Only administrators have access to this tab
Many different roles support the development and management of robotic processes in Appian RPA. The Users tab in the Appian RPA Console is where you can view user information and manage permissions. Some user properties, such as passwords, are still managed within Appian. Administrators responsible for controlling access and privileges should understand how roles impact an individual's access to features and actions within the Appian RPA Console.
This page describes the information and actions available within the Users tab of Appian RPA, the roles available in Appian RPA and their capabilities, and how authentication works between Appian and Appian RPA.
Here you can find a complete listing of all users and the following information:
See Security for more information on permissions and how to assign tags to resources and robotic processes.
To manage credentials for robotic processes, see Credentials. With permissions, you can define login credentials for different systems to be reused by all the robotic processes that may require access to those systems.
Appian RPA contains three pre-determined roles. A user's role determines what they can see and do in the Appian RPA Console. Operations managers have the least amount of access, while administrators have full access to pages and actions throughout the console.
The roles include:
A user's Appian system group membership determines their role in Appian RPA. See Role Mapping for more information.
The Appian RPA Console has multiple tabs where users can view or interact with robotic processes, resources, and executions. As automation grows to be an integrated part of your business, you'll need to consider who will fill the critical roles with access to Appian RPA. Use the table below to determine which role fits best for common use cases. Check out specific permissions for a deeper dive into each role's abilities.
| Responsibilities | Ideal role |
|---|---|
| Investigate why a robotic process execution failed | Operations manager |
| Execute a configured robotic process | Operations manager |
| View results of a robotic process execution | Operations manager |
| Schedule robotic processes | Operations manager |
| Load work items into queues | Operations manager |
| Build robotic processes | Developer |
| Assign permissions to robotic processes and resources | Developer |
| Assign permissions to robotic processes, resources, and users | Administrator |
| Enable or disable a user's access to Appian RPA | Administrator |
| Add a new resource and install the agent | Administrator |
| Change or add a code repository associated with the console | Administrator |
| Enable or disable all robotic processes in the console | Administrator |
As you grant people access to the Appian RPA Console, security is important to consider. Administrators can add or remove permissions for multiple users at once.
This table provides a high-level reference for who can see and do what on each tab. Permissions-based means that role can only see items in the tab they share permissions with. For example, a developer who navigates to the Resources tab will only see the resources that have the same permissions as them. Learn more about permissions in Appian RPA.
| Operations Manager | Developer | Administrator | |
|---|---|---|---|
| Users Tab | Visibility: None | Visibility: None | Visibility: Full Available actions: View list of users and grant permissions |
| Robotic processes Tab | Visibility: Permissions-based Available actions: Execute robotic processes with features such as screenshot capture, step-by-step execution details, deferred execution, and enable video recording; manage credentials; monitor executions, including viewing workflows, screenshots, and exceptions; view removed robotic processes |
Visibility: Permissions-based Available actions: Same as Operations Manager, plus configure robotic processes; grant permissions; create a robotic process; launch Documenter; view, create, edit, and delete libraries and credentials; upload robotic process configurations; access support files; download Configurator |
Visibility: Full Available actions: Same actions as Developer, plus enable/disable all robotic processes; view, create, edit, and delete repositories; no permissions needed |
| Resources Tab | Visibility: Permissions-based Available actions: Schedule executions and reports; Use remote viewer to monitor resource usage in real time |
Visibility: Permissions-based Available actions: Edit and rename resources; grant permissions to a resource; download and install agents |
Visibility: Full Available actions: Same as Operations Manager and Developer, plus remove resources. No permissions needed. |
| Schedule Tab | Visibility: Permissions-based Available actions: Create, edit, and view scheduled executions; download reports |
Visibility: Permissions-based Available actions: Same as Operations Manager |
Visibility: Full Available actions: Same as Operations Manager; no permissions needed |
| Monitoring Tab | Visibility: Permissions-based Available actions: Create, edit, and remove actions; create and manage queues and queue items |
Visibility: Permissions-based Available actions: View list of events; view list of queues; execute associated robotic processes; manage permissions; remove queues; and download result files. |
Visibility: Full Available actions: Same as Developer; no permissions needed |
| Settings Tab | Visibility: None | Visibility: None | Visibility: Full Available actions: Manage configuration, maintenance, and session details |
| Statistics Tab | Visibility: Permissions-based Available actions: Search for and view details regarding executions, work item results, and queues |
Visibility: Permissions-based Available actions: Same as Operations Manager |
Visibility: Full Available actions: Same as Operations Manager; no permissions needed |
Your permissions within the Appian RPA Console are determined by your role in Appian Designer. If you're an Appian Administrator, you'll have administrator privileges in the Appian RPA Console. Similarly, if you're an Appian Developer, you'll have a developer role in the console.
Although there is a User tab in the Appian RPA Console, the list is read-only. You can't make any changes to user accounts within the console. Instead, you'll need to edit user accounts within the Appian Admin Console or Appian Designer.
A user account is created the first time a user accesses the Appian RPA Console. Appian shares user's account information such as username and password with Appian RPA. When you log in or out of Appian RPA, you're also logged in or out of Appian. The same applies to changing user information or deactivating users in Appian.
A user's Appian system group membership determines their role in Appian RPA. Administrators can change a user's role by changing group membership in Appian.
| Appian system group | Appian RPA role |
|---|---|
| Designer | Developer (ROLE_DEVELOPER) |
| RPA Operations Managers | Operations Manager (ROLE_USER) |
Appian users whose profiles are set to System Administrator are granted administrator rights in Appian RPA.
To pass data and execute actions in a robotic process, you'll need to set up a service account. The service account role in Appian uses API keys to invoke Appian web APIs. The account isn't able to log into either Appian or Appian RPA, but its credentials are shared to Appian RPA and can be used in the Appian connected system to integrate your application with Appian RPA robotic processes.
The Appian RPA connected system and HTTP connected system objects use a service account to authenticate using an API key. Appian RPA calls back to Appian to lookup the username for that API key in order to authenticate the request. This connection is essential to integrating Appian with Appian RPA, so we suggest establishing the connection early on in your development process.
Appian RPA includes an Appian module that can be used in robotic processes to query info about Appian design objects and execute them. The modules communicate with Appian via internal servlets using authorization tokens that aren't exposed. The module also communicates the username of the person executing the robotic process back to Appian. When the robotic process is in design, the username sent to Appian is that of the user who's currently logged into Appian RPA. When the robotic process is executed, Appian RPA sends the username of the person who initiated the process.
The username varies based on how the robotic process was started.
Appian RPA objects have a single permissions configuration rather than a security rolemap. Resources, robotic processes, and queues are secured using tags.
Tags are stored entirely on the Appian RPA side and not in Appian. As a result, you must maintain two different security mechanisms: groups for Appian design objects and tags for RPA objects.
Learn more about securing Appian objects and robotic processes.
