Data protection for Appian Business Partners

Certified Lead Developer

Hi all,

I am working for an Appian business partner and we have a recurrent limitation to support production issues. Many customers are new to Appian and dont have Appian knowledge to solve complex issues. However they dont want to give us access to production. How do you deal with this situation?

The alternatives are to replicate the issues in another environment but this is not always possible. Having a web ex session with the customer is also a possibility but is not ideal. Are there any other ways to debug issues in production without breaking data protection rules? The customer would like to export the log and anonymize the data, but I think this is not a good idea in Appian.

I am interested in knowing how other Appian business partners are dealing with these situations. In my opinion if they want us to solve production issues, they need to give us access to production. The problem is not about rights (read only, write etc) it is about not seeing sensible data.

Kind regards

  Discussion posts and replies are publicly visible

  • 0
    Certified Senior Developer

    Personal experience with that topic:

    "however they dont want to give us access to production. How do you deal with this situation?"

    Personally we/I had always access to production environments with system administrator accounts. But with the limitation that we shall not change anything under any circumstance in production environments. Production changes will always just made by application managers of the customer or patches, which are tested on other environments first.
    We are talking about banks and health care customers with a lot of sensitive data, but they even understood the requirement.
    It is just necessary that you get access to analyse issues via monitoring.

    Perhaps you can explain the difference between the formal permissen to change data and an account with suitable rights but which is necessary to do fullfill your duties to analyze issues.

  • We typically implement a support process which elevates permission for a specific period of time. For that time you have access to process monitoring and designer. This process can be adapted to client/project needs.

  • 0
    Certified Senior Developer
    in reply to Stefan Helzle

    nice concept.
    Via an implemented appian process which uses "add", waiting timer and "remove user from group" smart services?