This page applies to developers, system administrators, and data governors. It describes how each role configures a different layer of security in data fabric insights.
OverviewCopy link to clipboard
System administrators, developers, and data governors work together to decide who can access data fabric insights and what data is available to them.
To allow users to access data fabric insights and build reports and dashboards:
- Add users as report creators.
- Choose which record types are available as datasets.
- Review security on record types.
As report creators build reports and dashboards, they can also determine who can see their reports and dashboards by sharing them with others.
Add users as report creatorsCopy link to clipboard
To access data fabric insights, users need to be members of the Data Fabric Report Creators system group. The Process HQ Users system group inherits members from the Data Fabric Report Creators system group, so report creators will automatically have access to the Process HQ workspace.
Once a user is added to this group, they can take advantage of data fabric insights by selecting Process HQ from the navigation menu.
Choose which record types are available as datasetsCopy link to clipboard
By default, new record types are not available to report creators in Process HQ.
To be available, a record type must be configured to display as a dataset in the Data Catalog of Process HQ. When a record type is available as a dataset it in the Data Catalog, users can:
- Ask AI Copilot about all available datasets in the Data Catalog.
- Access the record type as its own dataset and any other datasets where the record type is configured as a related record type.
- Build and view reports and dashboards created from that data.
You should only allow users to access record types necessary for reporting. To allow report creators to access data from related record types, you'll need show any one-to-one or many-to-one related record types in the Data Catalog as well.
There are two ways to show a record type as a dataset in the Data Catalog:
Who |
Where |
How |
|---|---|---|
Record type in Appian Designer |
|
|
Data Governance in Process HQ |
Any Data Governance configurations will take precedence over the record type configuration. |
Review security on record typesCopy link to clipboard
Each dataset will inherit the different layers of security configured on the record type and its related record types. If you've already secured these aspects of your record types, there's likely no additional configuration necessary.
To allow users to view and update the record data in a report or dashboard, they must have the following security configurations on the base record type and any related record types:
Security |
Required Configuration |
|---|---|
Users must have at least Viewer permission. As a best practice, you should configure the record type security so that Default (All Other Users) is set to No Access. This ensures that only users who have been specifically granted permission to the record type are allowed to see the record data. |
|
Users must be included in a security rule or security expression that allows them to see the appropriate records (or rows of data in the dataset). |
|
Users must be included in a security rule or a security expression that allows them to see the appropriate record actions. Users must also have Initiator permission to the underlying process models. |
|
No additional configuration necessary. Users can only view a record's Summary view, which is automatically visible to any user with permission to view the record type and the record itself. |