Users

Only administrators have access to this tab

Many different roles support the development and management of robotic processes in Appian RPA. The Users tab in the Appian RPA Console is where you can view user information and manage permissions. Some user properties, such as passwords, are still managed within Appian. Administrators responsible for controlling access and privileges should understand how roles impact an individual's access to features and actions within the Appian RPA Console.

This page describes the information and actions available within the Users tab of Appian RPA, the roles available in Appian RPA and their capabilities, and how authentication works between Appian and Appian RPA.

User tab in Appian RPA Console

rpa-user-list.png

Here you can find a complete listing of all users and the following information:

  • Login: Appian username used when the account was created
  • Role: User's role (ADMIN, DEVELOPER, or MANAGER)
  • Active: Whether the user is active or not
  • Email: Email address where notifications will be sent
  • Full name: User's name and surname(s)
  • Actions: Modify permissions for the user or refresh their Maven key
  • Permissions: List of permissions assigned to that user
  • Last access: Date of last access
  • Created: Date of creation of the user

See Security for more information on permissions and how to assign tags to resources and robotic processes.

To manage credentials for robotic processes, see Credentials. With permissions, you can define login credentials for different systems to be reused by all the robotic processes that may require access to those systems.

Appian RPA roles

Appian RPA contains three pre-determined roles. A user's role determines what they can see and do in the Appian RPA Console. Operations managers have the least amount of access, while administrators have full access to pages and actions throughout the console.

The roles include:

  • Administrator: Administrators have access to every screen in the console and can modify all permissions. Administrators can also create new robotic processes and have access to every setting available in the robotic process configuration. Users with this role can set up and run all available robotic processes.
  • Developer: Developers can build robotic processes in the console, including modifying permissions for the robotic processes and resources they can access. Developers have full access to the settings in the robotic process configuration. However, this role can't grant permissions to users or change some console settings for things like repositories.
  • Operations Manager: Operations managers have limited access and actions in the Appian RPA Console. This user type can't create or edit robotic processes, users, or resources. Instead, operations managers can execute robotic processes, monitor the execution, and view results. This role serves as operational support through routine troubleshooting.

A user's Appian system group membership determines their role in Appian RPA. See Role Mapping for more information.

Common responsibilities

The Appian RPA Console has multiple tabs where users can view or interact with robotic processes, resources, and executions. As automation grows to be an integrated part of your business, you'll need to consider who will fill the critical roles with access to Appian RPA. Use the table below to determine which role fits best for common use cases. Check out specific permissions for a deeper dive into each role's abilities.

Responsibilities Ideal role
Investigate why a robotic process execution failed Operations manager
Execute a configured robotic process Operations manager
View results of a robotic process execution Operations manager
Schedule robotic processes Operations manager
Load work items into queues Operations manager
Build robotic processes Developer
Assign permissions to robotic processes and resources Developer
Assign permissions to robotic processes, resources, and users Administrator
Enable or disable a user's access to Appian RPA Administrator
Add a new resource and install the agent Administrator
Change or add a code repository associated with the console Administrator
Enable or disable all robotic processes in the console Administrator

As you grant people access to the Appian RPA Console, security is important to consider. Administrators can add or remove permissions for multiple users at once.

Specific permissions

This table provides a high-level reference for who can see and do what on each tab. Permissions-based means that role can only see items in the tab they share permissions with. For example, a developer who navigates to the Resources tab will only see the resources that have the same permissions as them. Learn more about permissions in Appian RPA.

  Operations Manager Developer Administrator
Users Tab Visibility: None Visibility: None Visibility: Full
Available actions: View list of users and grant permissions
Robotic processes Tab Visibility: Permissions-based
Available actions: Execute robotic processes with features such as screenshot capture, step-by-step execution details, deferred execution, and enable video recording; manage credentials; monitor executions, including viewing workflows, screenshots, and exceptions; view removed robotic processes
Visibility: Permissions-based
Available actions: Same as Operations Manager, plus configure robotic processes; grant permissions; create a robotic process; launch Documenter; view, create, edit, and delete libraries and credentials; upload robotic process configurations; access support files; download Configurator
Visibility: Full
Available actions: Same actions as Developer, plus enable/disable all robotic processes; view, create, edit, and delete repositories; no permissions needed
Resources Tab Visibility: Permissions-based
Available actions: Schedule executions and reports; Use remote viewer to monitor resource usage in real time
Visibility: Permissions-based
Available actions: Edit and rename resources; grant permissions to a resource; download and install agents
Visibility: Full
Available actions: Same as Operations Manager and Developer, plus remove resources. No permissions needed.
Schedule Tab Visibility: Permissions-based
Available actions: Create, edit, and view scheduled executions; download reports
Visibility: Permissions-based
Available actions: Same as Operations Manager
Visibility: Full
Available actions: Same as Operations Manager; no permissions needed
Monitoring Tab Visibility: Permissions-based
Available actions: Create, edit, and remove actions; create and manage queues and queue items
Visibility: Permissions-based
Available actions: iew list of events; view list of queues; execute associated robotic processes; manage permissions; remove queues; and download result files.
Visibility: Full
Available actions: Same as Developer; no permissions needed
Settings Tab Visibility: None Visibility: None Visibility: Full
Available actions: Manage configuration, maintenance, and session details
Statistics Tab Visibility: Permissions-based
Available actions: Search for and view details regarding executions, work item results, and queues
Visibility: Permissions-based
Available actions: Same as Operations Manager
Visibility: Full
Available actions: Same as Operations Manager; no permissions needed

Access between Appian and Appian RPA

Your permissions within the Appian RPA Console are determined by your role in Appian Designer. If you're an Appian Administrator, you'll have administrator privileges in the Appian RPA Console. Similarly, if you're an Appian Developer, you'll have a developer role in the console.

Although there is a User tab in the Appian RPA Console, the list is read-only. You can't make any changes to user accounts within the console. Instead, you'll need to edit user accounts within the Appian Admin Console or Appian Designer.

A user account is created the first time a user accesses the Appian RPA Console. Appian shares user's account information such as username and password with Appian RPA. When you log in or out of Appian RPA, you're also logged in or out of Appian. The same applies to changing user information or deactivating users in Appian.

Role mapping with Appian

A user's Appian system group membership determines their role in Appian RPA. Administrators can change a user's role by changing group membership in Appian.

Appian system group Appian RPA role
Designer Developer (ROLE_DEVELOPER)
RPA Operations Managers Operations Manager (ROLE_USER)

Appian users whose profiles are set to System Administrator are granted administrator rights in Appian RPA.

Service accounts

To pass data and execute actions in a robotic process, you'll need to set up a service account. The service account role in Appian uses API keys to invoke Appian web APIs. The account isn't able to log into either Appian or Appian RPA, but its credentials are shared to Appian RPA and can be used in the Appian connected system to integrate your application with Appian RPA robotic processes.

The Appian RPA connected system and HTTP connected system objects use a service account to authenticate using an API key. Appian RPA calls back to Appian to lookup the username for that API key in order to authenticate the request. This connection is essential to integrating Appian with Appian RPA, so we suggest establishing the connection early on in your development process.

More on service accounts

Appian module

Appian RPA includes an Appian module that can be used in robotic processes to query info about Appian design objects and execute them. The modules communicate with Appian via internal servlets using authorization tokens that aren't exposed. The module also communicates the username of the person executing the robotic process back to Appian. When the robotic process is in design, the username sent to Appian is that of the user who's currently logged into Appian RPA. When the robotic process is executed, Appian RPA sends the username of the person who initiated the process.

The username varies based on how the robotic process was started.

  • If started in the interface, the currently logged in username is sent to Appian.
  • If started through an integration, the name of the service account is sent to Appian.
  • If started by a schedule, the name of the person who last modified the schedule is sent to Appian.
  • If started through another robotic process, the name of the person to initiate the first robotic process is sent to Appian.

Object security in Appian RPA

Appian RPA objects have a single permissions configuration rather than a security rolemap. Resources, robotic processes, and queues are secured using tags. The user can either select an existing tag or enter freeform text to create a new tag.

Tags are stored entirely on the Appian RPA side and not in Appian. This will require the designer to maintain two different security mechanisms (groups for Appian design objects and tags for RPA objects).

Learn more about securing Appian objects and robotic processes.

Open in Github

On This Page

FEEDBACK