|This content applies solely to Appian Portals, which may require an additional license purchase.|
Service accounts are the main way that you manage end user security for your portal. A service account is an Appian user account and uses an API key or Appian account credentials to allow your end users to do the following actions in your portal:
To allow your end users access to these actions in your portal, add your service account to end user groups that have permissions to the data stores, record types, and document folders that are used in your portal. See Set up service account permissions for more information.
You can use multiple service accounts in your portal. For example, you could have a service account associated with an API key that only has access to your web API, and another service account linked to your portal from the Portal Publishing Manager for handling document permissions.
You can only link one service account to your portal in the Portal Publishing Manager. If you're using both documents and external databases, use the same service account for both. If you have service accounts that are only used with web APIs to write or query data from Appian or other non-public external databases, you don't need to add them in Portal Publishing Manager.
If you don't already have a service account in your environment, you can convert an existing user account to a service account by placing it in the Service Accounts system group.
If you're already using a web API in your application, you can use the same service account that you set up with your API key as the service account for your portal.
Using service accounts makes it extremely hard to unintentionally expose data or documents in a portal, which means that your data and documents stay secure.
While sharing your data and documents in portals isn't a security vulnerability, we do recommend that you only grant the service accounts' access to the data and documents that are needed for the portal. Developers should be intentional about what information is made public.
Service Accounts in Portals