Configure Security for Process Insights Share Share via LinkedIn Reddit Email Copy Link Print On This Page This page applies to developers, data governors, data stewards, and system administrators. It describes how each role configures a different layer of security to secure data in process insights. Overview In Process HQ, different users work together to add processes for analysis, investigate the outcome of the analysis, and share insights to collaborate with other users. You'll need to assign user roles accordingly to make sure everyone can access what they need to work in process insights while keeping your business data secure. To configure user access and security for process insights: Grant access to Process HQ. Assign data governors. Assign data stewards to record types. Grant access to processes. Monitor access with Data Governance. About user roles in process insights Users need permissions to access Process HQ as a separate workspace. All users are assigned these permissions by default, but developers can limit access as needed. Once your business data has been prepared for analysis, data stewards add business processes to the Process Insights page. They specify which case and event record data should be analyzed, filter process data, and add custom attributes. Then, data stewards configure the process security to share the process with analysts and other stakeholders. To add processes, data stewards need access to the record data to be analyzed. Data stewards can be assigned by either developers or by data governors. Data governors are trusted users who grant data stewards access to synced record types in Process HQ. They can also monitor who has data steward access to all the synced record types in your environment. You should choose at least one data governor to monitor security in process insights and ensure data stewards have access to the record types they need. After data stewards add processes, analysts explore and investigate the analyzed process data. Analysts apply their knowledge of your business context to the analyzed data to identify the cause of inefficiencies in your business processes. They can collaborate with other analysts to make actionable conclusions to improve your organization's workflows. Viewers have the most limited access to process insights. They can collaborate with analysts by viewing and commenting on investigations, but cannot add or modify processes or the underlying data included in processes. Grant access to Process HQ To access the Process HQ workspace, users need to be members of the Process HQ Users system group. All users are members of Process HQ Users by default. System administrators can manage members of this group to grant or revoke access to the workspace. Users in the Process HQ Users system group can access the Process HQ workspace, but will need the additional permissions described in this page to work in process insights. Make sure to configure the appropriate user access based on the tasks they need to perform. Assign data governors Data governors can access the Data Governance page, which allows them to see all synced record types in the environment and assign data steward access for record types in production. Data governors should be users you trust to: Manage access to record types in Process HQ. See group membership for data stewards. System administrators should assign at least one data governor by adding them to the Data Governors system group. The Process HQ Users system group inherits members from the Data Governors system group, so data governors will automatically have access to the Process HQ workspace. Assign data stewards to record types Data stewards are responsible for adding and managing processes in Process HQ using data from synced record types. These should be users you trust to select fields for analysis, hide sensitive data, and create custom attributes when adding processes. To ensure they have a complete version of process data, data stewards can see all rows of data for record types, even if you configured record-level security for those record types. To add processes, data stewards need access to the following record types: The case record type, which stores details about specific instances of a business process. The event history record type, which stores the details of your events. Any record types that contain information relevant to the case or its events. There are two ways to assign users data steward access to a record type: Who Where How Developers Record type in Appian Designer In the record type, go to > Security. Click Add Users or Groups. Enter the name of the group or user you want to assign as a data steward. For User or Group, enter the name of the group or user you want to assign as a data steward. For Permission Level, select Data Steward. Click SAVE CHANGES. You can also assign data steward permissions on multiple records types using the security summary. All other permission levels are not applied in process insights. Data Governors Data Governance in Process HQ In Process HQ, go to Data Governance. Select the checkbox next to one or more record types. Click MANAGE DATA STEWARDS. You will likely want to use a combination of these methods to assign data stewards. For example, if a developer is creating a new case record type, they can conveniently assign users Data Steward permissions while configuring the record type object security. As time goes on, data governors can assign additional users as data stewards to these record types so they don't have to wait for future deployment cycles. You can use any combination of these methods to manage data steward access without accidentally overwriting permissions. For example, a data governor cannot use Data Governance to remove a data steward who was assigned via the record type object. Grant access to processes When a data steward adds a process, they need to give users permission to access the process. Data stewards can assign users two types of permissions: Process Analyst Process Viewer Add, edit, or delete a process view Add, edit, or delete a KPI View a process view Start an investigation Save an insight View a saved insight Comment on a saved insight Configure the executive dashboard View the executive dashboard Note: In order to properly investigate processes, users with Analyst permissions to a process have access to all of its process data, even if you configured record-level security for those record types. Data stewards should hide any sensitive data as needed before granting access to processes. Monitor access with Data Governance Data governors can use the Data Governance page to continuously monitor data steward access for record types in production. Data stewards can also use this page to review the record types they have access to and see which processes use each of those record types. Feedback Was this page helpful? SHARE FEEDBACK Loading...