This page applies to developers, data governors, data stewards, and system administrators. It describes how each role configures a different layer of security to secure data in process insights.
In Process HQ, different users work together to add processes for analysis, investigate the outcome of the analysis, and share insights to collaborate with other users. You'll need to assign user roles accordingly to make sure everyone can access what they need to work in process insights while keeping your business data secure.
To configure user access and security for process insights:
Users need permissions to access Process HQ as a separate workspace. All users are assigned these permissions by default, but developers can limit access as needed.
Once your business data has been prepared for analysis, data stewards add business processes to the Process Insights page. They specify which case and event record data should be analyzed and add custom attributes. Then, data stewards configure the process security to share the process with analysts and other stakeholders.
To add processes, data stewards need access to the record data to be analyzed. Data stewards can be assigned by either developers or by data governors. Data governors are trusted users who grant data stewards access to synced record types in Process HQ. They can also monitor who has data steward access to all the synced record types in your environment. You should choose at least one data governor to monitor security in process insights and ensure data stewards have access to the record types they need.
After data stewards add processes, analysts explore and investigate the analyzed process data. Analysts apply their knowledge of your business context to the analyzed data to identify the cause of inefficiencies in your business processes. They can collaborate with other analysts to make actionable conclusions to improve your organization's workflows.
Viewers have the most limited access to process insights. They can collaborate with analysts by viewing and commenting on investigations, but cannot add or modify processes or the underlying data included in processes.
To access the Process HQ workspace, users need to be members of the Process HQ Users system group.
All users are members of Process HQ Users by default. Developers can manage this system group to grant or revoke access to the workspace.
Users in the Process HQ Users system group can access the Process HQ workspace, but will need the additional permissions described in this page to work in process insights. Make sure to configure the appropriate user access based on the tasks they need to perform.
Data governors can access the Data Governance page, which allows them to see all synced record types in the environment and assign data steward access for record types in production.
Data governors should be users you trust to:
A system administrator should assign at least one data governor by adding them to the Data Governors system group. The Process HQ Users system group inherits members from the Data Governors system group, so data governors will automatically have access to the Process HQ workspace.
Data stewards are responsible for adding and managing processes in Process HQ. Data stewards should be users you trust to view the record data that makes up a process and hide sensitive data from other users.
To add a process, data stewards need access to the case record type, the event history record type, and any record types that contain information relevant to the case or its events.
Data stewards can only access record data in Process HQ if they're explicitly assigned data steward access to those record types. For example, a user might have Editor permissions for a record type in Appian Designer and have access to the Process HQ workspace, but they won't be able to access record data in process insights if they do not have data steward access to the record type.
Note: Data stewards need to be able to accurately select fields for analysis, hide sensitive data, and create custom attributes when adding processes. As a result, data stewards can see all rows of data for record types they have access to in process insights, even if you configured record-level security for those record types.
There are several ways to grant data stewards access to record types:
Method |
# Record Types |
Action |
|---|---|---|
| Assign users or groups on the record type object | Single | Edit the record type object security. |
| Multiple | Edit record type security in bulk using the Security Summary. | |
| Assign users with Data Governance | Single | Add a user on a single record type. |
| Multiple | Add a user on multiple records types using a bulk action. |
You will likely want to use a combination of these methods to assign data stewards.
For example, if a developer is creating a new case record type, they can conveniently assign users Data Steward permissions while configuring the record type object security. As time goes on, data governors can assign additional users as data stewards to these record types so they don't have to wait for future deployment cycles.
You can use any combination of these methods to manage data steward access without accidentally overwriting permissions. For example, a data governor cannot use Data Governance to remove a data steward who was assigned via the record type object.
When a data steward adds a process, they need to give users permission to access the process.
Data stewards can assign users two types of permissions:
Viewer permissions allow users to see and comment on investigations, insights, and KPIs based on the process.
These permissions should be assigned to any users who don't need to edit anything, but want to review findings, collaborate, and view the executive dashboard.
Analyst permissions allow users to start investigations, save insights, and add KPIs based on the process.
These permissions should be assigned to users who need access to the process to investigate process data.
Note: In order to properly investigate processes, users with Analyst permissions to a process have access to all of its process data, even if you configured record-level security for those record types. Data stewards should hide any sensitive data as needed before granting access to processes.
Data governors can use the Data Governance page to continuously monitor data steward access for record types in production.
Data stewards can also use this page to review the record types they have access to and see which processes use each of those record types.
Configure Security for Process Insights
