Your Appian environment automatically includes a set of system groups, which you can use to administer access to various components in the environment.
As a best practice, don't use system groups to secure individual applications or design objects in applications. Instead, we recommend using default security groups.
Note: Although created automatically, generated groups are not part of system groups. Instead, they are Custom type groups that you can manage in the same way you'd manage groups you create manually. Learn more about generated groups.
System groups can be modified by the Administrator user account, System Administrator users, or the Group Administrator(s) with the following restrictions:
Tip: The following system groups have been deprecated and may be removed from Appian in a future release:
Users in the Application Users group correspond to the Application User Role.
Users in the Data Fabric Report Creators group can build custom reports and dashboards using data fabric insights. These users can share their own reports and dashboards, and view reports and dashboards shared with them, so long as they have Viewer permissions to the record types used in the reports.
The Process HQ Users system group inherits members from the Data Fabric Report Creators system group, so report creators will automatically have access to the Process HQ workspace.
Users in the Data Governors system group correspond to the Data Governor Role.
The Database Users group contains all of the database user access roles.
Within this group, you can assign users to the following groups:
Users in the Designers group correspond to the Designer User Role.
Users in the Design Library Editors group can include or exclude interfaces from the design library.
Note: Users added to the Design Library Editors group are automatically added to the designer role, which gives them access to design all aspects of an application.
Users in the Enterprise Copilot Administrators group can access Enterprise Copilot. These users can also:
Members of this group will be granted full access to the Enterprise Copilot site, including adding or editing user permissions.
Users in the Health Check Viewers group can automatically share Health Check reports. Members of the group will be notified via email each time a report becomes available, and will be able to download the report from a secured News post. By default, all system administrators are added as members of the Health Check Viewers group via an editable membership rule.
Health Check must be set up in the Admin Console, and automatic upload must be enabled in order for these viewers to see the Health Check report.
You can access the Health Check Viewers group from the link on the Health Check Settings page or by searching for the group in the Objects view. You can add both individual users and groups as members (see Group Management).
The Health Check Viewers group is configured with the following security settings:
Users in the OAuth 2.0 SAML Bearer Assertion Users group will be able to use the OAuth 2.0: SAML Bearer Assertion Flow with HTTP connected systems.
Users in the OpenID Connect Integration Users group will be able to use OpenID Connect with HTTP connected systems.
Users in the Process HQ Users system group correspond to the Process HQ User Role.
Basic users must be a member of the Process Model Creators group in order to create new process models, or configure the Query Database or Call Web Service smart services.
You can create a group membership rule that automatically grants all basic users the right to create process models, if you prefer.
System Administrator users do not need to be members of this group to create process models.
See also: Add Users to Groups
The Process Model Creators group is configured with the following security settings:
Note: Users added to the Process Model Creators group are automatically added to the designer role, which gives them access to design all aspects of an application.
Users in the Quick App Creators group correspond to the Quick App Creator Role.
Members of this group can access the RPA Operations Console for operational activities, such as managing credentials, queues, robots, and executing robotic tasks.
Users in the Service Accounts group correspond to the Service Account Role.
Users in the Studio Editors group can access the Studio site in Case Management Studio and create and manage configurations related to case types and categories.
Tempo Message Audience Groups is a system group to which other groups can be added. You can then add users to the member groups to define participants on News posts or recipients of News messages.
Note: For users to be able to see and select a group as a participant on a News post or recipient of a message, the group must be added to the Tempo Message Audience Groups system group by a system administrator.
Only groups are recognized as members of this system group. Individual users are ignored and will have no impact. Once membership is updated and saved, the changes are reflected to users when they log back into the system.
Only Public and Restricted groups can be added to the Tempo Message Audience Groups system group. Each group added becomes available for its members to select and send messages to it on the News Feed. Whether or not non-members can select the enabled groups or see messages sent to these groups depends on the security settings for the group and message.
[Group Name Not Available]
for non-members. If the message is locked, only members of the group and the message author can search for and see it in their News feed and the group name displays correctly.Note: Any users or groups added to these system groups also gain the same functionality within Appian Mobile applications.
The Tempo Message Audience Groups system group is configured with the following security settings:
Users in the Tempo Users group correspond to the Tempo User Role.
System Groups