This page describes how to manage groups in Appian. Groups are used to organize users and facilitate security within both Appian Designer and individual applications.
In addition to groups you create, Appian also provides system groups to manage user access to specific areas of the Appian platform. Learn more about user roles in the platform.
Groups you create and system groups can contain both individual users and other groups. You can assign group membership manually or dynamically based on membership rules.
Tip: Appian can generate certain groups automatically during application creation. These generated groups can be managed the same way you'd manage a group you create manually. Learn more about generated groups.
If you have a large number of groups, you can use group types to organize and associate specific attributes with your groups.
The following image shows a group and its properties in Appian Designer.
Actions on members in the grid can be taken from the toolbar, and actions on the current group can be taken from the gear menu.
Group administrators can view and modify all group properties. Other developers who can view the group can view but not modify its properties, and cannot view its visibility, membership policy, and privacy policy.
All group type properties are configured through the Properties dialog. You can access this dialog one of two ways:
The complete list of properties for a group are:
Property | Description | Can Be Edited |
---|---|---|
Name | The name that is used when referencing the group. This name can also be returned when querying the groupName property using the group() function. Follow the recommended naming standard when creating this name. |
Yes |
Description | Supplemental information about the group that is displayed in the objects grid of some Designer views. | Yes |
Parent | The group will inherit security from its parent, and all of its members are indirectly members of the parent. | Yes |
Members | The users and groups that belong to the group. Privileges that are granted to the group will translate to its members. To edit group membership, return to the Members tab on the group page. | No |
UUID | The UUID is another Appian object identifier that can be used to reference the group in expressions, and is consistent between Appian instances. | No |
ID | The local ID is the Appian object identifier that gets stored in process and external database tables, which can be used to reference the group in expressions. Note that the local ID is not consistent between Appian instances. | No |
Group Type | Group types allow you to further classify and provide additional properties about groups of that type. To edit the group type for the group, go to the group type page. | No |
Visibility | Visibility determines if a group can be seen in places such as group directory lists, searches, and members lists. The three settings are Public, Personal, and Restricted. | Yes |
Membership | The membership policy determines how users may be added to groups. | Yes for group admins |
Privacy Policy | The privacy policy determines who can see the group's members. | Yes |
Attributes | The group's specific values for any additional properties defined on its group type. To edit attributes, go to the group type properties. | No |
Attributes are custom fields that provide additional information about groups of a particular group type. The attribute's name and data type are defined on the group type, and the attribute's value is defined for each group of that group type.
For example, the Appian Department is a group type that has an attribute named "Director" which is a user data type. The Technology group belongs to the Appian Department group type, and therefore has a Director field to populate specifically for Technology.
If the attribute is a user or group data type, then a value is not required. For other data types, the value is required and pre-populated with a default value that is defined on the group type.
See also: Configure Group Type Attributes
Group administrators can add and remove a group's members.
To add members to a group:
To remove members from a group:
Another way of adding members to a group is by configuring membership rules. Group administrators can view and modify its membership rules, as well as view the number of membership rules directly in the tab name.
To view or modify group membership rules:
Configure each rule condition by selecting a field, operator, and search criteria. The search criteria accepts wildcards (?
and *
).
For example, if you want to add users with the last name Lee, select Last Name as the field, is as the operator, and "Lee" as the search criteria.
Note: Only the first condition for a particular field will be considered when the rule is evaluated. For example, if you have the following two conditions in a rule, username contains "a" and username contains "b", only usernames with an "a" (but not those with a "b") will be added to the group. Use a custom field from the user profile to support more complex membership rule logic.
To view the added members, return to the Members tab to view the updated group members.
To delete a rule, select it and click DELETE in the toolbar.
Group administrators can create a new group by clicking on NEW GROUP in the toolbar on the Members tab. The new group's parent is pre-populated with the current group.
Tip: Groups always inherit security from their parent group if they have one. See Parent property above.
The security role map of a group controls which developers can see or modify it and its properties. By default, only the group creator and system administrators have access to the group. See Editing Object Security to modify a group's security.
The only permission level that can be used in a group's role map is Administrator.
Group administrators can do the following:
Group administrators can delete a single group. System administrators can select multiple groups to delete.
To delete a group:
Group Management