Hi all,
I spent pretty much the whole year trying to find where i can find the system roles are referred to in the following user roles documentation so I can properly assign privileges to users. Right now the only group type I see in my Appian version is Custom. How and where should I look in order to access the system roles in order to use them. Can someone point me out on what I am missing?
This is definitely what I believe Appian should improve in their documentation
https://docs.appian.com/suite/help/20.1/User_Roles.html
https://docs.appian.com/suite/help/20.1/System_Groups.html
Thank you in advance,
Roberta
Discussion posts and replies are publicly visible
Hi Roberta - I'm not sure I fully understand what you're asking for. In short:
I'm not sure what else to add until I understand exactly what you're looking to achieve.Feel free to elaborate and we will see what we can do to help you,
Hi Steward,
Thank you for replying.
I understand the concept of roles. What i need is direction on how to setup users to be admin to a specific application. For example, when I assigned Designers role to a group, they actually can create applications. I don't want that, I want them to be contained within their own application.
My question is how do I set this up using the out-of-the-box groups and permissions.
Thanks,
In which case you need to create your Designers as Basic Users, assign them Designer rights (add them to the 'Designer' group) and also add them to a Group that controls access to your Application (with default access of 'None' so that Users NOT in that Group cannot even see the Application object). This is what I was describing in my last bullet point in my initial reply. If you want them to access the Appian database you'll also need to add them to the 'Database Administrators' group (note: there's only one DB Schema for the Appian DB so anyone in that group can access ALL Database tables)
I did this and they still can create applications. Maybe there is a step here that I still need to do.
Do you have a recipe link that I can follow step by step?
What security settings do you have on your Application objects:
Hi Roberta -
Designers can create applications. This behavior of the product is not likely to change anytime soon. So let's table that.
My recommendation is that you institute and manage governance in support of your organization's policies.
Next, I'm assuming that access to environments other than dev and test is carefully controlled. This way, even if you have designers creating applications in dev you don't want. They should never get promoted to prod. (I trust you don't allow dev in Prod.)Further - provided your devs aren't sharing passwords (let's hope not), you can trace the origin of unwanted applications to the user who created it.
Assuming that most designers are not sys admins, you do have means to secure appian objects. The key is that all Application objects need to be secured to <App> Admins or <App> designers, or <App> All users, etc.Further, if there are only very few sys admins, then designers can't create new users, and you should be able to communicate policy to all new devs. If one dev team chooses to not secure their app. Other designers will be able to see it.
Hi Robert,
Thank you for your reply.
Yes, we do have all these controls in place for DEV, UAT and PROD environments.
Good advice for the application objects, I will go back to them and make sure they were setup properly.