We're trying to build an admin interface that allows the administrator to see a list of all the objects in the application and manage the group permissions for each object. So to that end, is there a way to 1) search for every object in an application (or at least a particular type of object) and 2) view/modify the group permissions assigned to them?
Discussion posts and replies are publicly visible
Hi Marco
Um...this already exists. If you open an Application and then navigate to the 'Security Summary' (as illustrated) you can both see and manage the group permissions on every object in your application:
I understand it exists, but we don't want users managing security within appian, instead within their sites.
You want end-users to manage permissions of code/objects within the Application?
admin end-users, yes. It would be built into an administration console.
...and Appian Designer - which is an Admin Console - isn't sufficient for your purposes? (I'm not understanding what your use case is, obviously, as it seems that this is a development role and that why would you give someone the ability to mess directly with the code in Production environment, losing all governance and control!)
I hear you, and I agree. I don't fully understand why this should exist either. But the task I've been given is to create a separate admin site where admins can manage the group permissions of objects as needed, without going into appian designer.
Ok. I personally would make that a red line, a Gandalf "You Shall Not Pass" moment!
As it happens, AFAIK you can't anyway, since this would require access to the underlying (private) APIs that make Appian Designer work the way it works (I may be wrong, so am happy for others to correct me).
Just realized that this probably doesn't help you. If I were in your position, I'd challenge the "requirement" (which sounds like it's been cast in the form of a "solution") and try to get to the bottom of what the real requirement/s is/are. What's the actual problem that is trying to be solved here?
As far as I know, the underlying purpose is that they want to know what each user gets access to because some users aren't getting access to places where they otherwise should, and the security summary has been inadequate in determining that.
You should control access to objects via groups. There are many apps on the app market and you can even create a site yourself which lets group administrators manage group membership. You don't want end-users in production updating the security of an Object.
If you want a summary of user access, you can create a report and use our group member functions to show who has access to certain sites, reports, or records.
I found this a while ago to build something to manage groups with, so I'm not worried about trying to do that:
https://docs.appian.com/suite/help/21.4/recipe-add-remove-move-group-members-browser.html
That summary of user access report sounds like a good idea though. Hopefully it will be enough to satisfy. What function in particular would show access to a site, report or record? The group functions I've seen so far mostly seem to show who is in a group, not what a group is assigned to.