Free cookie consent management tool by TermsFeed

System Groups

Overview

Your Appian environment automatically includes a set of system groups, which you can use to administer access to various components in the environment.

As a best practice, don't use system groups to secure individual applications or design objects in applications. Instead, we recommend using default security groups.

Note:  Although created automatically, generated groups are not part of system groups. Instead, they are Custom type groups that you can manage in the same way you'd manage groups you create manually. Learn more about generated groups.

System groups can be modified by the Administrator user account, System Administrator users, or the Group Administrator(s) with the following restrictions:

  • System groups cannot be deleted through an interface.
  • System group names cannot be changed from an interface.
  • System groups have the same UUID in all Appian environments.

Tip:  The following system groups have been deprecated and may be removed from Appian in a future release:

Application Users

Membership in this system group corresponds to the Application User Role.

Tempo Users

Membership in this system group corresponds to the Tempo User Role.

Designers

Membership in this system group corresponds to the Designer User Role.

Service Accounts

Membership in this group corresponds to the Service Account Role.

Process Model Creators

Basic users must be a member of the Process Model Creators group in order to create new process models, or configure the Query Database or Call Web Service smart services.

You can create a group membership rule that automatically grants all basic users the right to create process models, if you prefer.

System Administrator users do not need to be members of this group to create process models.

See also: Add Users to Groups

The Process Model Creators group is configured with the following security settings:

  • Restricted visibility
    • Only members and administrators can view the group.
  • Closed membership policy
    • Group administrators must select members.
  • Low privacy
    • Members of the group can view each other.

Note:  Users added to the Process Model Creators group are automatically added to the designer role, which gives them access to design all aspects of an application.

Quick App Creators

Membership in this system group corresponds to the Quick App Creator Role.

Tempo Message Audience Groups

Tempo Message Audience Groups is a system group to which other groups can be added. You can then add users to the member groups to define participants on News posts or recipients of News messages.

Note:  For users to be able to see and select a group as a participant on a News post or recipient of a message, the group must be added to the Tempo Message Audience Groups system group by a system administrator.

Add groups as members

Only groups are recognized as members of this system group. Individual users are ignored and will have no impact. Once membership is updated and saved, the changes are reflected to users when they log back into the system.

Only Public and Restricted groups can be added to the Tempo Message Audience Groups system group. Each group added becomes available for its members to select and send messages to it on the News Feed. Whether or not non-members can select the enabled groups or see messages sent to these groups depends on the security settings for the group and message.

  • Public Groups: If the group is Public, all users can see and send messages to the group. If the message is open, all users can search for and see it in their News feed. If the message is locked, only members of the group and the message author can search for and see it in their News feed.
  • Restricted Groups: If the group is Restricted, only members and administrators are able to see and send messages to the group. If the message is open, all users can search for and see it in their News feed, but the group name displays as [Group Name Not Available] for non-members. If the message is locked, only members of the group and the message author can search for and see it in their News feed and the group name displays correctly.

Note:  Any users or groups added to these system groups also gain the same functionality within Appian Mobile applications.

Security settings

The Tempo Message Audience Groups system group is configured with the following security settings:

  • Personal security: It can only be viewed by administrators.
  • Closed membership policy: Group administrators must select members.
  • High privacy: Only administrators can view group members.

Health Check Viewers

The Health Check Viewers group allows you to automatically share Health Check reports. Members of the group will be notified via email each time a report becomes available, and will be able to download the report from a secured News post. By default, all system administrators are added as members of the Health Check Viewers group via an editable membership rule.

Health Check must be set up in the Admin Console, and automatic upload must be enabled in order for these viewers to see the Health Check report.

You can access the Health Check Viewers group from the link on the Health Check Settings page or by searching for the group in the Objects view. You can add both individual users and groups as members (see Group Management).

The Health Check Viewers group is configured with the following security settings:

  • Restricted visibility: Only members and administrators can view the group.
  • Closed membership policy: Group administrators must select members.
  • Low privacy: Members of the group can view each other.

OAuth 2.0 SAML Bearer Assertion Users

Members of this group will be able to use the OAuth 2.0: SAML Bearer Assertion Flow with HTTP connected systems.

Feedback