Run as whoever designed the model

Certified Lead Developer

Hi all,

 

What do you think of Setting the security of the lane that starts a process as "Run as whoever designed the model"? Is it a good practice? What happens if the designer leaves the Company and the user gets deactivated? Is it recommened to use instead Run as whoever started the process? I am interested in knowing if this could cause a security error.

 

Kind regards,

 

Jesus

  Discussion posts and replies are publicly visible

Parents
  • As an additional note - "run as initiator" does not account for processes changing hands; the initiator is inherited from the top level action only. Furthermore, if that user ever gets deactivated, it has immediate and severe implications upon the running process instance tree they've left behind.

    It's for these reasons that on my main project, we are required to do 100% "run as designer" subprocess calls, and make sure that all models in the production environment are published by a shell "admin user" account as Robert mentions above. (We actually do imports under our personal accounts by necesity, and then use a custom app I built to republish all imported process models as the Admin user.)
  • Certified Senior Developer
    in reply to Mike Schmitt

     Could you please share how you created the custom app to republish with different user? Is it using the 'Republish Model as Different User' plugin? If yes, kindly share in which version of Appian you made use of this plugin.

  • Hi,

    Yes, the tool I mentioned above made use of the "republish as different user" plug-in as well as a process model which determined what models in that environment were not already published as that user, then ran through all of them.

    Luckily in the interceding 3 years, subsequent Appian versions have given us new capabilities including Service Account functionality as well as direct imports (under the authority of a designated user, i.e. the service account), so the need for such a tool has been almost entirely mitigated.

Reply
  • Hi,

    Yes, the tool I mentioned above made use of the "republish as different user" plug-in as well as a process model which determined what models in that environment were not already published as that user, then ran through all of them.

    Luckily in the interceding 3 years, subsequent Appian versions have given us new capabilities including Service Account functionality as well as direct imports (under the authority of a designated user, i.e. the service account), so the need for such a tool has been almost entirely mitigated.

Children