This page explains how different security configurations impact an end user's ability to view and interact with your record data.
When it comes to securing your enterprise data, Appian provides a layered approach to security so you can ensure that your data is only available to the right users. This means that each element of your record type needs to be secured: the record type, the records themselves, and the individual record views and actions.
Each layer of security will impact the next. Whether a user has access to the record type will determine if they can see any records, and whether a user can see a record determines if they can see the individual record views and actions.
For example, let’s say you have a Case record type containing all submitted support cases. Support engineers need to be able to view and update their assigned cases, and create new cases.
To allow support engineers to accomplish their tasks, they would need the following security configurations:
|Record type object||Viewer permission.|
|Records||Record-level security that allows support engineers to see cases they're assigned to.|
|Record views||The Visibility expression on the record view must evaluate to true.|
|Record actions||The Visibility expression on the record action must evaluate to true. The user also needs Initiator permission on the process model used in the record action.|
Let’s break down how each of these security configurations work together.
When you create a new record type, you’ll be prompted to configure the record type object’s security. Like any other object, a record type's security is made up of groups and role maps to determine who can see and modify the record type and its properties.
If you want users to be able to see the records in the record list and their record views, users must have at least Viewer permission on the record type.
See Record Type Object Security to see which actions can be performed by each permission level in a record type’s security role map.
By default, any user with Viewer permission on the record type can see all records in the record type. To limit who can see which records, you can apply record-level security.
Record-level security is applied on top of your object security, so users need to have access to the record type and be included in at least one security rule (or in the security expression) to see a record.
For example, if a user has Viewer permission to the record type, but is not included in any of the security rules configured on the record type, then they cannot see any records. Alternatively, if a user belongs to multiple security rules, then they can see the total set of records defined by those rules.
Learn how to add security rules on the record type.
Once a user has Viewer permission on the record type and they can access the records themselves, then you can determine which record views they can see.
If a user does not have access to a record because of record type object security or record-level security, then the user cannot access any record views, even if given a direct URL.
By default, any user with access to a record can see the Summary view and any default record views (News and Related Actions). The Summary view has a read-only Visibility expression set to true, so it cannot be hidden from select users. Developers can choose to hide the default views to prevent any user from viewing the News or Related Actions views–there are no Visibility expressions available for default views.
For each additional record view, you can configure a Visibility expression to show or hide the view from certain users based on the conditions you specify. If the Visibility expression evaluates to true for a given user, then they can see the record view.
For example, in a Case record type, you may only want account managers to see the Customer Satisfaction record view. To limit who can see this record view, you could add the following Visibility expression:
1 2 3 4 a!isUserMemberOfGroup( username: loggedInUser(), groups: cons!ACCOUNT_MANAGER_GROUP )
Now, any user who has access to a Case record will only see the Customer Satisfaction record view if they also belong to the Account Manager group. Otherwise, they will only see the Summary view and any default views.
Learn how to add a record view and configure a Visibility expression.
For your record action security, users must have permission to view and start a record action.
This means that a user must have:
For example, let's say you have a support engineer that has access to a case record and the Visibility expression evaluates to true; however, this user does not have access to the process model.
In this case, the support engineer could not see or start the record action from the Record Action view, on any record views, or in any interfaces (when used with the Record Action component).
Learn how to configure a record action and configure a Visibility expression.
Security in Appian Records