Process-Driven User Management

Overview

Creating a process model to perform user management enables you to report on user statistics, assign user management tasks to other users, activity-chain management tasks together, and etc.

Using a process to manage your users also allows you to create user-audit reports in Appian. However, your Process Models must be configured with an archive interval that matches your data retention requirements (see the Archiving Processes). Otherwise, the process will be automatically archived after 7 days, and reporting data will be unavailable until the archives are restored.

Depending on your data-retention requirements, you might want to configure these processes to transfer the audit data to an external data warehouse for long-term storage and historical reporting. This allows you to archive the completed processes automatically after 7 days (reducing load on the Execution Engines).

Group Membership Management

Appian allows for simple user and group management through the People interface by allowing group members and/or administrators to freely add and remove users from groups. In order to provide additional audit and control capabilities for group membership changes, a simple group membership process can be created.

New Groups

The Create Group Smart Service allows you to create new groups using a process model.

Best Practice

We recommend the following best practices when creating groups.

  • Assign each new group a parent group that is named for the application where the groups are used.
  • Name the child groups according to their security role within your application.

Adding or Removing Group Members

Group membership can be managed using a process model. The following image shows a sample process that might be used to add or remove users from a group.

Image: Audit_GroupManagementProcess.gif

The first form in the process has three inputs: the group to modify, the action to take (add/remove members), and the list of users to add/remove.

Image: Audit_GroupManagementTask.gif

Once this information is submitted, it moves to a decision node to determine if an approval is required. Here an expression is used to determine whether approval is needed, depending on the user who submitted the task.

If approval is required by a supervisor, a task is generated and sent to the supervisor. The approver reviews the information provided by the submitter, and decides to approve or deny the group change. If the request is denied, an alert is sent back to the submitter that the request has been rejected.

If the request is approved — or if the request does not require approval — the flow continues to process the request. The Appian Smart Service nodes will then add or remove the appropriate users from the group.

The auditing capabilities for this process can be provided through a process instance report and the Process Details history. Below is an example process instance report for the group management process.

Image: Audit_GroupManagementReport.gif

To generate this report, create a Processes by Process Model report and select the group management process as the Process Model context for the report. Once the report is generated, edit the report such that the required data elements are displayed as columns.

An auditor can further review specific process instances by accessing the Process Details view. A link to the Process Details view can be added to any column in the report. Edit the column and select Link to more information > Process Details. The Process Details view lists all activity during the life of the process, displaying the dates and times that the request was submitted and approved.

Other Audit Capabilities

Other potential uses of Appian Smart Service Nodes to provide process reports and audit data include:

For users and groups, a process can be used to record the history of modified attributes, as well as attribute values that exist before and after the process is completed.

Image: Audit_OtherNodes.gif

FEEDBACK