Hello everyone,
I have a question regarding how Appian handles task URLs and their accessibility across different applications and sites.
I've noticed that a task in Appian can be opened regardless of which application, site, or page you're currently viewing. For example, the same task ID can be accessed through multiple different URL patterns:
https://<myenv>.appiancloud.com/suite/sites/any-application-1/page/<any-page-3>/task/<some-id>
https://<myenv>.appiancloud.com/suite/sites/any-application-2/page/<any-page-3>/task/<some-id>
https://<myenv>.appiancloud.com/suite/sites/any-application-3/page/<any-page-3>/task/<some-id>
Let's suppose <some-id>=GgE4eQDCj1OX711111
All of these URLs successfully open the same task, even though they reference different applications and pages in the path.
My questions are:
I'm trying to understand the underlying architecture and whether this is by design for user convenience or if there are configuration options I might be missing.
Discussion posts and replies are publicly visible
Silas. B. Ferreira said:Why does Appian allow tasks to be accessible from any site/application URL path?
Tasks do not care even the slightest bit about what apparent site/application they're opened from. The fact that they're apparently opened from a site is basically a retrofit to not make the user think they've been bounced to the "Tempo" side. Security of a particular task (process security, assignment, etc) is not affected by the site the user is accessing it from - and likewise I would assume that the user couldn't arbitrarily view a task from a site they wouldn't have access to. And almost no end users are going to dissect URLs to mix-and-match like this, nor would they care.
Silas. B. Ferreira said:is there a way to restrict task access to specific applications/sites
no. task security is controlled strictly from process instance security and task assignment, since (as previously stated) the "source site" makes zero difference.
Silas. B. Ferreira said:Does the application/site/page portion of the URL serve any functional purpose when accessing tasks, or is it purely cosmetic/contextual?
the latter.
Silas. B. Ferreira said:any security implications
none that I know of. if a user has access to X Y and Z sites, and A B and C tasks, they'll technically be able to see any A B or C as if from X Y or Z, in any permutation, if they mess with the URL the right way.
Think of a user using multiple applications. He will need some overarching dashboard to have access to all tasks and data from all the applications. This is not a bug, but a feature.