Defining Roles and Access

Create a role to define access to modules and the functions which users will be able to perform within RPA. The role can then be assigned to individual users where appropriate.

You can define individual application roles for users for more granular control of user permissions within RPA – Admin module and Automation Studio. Rather than assigning individual permissions directly to each user, permissions are grouped into roles. Any user with Super_Admin role can define one or more roles on the admin module, and then grant permissions to each role. The permissions granted to authenticated users are contained in the user roles.

Upon defining the roles, administrator can create, edit, or delete roles for various features and functionalities in the RPA Admin Module and Automation Studio.

RPA admin module enables you to assign two types of roles:

Default Role: These roles are preconfigured and available by default.
Managing Roles (Customized Role): These roles are created and managed by users as per specific requirement.

RPA admin module enables you to assign two types of roles:

Default Role: These roles are preconfigured and available by default.
Managing Roles (Customized Role): These roles are created and managed by users as per specific requirement.

You can manage the roles and access successfully.

Default Roles

Roles enables you to assign specific permissions to a group and manage permission to modules. Users assigned to the role are granted those permissions as assigned to the role. The system provides some predefined roles after the installation process.
System administrator's ID which was given during the installation process is assigned as the Super_Admin of the admin module, by default.

The table lists the predefined roles in the AE Admin module.

Roles	Description
Super_Admin	Allows user with this role to access all features, including creating other Admin users and access to all folders and files. By default, Super_Admin role access is mapped to following: Analytics: ROI Dashboard > Achieved, Pipeline – View and Hierarchy Based Access Configurations > General - Edit, Target and Process - Read Only Reporting: Reporting Tab Access > Discover, Visualize, Dashboard, and Management Bot Governance & Monitoring: Control Tower Tabs > Credential Management, Trigger Management, APM and Automation Configuration Statistics. Control Tower Admin > Super User, Robot Creator Control Tower User > Transaction Analyst Process Design: Automation Studio > Process Creator, Process Approver, and Process Deployer Administration: Central Key Management, User Management and Configuration Management
Admin	Allows user with this role to view and manage the following activities related to studio, bot, dashboard and so on. By default, Admin role access is mapped to following: Reporting: Reporting Tab Access > Discover, Visualize, Dashboard, and Management Bot Governance & Monitoring: Control Tower Tabs > Credential Management, Trigger Management, and APM. Control Tower Admin > Super User Control Tower User > Transaction Analyst Process Design: Automation Studio > Process Creator, Process Approver, and Process Deployer Administration: Configuration Management
RPAITAdmin	Allows you to create, edit and delete the robots By default, RPAITAdmin role access is mapped to following: Reporting: Reporting Tab Access > Discover, Visualize, Dashboard, and Management Bot Governance & Monitoring: Control Tower Admin > Robot Creator
RPAProcOwner	Allows you to edit and publish the process. Allows you to view the processes as per the profiles assigned. Enables you to take available action on processes. By default, RPAProcOwner role access is mapped to following: Reporting: Reporting Tab Access > Discover, Visualize, Dashboard, and Management Bot Governance & Monitoring: Control Tower Tabs > Credential Management, Trigger Management Control Tower Admin > Super User, Robot Creator Control Tower User > Robot owner, Transaction Analyst
Virtual User	Enables virtual user to perform activity according to assigned access. You can assign the access to this role as per your requirement. Reporting: Reporting Tab Access > Discover, Visualize, Dashboard, and Management
Business Analyst	Enables business analyst user to perform activity according to assigned access. Enables user to view reporting. By default, business analyst role access is mapped to following: Analytics: ROI Dashboard > Achieved, Pipeline – View and Hierarchy Based Access Configurations > General - Read Only, Target and Process - Edit
Business Leader	Enables business leader user to perform activity according to assigned access. By default, Business Leader role access is mapped to following: Analytics: ROI Dashboard > Achieved, Pipeline – View
CoE Cocopit Approver	Enables user to approve / reject the submitted ideas. Enables users to ask clarifications on the submitted ideas.

Manage Roles

You can define a role and provide access to different user in-order to access various features of the RPA Admin module. Additionally, you can define a role and assign permissions to access various features of the Control Tower, Automation studio, and Other components.

Using this page, you can manage the following:

Add New Roles
Insert New Roles
Specify Role Access

Adding New Roles

To add a new role:

Go to Configuration > Manage Roles

Click Add New Role.

The Role Details page is displayed. The default role will be listed on the page.

In the Role Name field, enter the desired name for the role.
From the Parent Role drop-down, select the parent role for the new role. When roles are associated with parent roles, it creates a role hierarchy. Additionally, it provides an option to grant varied and controlled access to users through this new role.

NOTE:

When you select a parent role, the permissions from the parent role are not inherited. However, role access can be edited later.

Click Add. The new role is added to the list of roles.

Inserting New Roles

You can create a new role by inserting a role in between two existing roles, the parent and child roles. This helps in creating a new role hierarchy or build on the existing role hierarchy, associated with the parent role. Each role in the hierarchy represents a level of access that a user or group of users need.

To insert new roles:

Click Insert New.
In the Role Name field, enter the desired name for the role.
Select the parent and child role between which you would like to include the new role.
- From the Parent Role drop-down, select the parent role.
- From the Child Role drop-down, select the child role associated with the selected parent role.

NOTE:

The Child Role drop-down contains the list of all roles associated with the selected parent role.

Click Insert to save the role. The new role is added to the list of roles.

Specifying New Access

Roles must be given explicit access to manage activities in Admin module and Automation Studio. The Super_Admin can provide role-based access to users. The role permissions make it simple to perform user assignments. For each role, you can set up access individually.

User permissions are dictated by access control roles. These groups provide the ability to define capabilities and restrictions to a set of users at either the System or Organization level. Permissions are defined within each access control group and leverage predefined roles as the input for allowing or restricting capability within the system.

Types of access

Following are the types of access:

Analytics
Reporting
Green RPA
Bot Governance & Monitoring
CoE Cockpit
Process Design
Assisted Automation
Administration

To specify new access to roles:

Go to Configuration > Manage Roles
Click Specify New Access. By default, Admin is selected in the Select Role drop-down. The page displays the access enabled for admin.

In the Select Role list, select the role to which access needs to be granted.
In the Access Areas, select the type of access and in the Assign appropriate access to the role., select the check box corresponding to which you want to assign access for the user role.
Click Save.
A message appears as Role accesses saved successfully on the page.

Analytics

Access Label

Access Description

ROI Dashboard

On this page, select the preferred check box to provide particular access to user. Following are the options:

Achieved: User or Role with this access can view the Dashboard and perform all actions available such as Filter, Drill down, Drop down selection and so on.
Pipeline-View: User or Role with this access can only view the pipeline and perform action such as Filter, Sort, Expand, Collapse, view details of Discover process.
Pipeline-Edit: User or Role with this access can view the pipeline and perform action such as Filter, Sort, Expand, Collapse, view details of Discover process. Additionally, the user or role will have access to - Add Manual process to pipeline, Map Profiles to unmapped processes, mark a process as automated and so on.
Hierarchy Based Access: User or Role with this access can view the data on Dashboard and Pipeline based on the profiles mapped to the user and their relevant Hierarchies.

Super_Admin user and role can access following options related to Dashboard - ROI Metrics by default, which includes:

Achieved
Pipeline-View
Hierarchy Based Access

Business Analyst user and role can access following options related to Dashboard - ROI Metrics by default, which includes:

Achieved
Pipeline-Edit
Hierarchy Based Access

Business Leader user and role can access following options related to Dashboard - ROI Metrics by default, which includes:

Achieved
Pipeline-View

Configurations

On this page, select the preferred check box to provide particular access to user. Following are the options:

General – Read only: User or Role with this access can ONLY View and not edit the values in General Configurations. User with this access CANNOT have 'General - Edit' Access
General-Edit: User or Role with this access can edit all values in General Configurations. User with this access CANNOT have 'General - Read Only' access
Target and Process – Read only: User or Role with this access can ONLY View and not edit the values in Target and Process Configurations. But can apply filter, select the Hierarchy filters, Timeline filters, Activity Log and view the information. User with this access CANNOT have 'Target and Process - Edit' Access
Target and Process – Edit: User or Role having this access will be able to edit all values in Target and Process Configurations. User with this access CANNOT have 'Target and Process - Read Only' access.

Super_Admin user or role can access following options related to Configuration - ROI Metrics by default, which includes:

General - Edit
Target and Process - Read Only

Business Analyst user or role can access following options related to Configuration - ROI Metrics by default, which includes:

General - Read Only
Target and Process - Edit

Business Leader user or role can access following options related to Configuration - ROI Metrics by default, which includes:

General - Read Only
Target and Process - Read Only

Reporting

To assign the reporting access to the preferred role:

In the Select Role, select the preferred role.
Then, select the Reporting Tab Access or Dashboard Access or Data Access and assign the access.

Access Label	Access Description
Reporting Tab Access: Using Reporting Tab Access, you can assign access to the particular user role for the reporting dashboard which includes Discover, Visualize, Dashboard and Management.
Discover	By selecting Discover check box, user is assigned to access Discover Tab in the Reporting page.
Visualize	By selecting Visualize check box, user is assigned to access Visualize Tab in the Reporting page.
Dashboard	By selecting Dashboard check box, user is assigned to access Dashboard Tab in the Reporting page.
Management	By selecting Management check box, user is assigned to access Management Tab in the Reporting page.
Dashboard Access: Using Dashboard Access, you can provide access to preferred OOB dashboards as well as Custom Dashboard. When you log in for the first time, there will be no dashboard visible. The OOB dashboards are shown in the Dashboard Access tab as per the JSON file imported. For more information about importing JSON file, see Kibana section in the Installation. You can also assign access to Masked or Unmask the PII data in the Dashboard.
OOB Dashboard Access	In the OOB Dashboard, select the preferred check box corresponding to particular dashboard for which user must be assigned access. You can also mask and unmask the PII data shown in the dashboard which includes Transaction Audit Dashboard and Transaction Detailed Dashboard. Only these two dashboard show the option to mask or unmask the PII data. By default, PII data of Transaction Audit Dashboard and Transaction Detailed Dashboard for Super_Admin and Admin role is unmasked. You can change the access as per your preference for the particular role.
Custom Dashboard Access	In the Custom Dashboard, select the preferred check box corresponding to particular dashboard for which user must be assigned access. If you have created a new dashboard or edited the name of existing dashboard then, that particular dashboard is shown under the Custom Dashboard tab.
Data Access: Data Access enables you to assign profile-based access or complete data access the selected or particular user role. In case, you perform any irrelevant or system breaking changes in the fields such as Document Level Permission, Field Level Permission or select Index permission then, reporting and control tower data might not appear as expected.
Select Index Name	Select the preferred Index Name from the list such as rpa-trans, se-actvttrack and so on. Additionally, you can create a custom index pattern to data access.
Index Name	Specify the name of index.
Select Index Permission	Select the Index permission from the available option: Read Write
Document Level Permission	Document level permission is mentioned in this field, if you require then, you can edit the code. If you have created new query and migrating to 19.0 then, you are required to modify the document level permission accordingly. Additionally, if you have created any custom role then, you will have to modify the document level permission accordingly.
Field Level Permission	Displays the field level permission like excluded or included to access the data for the particular dashboard. If user has created new query and migrating to 19.0 then, user will be required to modify the document level permission accordingly. Additionally, if you have created any custom role then, you will have to modify the document level permission accordingly.
Type in Field Name	Specify the name of field for the particular dashboard.
Edit	By selecting Edit check box, super admin user role can access and perform all the activities on all the reporting tabs and dashboard such as create dashboard, edit existing dashboard, create new visualization, updating the existing visualization and so on.
(Create)	Click the (Create) icon to add new data access.
(Delete)	Click the (Delete) icon to delete the data access.

Green RPA

Role	Access
By default the Super Admin and Admin roles have access to all the 3 dashboards mentioned below and they can further grant access to the subordinate roles as required.
Process GQ	By selecting Process GQ check box, the user in a specific role is allowed to access the Process GQ dashboard on the Green RPA screen, to analyze the statistical data for all the processes.
Robot GQ	By selecting Robot GQ check box, the user in a specific role is allowed to access the Robot GQ dashboard on the Green RPA screen, to analyze the statistical data for the Robots and Robot Farms.
Machine GQ	By selecting Machine GQ check box, the user in a specific role is allowed to access the Machine GQ dashboard on the Green RPA screen, to analyze the statistical data for the Machine utilizations.

Bot Governance and Monitoring

Access Label	Access Description
Control Tower Tabs
View Only	By selecting View Only check box, user is assigned to only view the particular tabs of the Control Tower.
Credential Management	By selecting Credential Management check box, user is assigned to access credential manager. This access is used along with one of the four accesses, such as: RobotCreator, SuperUser, Manager or RPA_ControlTower_ProcessOwner
Trigger Management	By selecting Trigger Management check box, user can do following: Access the Trigger Manager section in control tower Currently, this access must be used along with one of the four accesses, such as, RobotCreator, SuperUser, Manager or RPA_ControlTower_ProcessOwner
APM	By selecting APM Dashboard check box, user is assigned to access APM Dashboard in Control Tower.
Automation Configuration Statistics	By selecting Automation Configuration Statistics check box, user is assigned to access Automation Configuration Statistics page in the Control Tower.
Control Tower Admin
Super User	By selecting this check box, user is assigned super user access for Control Tower. Super User can do following: Assign robots to other users or self Assign Super bots to self or other Super Users View the status of all robots across machines segregated by the status of whether a robot is available, in setup, running, stopped or is in error Take action on the robots irrespective of whom the robot is assigned to Setup the robots assigned to the user
Robot Creator	By selecting this check box, user is assigned Robot Creator access for Control Tower. Robot Creator can do following: Create, Edit and Delete the robots Remove the unused Robot Agents from Control tower UI Change the access mode for a Robot Agent View all the robots across machines segregated by whether a robot is available or assigned to a user
Manager	By selecting this check box, user is assigned Manager access for Control Tower. Manager can do following: Assign robots to other users or self View the robots that are mapped to the User’s profiles across machines segregated by whether a robot is available, in setup, running, stopped or is in error. Take action on the robots irrespective of whom the robot is assigned to but subject to user’s viewing rights Setup the robots assigned to user
Control Tower User
Robot Owner	By selecting Control Tower Robot Owner check box, user can do following: Assign robots to self View all the assigned robots across machines segregated by whether a robot is available, in setup, running, stopped or is in error. Take action on the assigned robots. Setup the assigned robots. Reset the assigned robot.
Transaction Analyst	By selecting Transaction Analyst check box, user can do following: Access the Process view in control tower Currently, this access must be used along with one of the four accesses, such as, RobotCreator, SuperUser, Manager or RPA_ControlTower_ProcessOwner

CoE Cockpit

Super Admin can provide access and allows user in a specific role to be an ideator or approver:

Role	Access Description
CoE Cockpit Approver	By selecting CoE Cockpit Approver check box, user is assigned to be an approver of the submitted ides. Along with selecting this option you need to map the CoE Cockpit Approver role to your login to access the CoE Approver page. For more information on role mapping, see Role Mapping.

NOTE:

If a Super Admin unselects both the access (ideator and approver) for an user, then CoE Cockpit page will not be accessible. Any user by default will have ideator access, when mapped to existing roles other than the CoE Cockpit approver.

Process Design

This access allows users in a specific role to access AssistEdge Automation Studio and Low code orchestrator designer.

Role	Process Design Access
Automation Studio
<ProcessCreator>	By selecting <ProcessCreator> access, users in a specific role is allowed to create, test, and publish processes in the Automation Studio.
<ProcessApprover>	By selecting <ProcessApprover> access, users in a specific role is allowed to create, test, and publish processes in the Automation Studio.
<ProcessDeployer>	By selecting <ProcessDeployer> access, users in a specific role is allowed to deploy processes in the Automation Studio.
< ProcessTester >	By selecting < Process Tester> access, user in a specific role is allowed to create and execute the test cases for a process in the Automation Studio. Users can also export and import process packages containing the test cases with this access. Role without this access can only view the test cases and cannot export and import process package with test cases.
Low code orchestrator designer
Low code orchestrator designer	By selecting Low code orchestrator access, user in a specific role is allowed to create application on the low code orchestrator in the Automation Studio. If the user has Low Code Orchestrator access, user will be able to work on the apps as an end user.
Low code API access	By selecting Low code API access, user in a specific role is allowed to call the APIs configured on the AssistEdge Low Code Orchestrator using Automation Studio or external clients like POSTMAN

Assisted Automation

Access Label	Access Description
Decision Workbench	To access the Decision Workbench is assigned to a role by selecting the <Decision Workbench > access. SME L1: This is the basic level of SME access who can access the transaction view tab in the Control tower page by selecting the SME L1 check box. With the L1 access, SME can deal with the particular task. In case, SME L1 is not able to access or work the request then, the request is escalated to SME L2. SME L2: This is the second higher level of SME access who can access the transactions view tab in the Control Tower by selecting the SME L2 check box. With the L2 access, SME can manage the escalated task , change the comment and then, submit the request. Manager: Manager access can only do following: View Details: With Manager access, user can view the data such as average handle time, process view, escalated request and so on. Audit Details: With Manager access, user can audit the tickets available in the transaction view and also monitor all the requests in Decision workbench process view.
Engage	To access engage, user needs to be assigned to a role which has <Engage> access. This access enables user to access Engage component.
Enterprise Personal Assistant	Enterprise Personal Assistant (EPA) bot usage access is governed by this access control. User will be able to use Enterprise Personal Assistant Bot when a valid EPA Automation license is uploaded in the License Manager and a user is assigned a role which has this access.
Web Engage	To access web engage, user needs to be assigned to a role which has <Web Engage> access. The Web Engage URL is shared over email with the user once you assign the Web Engage page access. In a given implementation engage and web engage access can’t be granted together.
Business Apps	To access Business apps, user needs to be assigned to a role which has <Business Apps> access.This access enables user to access the Low code orchestrator apps, but you cannot edit the apps and processes. It allows the specific role to access the low code orchestrator from Admin Portal, but you cannot edit the apps or processes. It allows to redirect the end-user to a specific app URL, which is created using the Low Code Orchestrator. For more information about Business Apps, see Process Orchestrator.

Administration

Access Label	Access
Configuration	Access	Description
	Hierarchy Configuration	By selecting the Hierarchy Configuration checkbox, the user is allowed to add, edit or delete entities on the Hierarchy Configuration page.
	Manage Entity Hierarchy	By selecting the Manage Entity Hierarchy check box, the user allowed to view and manage the entities.
	Manage Profiles	By selecting the Manage Profiles check box, user is allowed to: Add, edit or delete a profile Map Hierarchy
	Profile Application Mapping	By selecting the Profile Application Mapping check box, the user is allowed to view, map or unmap applications to profiles on the Profile Application Mapping page.
	Manage Role	By selecting the Manage Roles check box, the user is allowed to add new roles, insert a role or specify a role on the Manage Roles page.
	System Settings	By selecting the System Settings check box, the user is allowed to edit the settings for different modules on the System Settings page.
	SMTP Setting	By selecting the SMTP Settings check box, the user is allowed to enter the details for SMTP settings on the SMTP Settings page.
	Data Retention Policy	By selecting the Data Retention Policy check box, the user is allowed to edit the details for various indexes on the Data Retention Policy page.
Broadcast Manager	Publish Messages	By selecting the Publish Messages check box, the user is allowed to edit the publishing settings.
	View Report	By selecting the View Report check box, the user is allowed to select a date range to view the report.
	Manage Templates	By selecting the Manage Templates check box, the user is allowed to add, edit or delete templates.
	View Messages	By selecting the View Messages check box, the user is allowed to view messages by filtering on Message Type, Priority or Publish Date.
User Management	View Users	By selecting the View Users check box, the user is allowed to search for users and view Hierarchy Tree.
	Manage Users	By selecting the Manage Users check box, the user is allowed to add or edit users.
	User Mappings	By selecting the User Mappings check box, the user is allowed to map the profile, process or roles for users.
	Product Usage	By selecting the Product Usage check box, the user is allowed to view the product usage for users.
Notes Management	Manage Notes	By selecting the Manage Notes check box, the user is allowed to add, edit or delete notes.
Notes Management	Notes Mapping	By selecting the Notes Mapping check box, the user is allowed to add or remove notes mapping.
Central Key Management	By selecting Central Key Management check box, user is assigned access to the Central Key Management page in Admin module.
License Management	By selecting License Management check box, user is assigned access to the License Management page in Admin module.
Vanguard	By selecting Vanguard check box, user is assigned access to the Vanguard page, for Settings and Alert Configurations, under Module Configuration in Admin module
Green RPA	By selecting Green RPA check box, user is assigned access to the Green RPA page in Admin module