What security settings should be given to restrict support users to access only the process instance but should not have any access to the main object itself ?
Discussion posts and replies are publicly visible
Does this answer your questions:
docs.appian.com/.../process-model-object.html
So according to my understanding going through documentation, for a user (Support user) to have permission to a process model instance but only read only access to that process model object,
A user should be added to "Designer Role" but not in the "Process model creator" system groups so that the user will not have provision to design or modify a process model object but still can view the process instance in monitoring with adminstrator permission
Please correct me if I misunderstood anything here for the scenario
This sounds reasonable, but I highly recommend to test and validate this assumption.
Thanks , will try to validate this configuration
And for a general approach to PROD support, read this: appian.rocks/.../