Appian allows you to tailor user rights to the needs of your groups and your overall organization.
The following factors affect the security for users within a group and users not within a group.
Four types of membership determine the user rights available for a group - Administrator, Group Creator, Member and Viewer.
Group Administrators have the following rights within a group. They can modify group properties, add administrators and members, edit administrators and members, set-and-modify membership rules, and delete the group.
The Group Creator has administrator rights over the group.
These users have been approved for membership either by the Administrator or automatically by a rule depending on the Group Membership Policy selected. The rights given to members depend on the Group Security Setting selected.
Viewer rights depend on the Group Security Settings selected as described in the next section.
Appian defines three security settings - Public, Personal, and Restricted. These settings have implications in group directory lists, group searches, group membership, and group administration.
These settings can be modified from the Group Details page.
See also: Group Details
Public groups can only be created by the Administrator user or a System Administrator user account. Public groups appear when browsing groups and in group search results. All users who want to join a group can view these groups in group search results. Group membership may require approval by the Administrator.
When Public groups are added to the Tempo Message Audience Groups system group, all users can select and send messages to those groups.
All users can create a group with Personal security, but only the Group Creator can work with and modify the group. He/she can add other users as administrators and members, but members cannot see this group.
These groups are useful when organizing contact lists or assigning tasks. This security feature allows the members in your group to be aware of the group's existence, yet they cannot use the group or view other members.
Users, including group administrators, cannot send Tempo messages to a Personal group, even if the group is added to the Tempo Message Audience Groups system group.
All users can create a group with Restricted security. This setting exposes the group to its members and administrators only.
Group members and administrators can view the group when browsing. The group appears for these users within group search results.
If a Restricted group is added to the Tempo Message Audience Groups system group, and a member sends an open message to that group, non-members may still see the message, but the Restricted group's name will display as
[Group Name Not Available]. To avoid confusion for your users, you may want to limit the number of Restricted groups added to the Tempo Message Audience Groups system group.
[Group Name Not Available].
See also: Send a Message
The Group Membership Policy selected for a group determines whether or not users are free to join a group and whether or not approval is required before the user can be added to the group.
The possible policies are discussed below.
Only Group Administrators can add or remove members to the group. For the Team and Personal security settings, the membership policy is always Closed.
Users can only join the group with approval from a Group Administrator.
To join an Exclusive group, complete the following:
Users who can see groups with this policy do not need the Group Administrator's permission. This option exists only for groups with the Public group security setting.
This determines whether members can see group members in the group profile. There are two settings for viewing policy:
All members can see each other.
The members cannot see each other. Only Group Administrators and the Group Creator can see all the members. For the Personal security setting, viewing policy is always set to High.
Certain system groups are available to assist you with administering components of the application suite.
The following system groups are available:
System groups can be modified by the Administrator user account, System Administrator users, or the Group Administrator(s), with the following restrictions:
Members of this group can administer the document-management module of the application. These members can perform various administrative functions such as creating, modifying, deactivating, and reactivating departments. They can modify documents, users, and move knowledge centers. Members of this group see an administration link that allows them to perform these tasks.
The Document Administrators group has the following security settings:
Members of this group can perform certain content administration functions - such as editing the Application Designer home page, administering portal pages, authorizing and approving content, and publishing content.
The Portal Administrators group has the following security settings:
Basic Users must be a member of the Process Model Creators group in order to create new process models or configure the Query Database or Call Web Service Smart Services.
See also: Adding All Users
The Process Model Creators group has the following security settings:
Users added to the Process Model Creators Group are automatically added to the Designer Role which gives them access to design all aspects of an application.
See also: User Roles
This system group is used to define available target groups for Tempo messages.
See also: Configuring Users for Tempo
The Tempo Message Audience Groups system group has the following security settings:
This system group is used to provision users with the right to post global messages (messages to everyone) in Tempo.
The Tempo Message Authors system group has the following security settings.
See also: Configuring Users for Tempo