The Appian Platform’s vision is to unite people, process, and data in a seamless unified platform for low-code automation across the enterprise. At the heart of this vision is Appian Records. Appian Records allow app owners to organize their data, similar to a database table, and take action or provide access to that data within the platform. However, the unique quality beyond its extensible capabilities within the unified platform, is the flexibility in the origination of your data. Records can be sourced from a:

  1. Database
  2. Appian Process
  3. Salesforce
  4. Web Service

This capability is what makes Records so unified and valuable. It allows Appian to excel as an integrator of data. With version 22.1, Appian released a new capability within Records called Record-Level Security. To understand why this enhancement is game-changing, we first need to understand the problem it solves, and how it can transform a broad range of crucial business processes.

Different Groups Have Access to Different Data

If you were describing a Case Management system, the first thing you might say is that your Support Engineers work on Cases. From a high-level, it makes sense to start explaining it this way. Digging a little deeper, you’d realize that would only be one of many rules that your system follows. Furthermore, you’d notice that your users are split up into groups, and those groups don’t all abide by the same rules. Some helpful follow up questions might be:

  1. Do your Support Engineers have multiple levels? I.e. Support Staff, Administrators, etc.
  2. Within those groups, do individuals have access to all the Cases in the system or just the accounts they are assigned to? What about cases with a certain status? Are there complex security requirements and external users?

(The old way)

The level of complexity for user’s access and security can add up quickly. Previously, as shown above, these rules needed to be contained within expression rules using SAIL, Appian’s proprietary language which allows Appian developers to build applications beyond what drag and drop baseline versions allow. With record-level security, this can now be expressed through Security Rules.

The below dashboards demonstrate visibility for the Case Management example referenced prior. The first dashboard displays an Administrator’s view into all of the Support Case records, including “Closed” cases. The second dashboard displays a Support Engineer’s dashboard, which displays only their own cases. This example highlights how security rules easily allow you to organize your business process data and shape employee workflows. In this case, Administrators and Support Engineers can see different records based on what Group they’re a part of. Furthermore, Administrators are allowed to view “Closed” cases. This highlights how fields can impact data visibility according to device security policies as well. It combines to dramatically improve basic mobility and security.

The ability to separate users into groups and give them access to different pieces of information isn’t new on Appian’s Low-code development platforms. So, in plain language, let’s explore why is this important?


Ease of Development

Like many innovations within Low Code, speed, improved workflows, and adaptability are at the core of the benefits. Through record-level security on the Appian Low-Code Platform, you can use the default drag and drop or low code builders to generate these interfaces instead of writing complicated logic in SAIL, which will streamline digital workflows and cut time.

Security rules provide an intuitive framework to make rapid changes and deliver applications quicker. The original method required you to pass in criteria for each use of filtering, requiring potential maintenance in all of those uses. However, related record types can be inherited, so you only need to maintain logic in one place. The old development process required an understanding of all security rules within your application when making changes. This maintainability will allow developers to organize their data better, make changes easier, and deploy applications quicker, all while improving business agility.


Developers can test their security rules right from the configuration panel, from initial testing all the way through to the final results of the testing phase.  You can also disable or enable rules to isolate and test specific ones with Appian applications. This is a big time-saver, particularly if a system, such as a company portal, is complex with many business rules.


Performance is automatically handled by the Appian Low-Code Platform. This eliminates a developer’s need to consider how their constructed expressions would impact performance. Previously, if rules were not organized properly, this could impact system performance and the everyday business users’ experience when viewing or taking action on your records.

What steps can you take to use Record-Level Security Rules?

If you’re interested in learning more about how Record-Level Security Rules could improve your Appian application and employee experiences, speak with one of our team members today. Vision Point Systems can help optimize and modernize your system with the latest Appian innovations.

Resources for Appian