Adding system users
Granta MI Pro users must be added to one of the 3 local Granta MI AD groups created during installation in order to be able to log in and access the necessary applications.
A user’s access to Granta MI Pro, and their privileges within it, are determined by their membership of Active Directory (AD) security groups that are mapped to three, fixed system security roles in Granta MI Pro, Read, Power User, and Admin. These roles determine what permissions a user has in the system, see Granta MI Pro users.
- Read role has the fewest privileges.
- Admin role has the maximum privileges.
- Each role includes all the privileges of the less privileged roles.
During installation, MI_READ, MI_POWERUSER, and MI_ADMIN local AD security groups are automatically created on the application server, and these are mapped to the Read, Power User, and Admin system security roles.
Granta MI Pro users must be added to one of these AD groups in order to be able to log in and access the necessary applications. Users only need to be added to one of these groups. The Granta MI Service User Account and the account used to install the software are automatically added to the MI_ADMIN group during installation.
Note that two additional local AD groups, MI_WRITE and MI_GRANT, are also created during installation. These are used in Granta MI Enterprise, but are not relevant in Granta MI Pro deployments and may be safely ignored/deleted.
The default AD group/system role mappings may be changed after initial installation in the MI Server Manager tool, for example, if you want to use domain AD security groups instead of the default local groups. See Changing security group mappings.
Adding users to the correct groups
The three types of Granta MI Pro user - CAD and CAE User, Materials Data Owner, and Administrator - map to the system security roles and AD groups as follows.
| User category | Requires this Granta MI system security role | Must be a member of this local AD security group |
|---|---|---|
| CAD and CAE users | Read | MI_READ |
| Materials Data Owners | Power user | MI_POWERUSER |
| Granta MI Pro administrators | Admin | MI_ADMIN |
See Granta MI Pro users for information about the privileges granted to each of these roles, to help you determine which users in your organization need to be added to which AD groups.