Defining Roles and Access
Create a role to define access to modules and the functions which users will be able to perform within RPA. The role can then be assigned to individual users where appropriate.
You can define individual application roles for users for more granular control of user permissions within RPA – Admin module and Automation Studio. Rather than assigning individual permissions directly to each user, permissions are grouped into roles. Any user with Super_Admin role can define one or more roles on the admin module, and then grant permissions to each role. The permissions granted to authenticated users are contained in the user roles.
Upon defining the roles, administrator can create, edit, or delete roles for various features and functionalities in the RPA Admin Module and Automation Studio.
RPA admin module enables you to assign two types of roles:
- Default Role: These roles are preconfigured and available by default.
- Managing Roles (Customized Role): These roles are created and managed by users as per specific requirement.
RPA admin module enables you to assign two types of roles:
- Default Role: These roles are preconfigured and available by default.
- Managing Roles (Customized Role): These roles are created and managed by users as per specific requirement.
You can manage the roles and access successfully.
Default Roles
Roles enables you to assign specific permissions to a group and manage permission to modules. Users assigned to the role are granted those permissions as assigned to the role. The system provides some predefined roles after the installation process.
System administrator's ID which was given during the installation process is assigned as the Super_Admin of the admin module, by default.
The table lists the predefined roles in the AE Admin module.
Roles | Description |
Super_Admin |
|
Admin |
|
RPAITAdmin |
|
RPAProcOwner |
|
Virtual User |
|
Business Analyst |
|
Business Leader |
|
CoE Cocopit Approver |
|
Manage Roles
You can define a role and provide access to different user in-order to access various features of the RPA Admin module. Additionally, you can define a role and assign permissions to access various features of the Control Tower, Automation studio, and Other components.
Using this page, you can manage the following:
Adding New Roles
To add a new role:
- Go to Configuration > Manage Roles
- Click Add New Role.
The Role Details page is displayed. The default role will be listed on the page.
- In the Role Name field, enter the desired name for the role.
- From the Parent Role drop-down, select the parent role for the new role. When roles are associated with parent roles, it creates a role hierarchy. Additionally, it provides an option to grant varied and controlled access to users through this new role.
NOTE: |
When you select a parent role, the permissions from the parent role are not inherited. However, role access can be edited later. |
- Click Add. The new role is added to the list of roles.
Inserting New Roles
You can create a new role by inserting a role in between two existing roles, the parent and child roles. This helps in creating a new role hierarchy or build on the existing role hierarchy, associated with the parent role. Each role in the hierarchy represents a level of access that a user or group of users need.
To insert new roles:
- Click Insert New.
- In the Role Name field, enter the desired name for the role.
- Select the parent and child role between which you would like to include the new role.
- From the Parent Role drop-down, select the parent role.
- From the Child Role drop-down, select the child role associated with the selected parent role.
NOTE: |
The Child Role drop-down contains the list of all roles associated with the selected parent role. |
- Click Insert to save the role. The new role is added to the list of roles.
Specifying New Access
Roles must be given explicit access to manage activities in Admin module and Automation Studio. The Super_Admin can provide role-based access to users. The role permissions make it simple to perform user assignments. For each role, you can set up access individually.
User permissions are dictated by access control roles. These groups provide the ability to define capabilities and restrictions to a set of users at either the System or Organization level. Permissions are defined within each access control group and leverage predefined roles as the input for allowing or restricting capability within the system.
Types of access
Following are the types of access:
- Analytics
- Reporting
- Green RPA
- Bot Governance & Monitoring
- CoE Cockpit
- Process Design
- Assisted Automation
- Administration
To specify new access to roles:
- Go to Configuration > Manage Roles
- Click Specify New Access. By default, Admin is selected in the Select Role drop-down. The page displays the access enabled for admin.
- In the Select Role list, select the role to which access needs to be granted.
- In the Access Areas, select the type of access and in the Assign appropriate access to the role., select the check box corresponding to which you want to assign access for the user role.
- Click Save.
A message appears as Role accesses saved successfully on the page.
Analytics
Access Label | Access Description |
ROI Dashboard |
On this page, select the preferred check box to provide particular access to user. Following are the options:
Super_Admin user and role can access following options related to Dashboard - ROI Metrics by default, which includes:
Business Analyst user and role can access following options related to Dashboard - ROI Metrics by default, which includes:
Business Leader user and role can access following options related to Dashboard - ROI Metrics by default, which includes:
|
Configurations |
On this page, select the preferred check box to provide particular access to user. Following are the options:
Super_Admin user or role can access following options related to Configuration - ROI Metrics by default, which includes:
Business Analyst user or role can access following options related to Configuration - ROI Metrics by default, which includes:
Business Leader user or role can access following options related to Configuration - ROI Metrics by default, which includes:
|
Reporting
To assign the reporting access to the preferred role:
- In the Select Role, select the preferred role.
- Then, select the Reporting Tab Access or Dashboard Access or Data Access and assign the access.
Access Label | Access Description |
Reporting Tab Access: Using Reporting Tab Access, you can assign access to the particular user role for the reporting dashboard which includes Discover, Visualize, Dashboard and Management. |
|
Discover | By selecting Discover check box, user is assigned to access Discover Tab in the Reporting page. |
Visualize | By selecting Visualize check box, user is assigned to access Visualize Tab in the Reporting page. |
Dashboard | By selecting Dashboard check box, user is assigned to access Dashboard Tab in the Reporting page. |
Management | By selecting Management check box, user is assigned to access Management Tab in the Reporting page. |
Dashboard Access: Using Dashboard Access, you can provide access to preferred OOB dashboards as well as Custom Dashboard. When you log in for the first time, there will be no dashboard visible. The OOB dashboards are shown in the Dashboard Access tab as per the JSON file imported. For more information about importing JSON file, see Kibana section in the Installation. You can also assign access to Masked or Unmask the PII data in the Dashboard. |
|
OOB Dashboard Access | In the OOB Dashboard, select the preferred check box corresponding to particular dashboard for which user must be assigned access.
|
Custom Dashboard Access | In the Custom Dashboard, select the preferred check box corresponding to particular dashboard for which user must be assigned access. If you have created a new dashboard or edited the name of existing dashboard then, that particular dashboard is shown under the Custom Dashboard tab. |
Data Access: Data Access enables you to assign profile-based access or complete data access the selected or particular user role. In case, you perform any irrelevant or system breaking changes in the fields such as Document Level Permission, Field Level Permission or select Index permission then, reporting and control tower data might not appear as expected. |
|
Select Index Name | Select the preferred Index Name from the list such as rpa-trans, se-actvttrack and so on. Additionally, you can create a custom index pattern to data access. |
Index Name | Specify the name of index. |
Select Index Permission | Select the Index permission from the available option:
|
Document Level Permission |
Document level permission is mentioned in this field, if you require then, you can edit the code. Additionally, if you have created any custom role then, you will have to modify the document level permission accordingly. |
Field Level Permission | Displays the field level permission like excluded or included to access the data for the particular dashboard. If user has created new query and migrating to 19.0 then, user will be required to modify the document level permission accordingly. Additionally, if you have created any custom role then, you will have to modify the document level permission accordingly. |
Type in Field Name | Specify the name of field for the particular dashboard. |
Edit | By selecting Edit check box, super admin user role can access and perform all the activities on all the reporting tabs and dashboard such as create dashboard, edit existing dashboard, create new visualization, updating the existing visualization and so on. |
![]() |
Click the ![]() |
![]() |
Click the ![]() |
Green RPA
Role | Access |
By default the Super Admin and Admin roles have access to all the 3 dashboards mentioned below and they can further grant access to the subordinate roles as required. | |
Process GQ | By selecting Process GQ check box, the user in a specific role is allowed to access the Process GQ dashboard on the Green RPA screen, to analyze the statistical data for all the processes. |
Robot GQ | By selecting Robot GQ check box, the user in a specific role is allowed to access the Robot GQ dashboard on the Green RPA screen, to analyze the statistical data for the Robots and Robot Farms. |
Machine GQ | By selecting Machine GQ check box, the user in a specific role is allowed to access the Machine GQ dashboard on the Green RPA screen, to analyze the statistical data for the Machine utilizations. |
Bot Governance and Monitoring
Access Label | Access Description |
Control Tower Tabs |
|
View Only | By selecting View Only check box, user is assigned to only view the particular tabs of the Control Tower. |
Credential Management |
By selecting Credential Management check box, user is assigned to access credential manager. This access is used along with one of the four accesses, such as: RobotCreator, SuperUser, Manager or RPA_ControlTower_ProcessOwner |
Trigger Management |
By selecting Trigger Management check box, user can do following:
Currently, this access must be used along with one of the four accesses, such as, RobotCreator, SuperUser, Manager or RPA_ControlTower_ProcessOwner |
APM | By selecting APM Dashboard check box, user is assigned to access APM Dashboard in Control Tower. |
Automation Configuration Statistics | By selecting Automation Configuration Statistics check box, user is assigned to access Automation Configuration Statistics page in the Control Tower. |
Control Tower Admin |
|
Super User |
By selecting this check box, user is assigned super user access for Control Tower. Super User can do following:
|
Robot Creator | By selecting this check box, user is assigned Robot Creator access for Control Tower. Robot Creator can do following:
|
Manager | By selecting this check box, user is assigned Manager access for Control Tower. Manager can do following:
|
Control Tower User |
|
Robot Owner | By selecting Control Tower Robot Owner check box, user can do following:
|
Transaction Analyst | By selecting Transaction Analyst check box, user can do following:
|
CoE Cockpit
Super Admin can provide access and allows user in a specific role to be an ideator or approver:
Role | Access Description |
CoE Cockpit Approver | By selecting CoE Cockpit Approver check box, user is assigned to be an approver of the submitted ides. Along with selecting this option you need to map the CoE Cockpit Approver role to your login to access the CoE Approver page. For more information on role mapping, see Role Mapping. |
NOTE: |
If a Super Admin unselects both the access (ideator and approver) for an user, then CoE Cockpit page will not be accessible. Any user by default will have ideator access, when mapped to existing roles other than the CoE Cockpit approver. |
Process Design
This access allows users in a specific role to access AssistEdge Automation Studio and Low code orchestrator designer.
Assisted Automation
Access Label | Access Description |
Decision Workbench | To access the Decision Workbench is assigned to a role by selecting the <Decision Workbench > access.
|
Engage | To access engage, user needs to be assigned to a role which has <Engage> access. This access enables user to access Engage component. |
Enterprise Personal Assistant |
Enterprise Personal Assistant (EPA) bot usage access is governed by this access control. User will be able to use Enterprise Personal Assistant Bot when a valid EPA Automation license is uploaded in the License Manager and a user is assigned a role which has this access. |
Web Engage | To access web engage, user needs to be assigned to a role which has <Web Engage> access. The Web Engage URL is shared over email with the user once you assign the Web Engage page access. In a given implementation engage and web engage access can’t be granted together. |
Business Apps |
To access Business apps, user needs to be assigned to a role which has <Business Apps> access.This access enables user to access the Low code orchestrator apps, but you cannot edit the apps and processes.
For more information about Business Apps, see Process Orchestrator. |
Administration
Access Label | Access | |
Configuration |
Access | Description |
Hierarchy Configuration | By selecting the Hierarchy Configuration checkbox, the user is allowed to add, edit or delete entities on the Hierarchy Configuration page. | |
Manage Entity Hierarchy | By selecting the Manage Entity Hierarchy check box, the user allowed to view and manage the entities. | |
Manage Profiles |
By selecting the Manage Profiles check box, user is allowed to:
|
|
Profile Application Mapping | By selecting the Profile Application Mapping check box, the user is allowed to view, map or unmap applications to profiles on the Profile Application Mapping page. | |
Manage Role | By selecting the Manage Roles check box, the user is allowed to add new roles, insert a role or specify a role on the Manage Roles page. | |
System Settings | By selecting the System Settings check box, the user is allowed to edit the settings for different modules on the System Settings page. | |
SMTP Setting | By selecting the SMTP Settings check box, the user is allowed to enter the details for SMTP settings on the SMTP Settings page. | |
Data Retention Policy | By selecting the Data Retention Policy check box, the user is allowed to edit the details for various indexes on the Data Retention Policy page. | |
Broadcast Manager | Publish Messages | By selecting the Publish Messages check box, the user is allowed to edit the publishing settings. |
View Report | By selecting the View Report check box, the user is allowed to select a date range to view the report. | |
Manage Templates | By selecting the Manage Templates check box, the user is allowed to add, edit or delete templates. | |
View Messages | By selecting the View Messages check box, the user is allowed to view messages by filtering on Message Type, Priority or Publish Date. | |
User Management | View Users | By selecting the View Users check box, the user is allowed to search for users and view Hierarchy Tree. |
Manage Users | By selecting the Manage Users check box, the user is allowed to add or edit users. | |
User Mappings | By selecting the User Mappings check box, the user is allowed to map the profile, process or roles for users. | |
Product Usage | By selecting the Product Usage check box, the user is allowed to view the product usage for users. | |
Notes Management | Manage Notes | By selecting the Manage Notes check box, the user is allowed to add, edit or delete notes. |
Notes Mapping | By selecting the Notes Mapping check box, the user is allowed to add or remove notes mapping. | |
Central Key Management | By selecting Central Key Management check box, user is assigned access to the Central Key Management page in Admin module. | |
License Management | By selecting License Management check box, user is assigned access to the License Management page in Admin module. | |
Vanguard | By selecting Vanguard check box, user is assigned access to the Vanguard page, for Settings and Alert Configurations, under Module Configuration in Admin module | |
Green RPA | By selecting Green RPA check box, user is assigned access to the Green RPA page in Admin module |