Skip to main content
Eptura Knowledge Center

Archibus Security Groups

  1. Last updated
  2. Save as PDF
Application Security

This describes examples of the application's security groups that control access and functionality to the various features in the Archibus modules. It is important to note that you can create and edit the Security Groups for your organization, learn more in Introducing Archibus Appplication Security.

Group Name Group Title Module Mobile App Access Summary

%CAD

 Roles Only: All CAD Elements

This security group is typically used to give a user visibility to all CAD layers/elements, but only through roles, not through unrestricted editing rights.
In practice, it allows:

  • Viewing all CAD elements in floorplans
  • Access to all drawing layers (rooms, equipment, assets, boundaries, etc.)
%CIO Roles Only: All C-Level Executive Reports

This group is designed to give C‑suite users access to:

  • High‑level portfolio dashboards
  • Executive summary reports
  • Financial roll‑ups
  • KPI scorecards
  • Space and occupancy summaries
  • Lease and cost analytics
  • Strategic planning reports

It is read‑only in most implementations.
Users.
%ED% Roles Only: All Edit Permissions

Depending on your configuration, this gives users access to:

  • Edit space attributes
  • Editing of asset records
  • Editing of maintenance data
  • Editing of lease or portfolio fields
  • Editing of project or cost data

…but only within modules the user already has access to.
%REV Roles Only: Review features and only review features

Visibility to review‑restricted data across domains:

  • Finance review fields
  • Lease review fields
  • Real Property review fields
  • Maintenance review fields
  • Space review fields

Review of sensitive info that is not editable.
ADD-NEW-OPS-DATA Add new background data for Building Operations (ADD-NEW-OPS-DATA)  

Add new values from Select Values lists inside the Maintenance Console.

Create new:

  • Problem Types
  • Trades
  • Craftspersons
  • Equipment
  • Locations
  • Tools
API-ACCESS     Rest API access    
ASSET-MOB Asset Management Assets     Asset & Equipment Survey (mobile)
  • Mobile asset surveying
  • Real-world asset validation
  • Field data collection and updates
  • Synchronization with Archibus Asset Management"
ASSET-REG-MOB   Asset & Equipment Receipt Assets     Asset & Equipment Registration (mobile)

Register new assets in the field

Add new equipment or asset items

Capture the required validated data

Associate assets with divisions, departments, standards, buildings, etc.

Use “background (validating) data” provided by the facility manager

This includes:

  • Equipment standards
  • Departments and divisions
CAD-BIM-UPDATE-MODELS Use the BIM Viewer to update data in cloud models.              
CALCULATED Calculated Fields - Assign group to users allowed to run recalculation actions            
CRAFTSPER     Craftsperson            
DEPT MGR   Departmental Manager        
DISPATCHER     On Demand Work Dispatcher            
ED     Edit User          
FACIL MGMT   Facilities Management    
FEEDBACK     Suggest features and improvements             
FINANCE     Financial Analyst

Only users in the Finance security group can view and edit fields.

Holding salary data

Only users in the Finance security group have access to the Analyze Finances process.
GOVERNMENT RPLM INVENTORY PROCESS OWNER   Government RPLM Inventory Process Owner

Users assigned to a role containing this security group can:                                     

  • Approve and Reject transactions (the core function)
  • Update the official Government Real Property Inventory (posting approved transactions)
  • Add Age
HOTEL BOOKINGS ALL DEPARTMENTS Hotel Bookings All Departments Workplace Services/Hoteling

Also functionally defined rather than given a short internal name.

Capabilities include:

  • Create bookings across all departments, but still with date and approval restrictions.
  • View bookings for all departments.
  • Limited booking authority compared to Hoteling Administration.
HOTEL BOOKINGS WITHOUT APPROVAL Hotel Bookings Without Approval Workplace Services/Hoteling  

This group grants limited elevated privileges, but not full administrative control.

Capabilities include:

  • Create bookings for rooms assigned only to the user’s division/department.
  • Book only future date ranges (not past/active bookings).
  • View bookings assigned to them or their own division/department.
HOTELING ADMINISTRATION Hoteling Administration    Workplace Services/Hoteling

This group has full control over all hoteling operations.

  • Create bookings for any employee, any division/department, any time (even in the past).
  • Change division/department of an existing booking.
  • View all bookings across the entire organization.
  • Cancel any booking, even retroactively.
  • Appr
MAINT MGMT   Maintenance Management Maintenace            
NO     Typical Group Not a default group.
OPS-CA-MOB Condition Assessment - Mobile Assessment (mobile)           
OPS-MOB   Work Orders-Mobile Maintenance (mobile)             
PO APPROVER Purchase Order Approver    

In Archibus, a PO Approver (Purchase Order Approver) is typically a user who has permission to:

  • Approve purchase orders
  • Review procurement requests
  • Release or reject POs
  • Access specific procurement views or workflows

This is controlled through security groups, roles, and workflow rules.     
PROCESS OWNER Business Process Owner          

PROCESS OWNER isn’t a built‑in, universal Archibus security group.

It’s a role name many organizations create themselves to designate the person who owns a workflow or business process.

Archibus is highly configurable, the exact group name varies by implementation.

RESERVATION APPROVER      

   Reservations Approver  

 Workplace Services/Reservations     

Approve reservations for rooms/resources they are allowed to approve.
RESERVATION ASSISTANT       Reservations Assistant   Workplace Services/Reservations    Create reservations; limited visibility to only their own or delegated reservations.
RESERVATION HOST            Reservations Host   Workplace Services/Reservations 

Similar to Assistant but limited to their own/for-them reservations.
RESERVATION MANAGER         Reservations Manager Workplace Services/Reservations 

All reservation features, can cancel multiple reservations.

RESERVATION SERVICE DESK    

 Reservations Services Desk Workplace Services/Reservations  Reserve, manage trade work, approve reservations.
RESERVATION TRADES               Reservations Trades Workplace Services/Reservations  Manage Trade Work.
REV     Review User

A Review User is someone who can:

  • View records
  • Run reports
  • Look at workflow status
  • Review data without editing it
  • Sometimes approve or comment, depending on configuration
RISK-COMP-SURVEY-MOB          Mobile Compliance Survey  
RISK-HAZMAT-MOB     Review features of mobile Materials Inventory App.    
RISK-HAZMAT-MOB-ED     Review and edit features of mobile Materials Inventory App.    
RISK-HAZMAT-MOB-INV       Review and inventory features of mobile  Material Inventory App.  
RISK-IR-MOB     Incidents Reporting          Incidents Reporting (mobile)  
RPLM        RPLM module, base access to navigator      
RPLM%         Role Only: All RPLM Database Elements   
RPLM-LEASE-AUDITOR   REPM  Lease Auditor Real Property/Lease Lease administrators — daily data entry, renewals, options.
RPLM-LEASE-DELETE    REPM Allow deleting leasing in the Lease Portfolio Console Real Property/Lease Lease administrators — daily data entry, renewals, options.
RPLM-REV     Review feature of RPLM only Real Property/Lease Optional review-level group (commonly used in hierarchical security for read visibility).
RPLM-REV-CEO  

Review features of RPLM that show summary and KPI features.

 Real Property/Lease   Not a default group
RPLM-REV-ED    

Review and edit features of RPLM.

 Real Property/Lease     Not a default group
RPLM-REV-ED-CAD    Review, edit and CAD features of rplm.        Real Property/Lease      Not a default group
RPLM-REV-ED-CALC     All of the above plus results recalculation.  Real Property/Lease      Not a default group

RPLM-TENANT    		 Tenant Reports Real Property/Lease

A Tenant Reports security group is generally designed for users who need to:

  • View lease information
  • Run tenant‑specific reports
  • Review occupancy or rent data
  • Access dashboards or KPIs
  • See space or portfolio summaries
SHOW-ALL-REQUEST-FIELDS     Show all fields on the Create Work Request form Maintenance             
SPAC  Space module, Base access to navigator Space  

For space, department, and move managers who would like to get a better handle on their space use and how it supports their businesses, this application provides self-service access to space usage reports and space inventory statistics.  

By accurately tracking space inventory, occupancy, and mana...
SPAC%         Roles Only: All Space Features     Space    
SPAC-MOB     FM Space Book     Space       Space Book (mobile, no survey) 
  • View floor plans
  • Browse rooms, space data, occupancy
  • Use Space Book for reference (but no survey/posting capability)
SPAC-OCCUP-MOB     Space & Occupancy Survey    Space       Space & Occupancy Survey (mobile) 
  • Download floor plans and space data
  • Survey employee occupancy
  • Record room use and occupancy percentages
  • Update room and employee allocation data directly from the field
SPAC-REV     Space Domain: Review Features only     Space         Not a default group
SPAC-REV%        Roles Only: All Space Review, Edit, CAD, and Calc Features     Space    Not a default group
SPAC-REV-CIO     Space Domain: C-Level Review Features only     Space         Not a default group
SPAC-REV-ED     Space Domain: Edit Features only   Space         Not a default group
SPAC-REV-ED-CAD     Space Domain: CAD Features only Space         Not a default group
SPAC-REV-ED-CALC     Space Domain: Calculated Actions only  Space         Not a default group
SPAC-SURVEY     Mobile Space Surveyor Space     Space Book with survey (Complete Survey only) Can perform surveys using Space Book
Must submit results using Complete Survey
A manager must review and post survey changes in Web Central.
SPAC-SURVEY-POST    Space Surveyor, Can Post to Inventory Space     Space Book with survey (can Close Survey) Conduct surveys
Use the Close Survey button
Automatically update inventory tables upon posting.
SPACE PLAN     Space Planner Space             
SPACE-CONSOLE-ALL-ACCESS     Full access to Space Console Space         Not a default group
SPACE-REV-ED%     Roles Only: All Review Reports   Space         Not a default group
SYS        System Management Features          
SYS-FILE-UPLOAD       Upload files in-boundary
SYS-USR             System Features for Altering User Menus (e.g. Process Hotlist)
SYS-USRMGR       System Features for Altering Per-User Settings (VPA, etc.)    
SYS-VIEW-ALTER             Alter views that all users in the deployment access.  
SYS-VIEW-NEW     Review tables and fields and create new views.
SYSTEM-MGR-MOB              Solutions Templates  
TENANT              Building Tenant, Occupant, or Employee  

VIEW-ALL-WORK-REQUESTS    

 View all work requests     Maintenance    

The user can see every work request in the system, regardless of requester, department, problem type, or SLA owner.
In the Search & Manage Service Requests view, the system displays the Service Desk Manager filter field. Leaving it blank shows all work requests.

This security group overrides the..

WORKSVC-MOB    

 Workplace Services Portal   Workplace Services Portal (mobile) Access the Workplace Services Portal mobile app
See request tasks configured in the Activity Types table
See information tasks configured in the Mobile Menus table
Use mobile-enabled Workplace Services features (request maintenance, locate rooms, etc.)