Free cookie consent management tool by TermsFeed

Record Type Object Security

This page describes the different security options for the record type. For more information on object security, see Object Security.

Tip:  If you're new to configuring security on your record type, see Overview of Security to learn how the different security configurations impact a user's ability to see your enterprise data.

The security role map of a record type controls which users can see or modify it and its properties. By default, only the record type creator and system administrators have access to the record type. See Editing Object Security to modify a record type's security.

The following table outlines the actions that can be performed by each permission level in a record type's security role map:

Actions Administrator Editor Viewer Data Steward
View the record type in Sites, Tempo, and self-service analytics* Yes Yes Yes No
View the record type definition Yes Yes Yes No
View the object security Yes Yes Yes No
Update record-level security Yes Yes No No
Update the record type definition Yes Yes No No
Update the object security Yes No No No
Delete the record type Yes No No No
Use this record type in a process in Process HQ No No No Yes

* Additional workspace settings are required.

When you add a relationship to your record type, Appian will automatically enforce the object security configured on the related record type whenever you reference the related record data. If you do not have sufficient permissions on the related record type, you cannot reference the related record fields, and any references to the related record fields will appear as null.

Preventing users from being able to view a record type does not secure the record type's underlying data source. Users may still be able to view the underlying data in other areas of Appian. See source security to learn how to secure your records.

Source security

Individual record security is based on the object security of the underlying data source and the record-level security defined in the record type.

Users must have at least Viewer permissions to the record type's source to view a record in the record list or to view its record views. However, the security of the record's source is configured differently for the different source types.

Tip:  Record-level security is only available on record types with data sync enabled. If your record type does not have data sync enabled, consider adding default filters to determine who can see which records.

Database source type

If your record type has data sync enabled, you can connect directly to a database table, so no additional source security is necessary.

If your record type does not have data sync enabled, you'll need permission to the data store entity used to configure the record type. See data store security for more information.

Process model source type

For record types with a process model as the data source, see Configuring Process Security.

Web service source type

For record types with a web service as the data source, both the list view and record view source expressions execute in the context of the user viewing the record list. Even if these source expressions are defined using expression rules, the security role map applied to those rules does not prevent any users from executing the rule by viewing the record list.

Access to the underlying data must be controlled by the developer of the expression rule in its definition in conjunction with the access control mechanisms available from the provider of the data. For example, if the expression rule retrieves data from an external data provider that requires credentials for authentication and authorization, the expression rule developer must build the retrieval and presentation of those credentials into the definition of the expression rule.

For more information, see Expression Rule Security.

Feedback