Overview of Record Type Security

This page explains how different security configurations impact an end user's ability to view and interact with your record data.

Overview

When it comes to securing your enterprise data, Appian provides a layered approach to security so you can ensure that your data is only available to the right users at the right time. This means that each element of your record type needs to be secured: the record type, the records themselves, and the individual record views and actions.

Each layer of security will impact the next. Whether a user has access to the record type will determine if they can see any records, and whether a user can see a record determines if they can see the individual record views and actions.

For example, let’s say you have a Support Case record type containing all submitted support cases. Support engineers need to be able to view and update their assigned cases, and create new cases.

To allow support engineers to accomplish their tasks, they would need the following security configurations:

Object	Security configuration
Record type object	Viewer permission.
Records	Record-level security that allows support engineers to see cases they're assigned to. By default, support engineers can see all cases.
Record views	Record view security that allows support engineers to see different record views. By default, support engineers can see the Summary view.
Record actions	Record action security that allows support engineers to create new cases and update cases assigned to them.
Fields	Field-level security that allows support engineers to see the necessary fields. By default, support engineers can see all fields.

See the different security pages to learn more:

• Record type object security
• Record-level security
• Record view security
• Record action security
• Field-level security

Workspace settings

In addition to the different security options on the record type, you can also configure workspace settings.

Workspace settings determine whether the record type is available in end-user workspaces, like Process HQ and Tempo.

In Process HQ, you can allow users to explore your record type as a dataset or as a part of a process. In Tempo, users can explore your record type as a Record.

By default, business users cannot access record types in Process HQ or Tempo. To allow users to access record types in these workspaces, you must configure the following security and settings:

Workspace Object	Required Security and Settings
Dataset in Process HQ	Users must be members of the Data Fabric Report Creators system group. Users must have least Viewer permissions to the record type. Any record-level security, record view security, and record action security will also be applied. The record type must be configured to show as a dataset in Process HQ.
Part of a process in Process HQ	Users must be members of the Process HQ Users system group. Trusted users must have data steward access to the record type to use it in a process. Data stewards will then configure security on the process so business users can access and explore it. Any other object security or record-level security will not be applied to users leveraging process insights.
Record in Tempo	Users must be members of the Tempo Users system group. A user must have least Viewer permission to the record type. Any record-level security, record view security, and record action security will also be applied. The record type must be configured to show as a Record in Tempo.

Feedback