Your Appian environment automatically includes a set of system groups, which you can use to administer access to various components in the environment.
As a best practice, don't use system groups to secure individual applications or design objects in applications. Instead, we recommend using default security groups.
Although created automatically, generated groups are not part of system groups. Instead, they are Custom type groups that you can manage in the same way you'd manage groups you create manually. Learn more about generated groups.
System groups can be modified by the Administrator user account, System Administrator users, or the Group Administrator(s) with the following restrictions:
The following system groups have been deprecated and may be removed from Appian in a future release:
Membership in this system group corresponds to the Application User Role.
Membership in this system group corresponds to the Tempo User Role.
Membership in this system group corresponds to the Designer User Role.
Users in the Design Library Editors group can include or exclude interfaces from the design library.
Users added to the Design Library Editors group are automatically added to the designer role, which gives them access to design all aspects of an application.
This system group contains all of the database user access roles. Within this group, you can assign users to the following groups:
Membership in this group corresponds to the Service Account Role.
You can create a group membership rule that automatically grants all basic users the right to create process models, if you prefer.
System Administrator users do not need to be members of this group to create process models.
See also: Add Users to Groups
The Process Model Creators group is configured with the following security settings:
Users added to the Process Model Creators group are automatically added to the designer role, which gives them access to design all aspects of an application.
Membership in this system group corresponds to the Quick App Creator Role.
For users to be able to see and select a group as a participant on a News post or recipient of a message, the group must be added to the Tempo Message Audience Groups system group by a system administrator.
Only groups are recognized as members of this system group. Individual users are ignored and will have no impact. Once membership is updated and saved, the changes are reflected to users when they log back into the system.
Only Public and Restricted groups can be added to the Tempo Message Audience Groups system group. Each group added becomes available for its members to select and send messages to it on the News Feed. Whether or not non-members can select the enabled groups or see messages sent to these groups depends on the security settings for the group and message.
[Group Name Not Available]for non-members. If the message is locked, only members of the group and the message author can search for and see it in their News feed and the group name displays correctly.
Any users or groups added to these system groups also gain the same functionality within Appian Mobile applications.
The Tempo Message Audience Groups system group is configured with the following security settings:
The Health Check Viewers group allows you to automatically share Health Check reports. Members of the group will be notified via email each time a report becomes available, and will be able to download the report from a secured News post. By default, all system administrators are added as members of the Health Check Viewers group via an editable membership rule.
Health Check must be set up in the Admin Console, and automatic upload must be enabled in order for these viewers to see the Health Check report.
You can access the Health Check Viewers group from the link on the Health Check Settings page or by searching for the group in the Objects view. You can add both individual users and groups as members (see Group Management).
The Health Check Viewers group is configured with the following security settings:
Members of this group will be able to use the OAuth 2.0: SAML Bearer Assertion Flow with HTTP connected systems.