup SmartSignal Analytic – Can perform SmartSignal asset mapping.
  • Setup SmartSignal Maintenance
For Essentials native client configurations, users must have the following permissions:
SmartSignal EvidenceSetup SmartSignal Evidence
SmartSignal MappingSetup SmartSignal Analytic

For Essentials configurations, users must have the following permissions:

AnalyticsManage Analytics catalog
SmartSignal EvidenceSetup SmartSignal Evidence
SmartSignal MappingSetup SmartSignal Analytic

State Management

PermissionDescription
SM_AnalystThe users can transition states using State Management.
SM_Approver
SM_Assessor
SM_Coordinator
SM_Facilitator
SM_Implementor
SM_Initiator
SM_Owner
SM_Planner
SM_Team Leader

Stuf

PermissionDescription
Basic group infoCan set up and edit basic group information.

Templates

PermissionDescription
Alert TemplatesCan create Alert Templates.
Cases TemplatesCan create Case Templates.

Timeseries

PermissionDescription
View Data Sources for TimeseriesCan view data sources for Timeseries.
Add TimeseriesCan ingest and update Timeseries data.
View TimeseriesCan view Timeseries data.
Configure Data Sources for TimeseriesCan configure data sources for Timeseries.

Units of Measure

PermissionDescription
ViewUoMUser can view the Units of Measure Conversion page.
EditUoMUser can edit the Units of Measure Conversion page.