This page applies to developers, data governors, data stewards, and system administrators. It describes how each role configures a different layer of security to secure data in process insights.
In Process HQ, different users work together to add processes for analysis, investigate the outcome of the analysis, and share insights to collaborate with other users. You'll need to assign user roles accordingly to make sure everyone can access what they need to work in process insights while keeping your business data secure.
To configure user access and security for process insights:
Users need permissions to access Process HQ as a separate workspace. All users are assigned these permissions by default, but developers can limit access as needed.
Once your business data has been prepared for analysis, data stewards add business processes to the Process Insights page. They specify which case and event record data should be analyzed, filter process data, and add custom attributes. Then, data stewards configure the process security to share the process with analysts and other stakeholders.
To add processes, data stewards need access to the record data to be analyzed. Data stewards can be assigned by either developers or by data governors. Data governors are trusted users who grant data stewards access to synced record types in Process HQ. They can also monitor who has data steward access to all the synced record types in your environment. You should choose at least one data governor to monitor security in process insights and ensure data stewards have access to the record types they need.
After data stewards add processes, analysts explore and investigate the analyzed process data. Analysts apply their knowledge of your business context to the analyzed data to identify the cause of inefficiencies in your business processes. They can collaborate with other analysts to make actionable conclusions to improve your organization's workflows.
Viewers have the most limited access to process insights. They can collaborate with analysts by viewing and commenting on investigations, but cannot add or modify processes or the underlying data included in processes.
To access the Process HQ workspace, users need to be members of the Process HQ Users system group.
All users are members of Process HQ Users by default. System administrators can manage members of this group to grant or revoke access to the workspace.
Users in the Process HQ Users system group can access the Process HQ workspace, but will need the additional permissions described in this page to work in process insights. Make sure to configure the appropriate user access based on the tasks they need to perform.
Data governors can access the Data Governance page, which allows them to see all synced record types in the environment and assign data steward access for record types in production.
Data governors should be users you trust to:
System administrators should assign at least one data governor by adding them to the Data Governors system group.
The Process HQ Users system group inherits members from the Data Governors system group, so data governors will automatically have access to the Process HQ workspace.
Data stewards are responsible for adding and managing processes in Process HQ using data from synced record types.
These should be users you trust to select fields for analysis, hide sensitive data, and create custom attributes when adding processes. To ensure they have a complete version of process data, data stewards can see all rows of data for record types, even if you configured record-level security for those record types.
To add processes, data stewards need access to the following record types:
There are two ways to assign users data steward access to a record type:
Who |
Where |
How |
---|---|---|
Developers |
Record type in Appian Designer |
You can also assign data steward permissions on multiple records types using the security summary. All other permission levels are not applied in process insights. |
Data Governors |
Data Governance in Process HQ |
|
You will likely want to use a combination of these methods to assign data stewards.
For example, if a developer is creating a new case record type, they can conveniently assign users Data Steward permissions while configuring the record type object security. As time goes on, data governors can assign additional users as data stewards to these record types so they don't have to wait for future deployment cycles.
You can use any combination of these methods to manage data steward access without accidentally overwriting permissions. For example, a data governor cannot use Data Governance to remove a data steward who was assigned via the record type object.
When a data steward adds a process, they need to give users permission to access the process.
Data stewards can assign users two types of permissions:
Note: In order to properly investigate processes, users with Analyst permissions to a process have access to all of its process data, even if you configured record-level security for those record types. Data stewards should hide any sensitive data as needed before granting access to processes.
Data governors can use the Data Governance page to continuously monitor data steward access for record types in production.
Data stewards can also use this page to review the record types they have access to and see which processes use each of those record types.
Configure Security for Process Insights