Free cookie consent management tool by TermsFeed

System Groups

Overview

Your Appian environment automatically includes a set of system groups, which you can use to administer access to various components in the environment.

As a best practice, don't use system groups to secure individual applications or design objects in applications. Instead, we recommend using default security groups.

Note:  Although created automatically, generated groups are not part of system groups. Instead, they are Custom type groups that you can manage in the same way you'd manage groups you create manually. Learn more about generated groups.

System groups can be modified by the Administrator user account, System Administrator users, or the Group Administrator(s) with the following restrictions:

  • System groups cannot be deleted through an interface.
  • System group names cannot be changed from an interface.
  • System groups have the same UUID in all Appian environments.

Tip:  The following system groups have been deprecated and may be removed from Appian in a future release:

Application Users

Users in the Application Users group correspond to the Application User Role.

Data Fabric Report Creators

Users in the Data Fabric Report Creators group can build custom reports and dashboards using data fabric insights. These users can share their own reports and dashboards, and view reports and dashboards shared with them, so long as they have Viewer permissions to the record types used in the reports.

The Process HQ Users system group inherits members from the Data Fabric Report Creators system group, so report creators will automatically have access to the Process HQ workspace.

Data Governors

Users in the Data Governors system group correspond to the Data Governor Role.

Database Users

The Database Users group contains all of the database user access roles.

Within this group, you can assign users to the following groups:

Designers

Users in the Designers group correspond to the Designer User Role.

Design Library Editors

Users in the Design Library Editors group can include or exclude interfaces from the design library.

Note:  Users added to the Design Library Editors group are automatically added to the designer role, which gives them access to design all aspects of an application.

Enterprise Copilot Administrators

Users in the Enterprise Copilot Administrators group can access Enterprise Copilot. These users can also:

  • View, create, and edit all knowledge sets
  • Add other Enterprise Copilot Administrators

Members of this group will be granted full access to the Enterprise Copilot site, including adding or editing user permissions.

Health Check Viewers

Users in the Health Check Viewers group can automatically share Health Check reports. Members of the group will be notified via email each time a report becomes available, and will be able to download the report from a secured News post. By default, all system administrators are added as members of the Health Check Viewers group via an editable membership rule.

Health Check must be set up in the Admin Console, and automatic upload must be enabled in order for these viewers to see the Health Check report.

You can access the Health Check Viewers group from the link on the Health Check Settings page or by searching for the group in the Objects view. You can add both individual users and groups as members (see Group Management).

The Health Check Viewers group is configured with the following security settings:

  • Restricted visibility: Only members and administrators can view the group.
  • Closed membership policy: Group administrators must select members.
  • Low privacy: Members of the group can view each other.

OAuth 2.0 SAML Bearer Assertion Users

Users in the OAuth 2.0 SAML Bearer Assertion Users group will be able to use the OAuth 2.0: SAML Bearer Assertion Flow with HTTP connected systems.

OpenID Connect Integration Users

Users in the OpenID Connect Integration Users group will be able to use OpenID Connect with HTTP connected systems.

Process HQ Users

Users in the Process HQ Users system group correspond to the Process HQ User Role.

Process Model Creators

Basic users must be a member of the Process Model Creators group in order to create new process models, or configure the Query Database or Call Web Service smart services.

You can create a group membership rule that automatically grants all basic users the right to create process models, if you prefer.

System Administrator users do not need to be members of this group to create process models.

See also: Add Users to Groups

The Process Model Creators group is configured with the following security settings:

  • Restricted visibility
    • Only members and administrators can view the group.
  • Closed membership policy
    • Group administrators must select members.
  • Low privacy
    • Members of the group can view each other.

Note:  Users added to the Process Model Creators group are automatically added to the designer role, which gives them access to design all aspects of an application.

Quick App Creators

Users in the Quick App Creators group correspond to the Quick App Creator Role.

RPA Operations Managers

Members of this group can access the RPA Operations Console for operational activities, such as managing credentials, queues, robots, and executing robotic tasks.

Service Accounts

Users in the Service Accounts group correspond to the Service Account Role.

Studio Editors

Users in the Studio Editors group can access the Studio site in Case Management Studio and create and manage configurations related to case types and categories.

Tempo Message Audience Groups

Tempo Message Audience Groups is a system group to which other groups can be added. You can then add users to the member groups to define participants on News posts or recipients of News messages.

Note:  For users to be able to see and select a group as a participant on a News post or recipient of a message, the group must be added to the Tempo Message Audience Groups system group by a system administrator.

Add groups as members

Only groups are recognized as members of this system group. Individual users are ignored and will have no impact. Once membership is updated and saved, the changes are reflected to users when they log back into the system.

Only Public and Restricted groups can be added to the Tempo Message Audience Groups system group. Each group added becomes available for its members to select and send messages to it on the News Feed. Whether or not non-members can select the enabled groups or see messages sent to these groups depends on the security settings for the group and message.

  • Public Groups: If the group is Public, all users can see and send messages to the group. If the message is open, all users can search for and see it in their News feed. If the message is locked, only members of the group and the message author can search for and see it in their News feed.
  • Restricted Groups: If the group is Restricted, only members and administrators are able to see and send messages to the group. If the message is open, all users can search for and see it in their News feed, but the group name displays as [Group Name Not Available] for non-members. If the message is locked, only members of the group and the message author can search for and see it in their News feed and the group name displays correctly.

Note:  Any users or groups added to these system groups also gain the same functionality within Appian Mobile applications.

Security settings

The Tempo Message Audience Groups system group is configured with the following security settings:

  • Personal security: It can only be viewed by administrators.
  • Closed membership policy: Group administrators must select members.
  • High privacy: Only administrators can view group members.

Tempo Users

Users in the Tempo Users group correspond to the Tempo User Role.

Feedback