This page applies to developers, system administrators, and data governors. It describes how each role configures a different layer of security in data fabric insights.

Overview

System administrators, developers, and data governors work together to decide who can access data fabric insights and what data is available to them.

To allow users to access data fabric insights and build reports and dashboards:

• Add users as report creators.
• Choose which record types are available as datasets.
• Review security on record types.

As report creators build reports and dashboards, they can also determine who can see their reports and dashboards by sharing them with others.

Add users as report creators

To access data fabric insights, users need to be members of the Data Fabric Report Creators system group. The Process HQ Users system group inherits members from the Data Fabric Report Creators system group, so report creators will automatically have access to the Process HQ workspace.

Once a user is added to this group, they can take advantage of data fabric insights by selecting Process HQ from the navigation menu.

Choose which record types are available as datasets

By default, new record types are not available to report creators in Process HQ.

To be available, a record type must be configured to display as a dataset in the Data Catalog of Process HQ. When a record type is available as a dataset it in the Data Catalog, users can:

• Ask AI Copilot about all available datasets in the Data Catalog.
• Access the record type as its own dataset and any other datasets where the record type is configured as a related record type.
• Build and view reports and dashboards created from that data.

You should only allow users to access record types necessary for reporting. To allow report creators to access data from related record types, you'll need show any one-to-one or many-to-one related record types in the Data Catalog as well.

There are two ways to show a record type as a dataset in the Data Catalog:

Who	Where	How
Developers	Record type in Appian Designer	In the record type, go to Workspaces. Select the Show this record type as a dataset in the Data Catalog of Process HQ checkbox. Click SAVE CHANGES. Deploy the record type to production.
Data Governors	Data Governance in Process HQ	In Process HQ, go to Data Governance. To show or hide a single record type from the Data Catalog, use the toggle in the Data Catalog column. To show or hide multiple record types from the Data Catalog, select the checkbox next to the record types and click SHOW IN DATA CATALOG. Any Data Governance configurations will take precedence over the record type configuration.

Review security on record types

Each dataset will inherit the different layers of security configured on the record type and its related record types. If you've already secured these aspects of your record types, there's likely no additional configuration necessary.

To allow users to view and update the record data in a report or dashboard, they must have the following security configurations on the base record type and any related record types:

Security	Required Configuration
Record type object security	Users must have at least Viewer permission. As a best practice, you should configure the record type security so that Default (All Other Users) is set to No Access. This ensures that only users who have been specifically granted permission to the record type are allowed to see the record data.
Record-level security	Users must be included in a security rule or security expression that allows them to see the appropriate records (or rows of data in the dataset).
Record action security	Users must be included in a security rule or a security expression that allows them to see the appropriate record actions. Users must also have Initiator permission to the underlying process models.
Record view security	No additional configuration necessary. Users can only view a record's Summary view, which is automatically visible to any user with permission to view the record type and the record itself.