Data protection and access controlDownload as PDFSave selected topicSave selected topic and subtopicsSave all topicsShareShare to emailCopy topic URLUpdated: 2019/09/06Enterprise Data protection and access control Enterprise 11: Independent categories for Bot Creators and Bot RunnersFor logical separation of duties, Control Room divides automation users into two broad categories: Bot Creators (development) users and Bot Runners (run-time) users.Role Based Access Control Control Room implements Least Privileges and Separation of Duties through a configurable Role-Based Access Control (RBAC) capability that conforms to requirements in NIST AC 2, 3, 5, and 6.Enterprise 11: RBAC on botsAccess is deny-all and allow by exception based on roles.Enterprise 11: RBAC on Bot RunnersRole-based access control (RBAC) on Bot Runners facilitates complete isolation of one department Bot Runner seamlessly from the remaining department Bot Runners.RBAC for Credential Vault credentials management in Enterprise 11Credentials created in the Control Room are used across Bot Creators and Bot Runners.Enterprise 11: Role-based processing domainsThe Control Room RBAC applies the least privilege principles to domains by implementing Processing Domains, specifying role-based privileges, and permissions at the bots and Bot Runners level. Enterprise 11: RBAC on Audit logAudit is automated for all privileged and nonprivileged roles to conform to best practices, as defined in NIST AC-6.Enterprise 11: RBAC on viewing bot activity The Control Room Activity menu provides options shows the status of the Automation Anywhere Enterprise automations. These options are: In Progress, Scheduled, and Historical. Enterprise 11: RBAC on user managementAccess is deny-all and allow by exception based on roles, domains as defined in RBAC. Only those users with access to User Management can manage users in system.Enterprise 11: RBAC on roles and permissions managementAccess is deny-all and allow by exception based on roles, domains as defined in RBAC.Enterprise 11: RBAC on bot schedulesAccess is deny-all and allow by exception based on roles, domains as defined in RBAC.Enterprise 11: RBAC on license managementAccess to license management is deny-all and allow by exception based on roles, domains as defined in RBAC.Secure application partitioning Automation Anywhere provides security options to enable and enforce secure bot execution consistent with best practices under NIST SC-2: Secure Application Partitioning.Enterprise 11: Bot execution access by dynamic access tokenThe Control Room implements and enforces a Trusted Path for registration and authentication of Bot Creators and Bot Runners in accordance with NIST SC-11 to protect against any attempt to execute unauthorized bots.Secure credential store Credential VaultThe Automation Anywhere platform provides a centralized Credential Vault to securely store all credentials and provision them to bots on an on-demand basis.Security at-restSecurity in-transit: support for secure protocolsThe Automation Anywhere platform supports secure protocols such as Transport Layer Security (TLS) 1.2 and HTTPS data transfer.Parent topic: Enterprise 11 security architecture
Data protection and access control Enterprise 11: Independent categories for Bot Creators and Bot RunnersFor logical separation of duties, Control Room divides automation users into two broad categories: Bot Creators (development) users and Bot Runners (run-time) users.Role Based Access Control Control Room implements Least Privileges and Separation of Duties through a configurable Role-Based Access Control (RBAC) capability that conforms to requirements in NIST AC 2, 3, 5, and 6.Enterprise 11: RBAC on botsAccess is deny-all and allow by exception based on roles.Enterprise 11: RBAC on Bot RunnersRole-based access control (RBAC) on Bot Runners facilitates complete isolation of one department Bot Runner seamlessly from the remaining department Bot Runners.RBAC for Credential Vault credentials management in Enterprise 11Credentials created in the Control Room are used across Bot Creators and Bot Runners.Enterprise 11: Role-based processing domainsThe Control Room RBAC applies the least privilege principles to domains by implementing Processing Domains, specifying role-based privileges, and permissions at the bots and Bot Runners level. Enterprise 11: RBAC on Audit logAudit is automated for all privileged and nonprivileged roles to conform to best practices, as defined in NIST AC-6.Enterprise 11: RBAC on viewing bot activity The Control Room Activity menu provides options shows the status of the Automation Anywhere Enterprise automations. These options are: In Progress, Scheduled, and Historical. Enterprise 11: RBAC on user managementAccess is deny-all and allow by exception based on roles, domains as defined in RBAC. Only those users with access to User Management can manage users in system.Enterprise 11: RBAC on roles and permissions managementAccess is deny-all and allow by exception based on roles, domains as defined in RBAC.Enterprise 11: RBAC on bot schedulesAccess is deny-all and allow by exception based on roles, domains as defined in RBAC.Enterprise 11: RBAC on license managementAccess to license management is deny-all and allow by exception based on roles, domains as defined in RBAC.Secure application partitioning Automation Anywhere provides security options to enable and enforce secure bot execution consistent with best practices under NIST SC-2: Secure Application Partitioning.Enterprise 11: Bot execution access by dynamic access tokenThe Control Room implements and enforces a Trusted Path for registration and authentication of Bot Creators and Bot Runners in accordance with NIST SC-11 to protect against any attempt to execute unauthorized bots.Secure credential store Credential VaultThe Automation Anywhere platform provides a centralized Credential Vault to securely store all credentials and provision them to bots on an on-demand basis.Security at-restSecurity in-transit: support for secure protocolsThe Automation Anywhere platform supports secure protocols such as Transport Layer Security (TLS) 1.2 and HTTPS data transfer.Parent topic: Enterprise 11 security architecture
Data protection and access control Enterprise 11: Independent categories for Bot Creators and Bot RunnersFor logical separation of duties, Control Room divides automation users into two broad categories: Bot Creators (development) users and Bot Runners (run-time) users.Role Based Access Control Control Room implements Least Privileges and Separation of Duties through a configurable Role-Based Access Control (RBAC) capability that conforms to requirements in NIST AC 2, 3, 5, and 6.Enterprise 11: RBAC on botsAccess is deny-all and allow by exception based on roles.Enterprise 11: RBAC on Bot RunnersRole-based access control (RBAC) on Bot Runners facilitates complete isolation of one department Bot Runner seamlessly from the remaining department Bot Runners.RBAC for Credential Vault credentials management in Enterprise 11Credentials created in the Control Room are used across Bot Creators and Bot Runners.Enterprise 11: Role-based processing domainsThe Control Room RBAC applies the least privilege principles to domains by implementing Processing Domains, specifying role-based privileges, and permissions at the bots and Bot Runners level. Enterprise 11: RBAC on Audit logAudit is automated for all privileged and nonprivileged roles to conform to best practices, as defined in NIST AC-6.Enterprise 11: RBAC on viewing bot activity The Control Room Activity menu provides options shows the status of the Automation Anywhere Enterprise automations. These options are: In Progress, Scheduled, and Historical. Enterprise 11: RBAC on user managementAccess is deny-all and allow by exception based on roles, domains as defined in RBAC. Only those users with access to User Management can manage users in system.Enterprise 11: RBAC on roles and permissions managementAccess is deny-all and allow by exception based on roles, domains as defined in RBAC.Enterprise 11: RBAC on bot schedulesAccess is deny-all and allow by exception based on roles, domains as defined in RBAC.Enterprise 11: RBAC on license managementAccess to license management is deny-all and allow by exception based on roles, domains as defined in RBAC.Secure application partitioning Automation Anywhere provides security options to enable and enforce secure bot execution consistent with best practices under NIST SC-2: Secure Application Partitioning.Enterprise 11: Bot execution access by dynamic access tokenThe Control Room implements and enforces a Trusted Path for registration and authentication of Bot Creators and Bot Runners in accordance with NIST SC-11 to protect against any attempt to execute unauthorized bots.Secure credential store Credential VaultThe Automation Anywhere platform provides a centralized Credential Vault to securely store all credentials and provision them to bots on an on-demand basis.Security at-restSecurity in-transit: support for secure protocolsThe Automation Anywhere platform supports secure protocols such as Transport Layer Security (TLS) 1.2 and HTTPS data transfer.Parent topic: Enterprise 11 security architecture