Assign roles and permissions to enable AI governance
- Updated: 2024/09/26
Assign roles and permissions to enable AI governance
Review these required roles and permissions for the Automation Admin, Automation Lead, and GRC Lead to ensure they can access the AI governance features to monitor all model interaction logs for compliance and security.
The following personae would benefit from viewing and monitoring the AI governance logs:
- System roles: AAE_Admin and AAE_Basic
- Custom role with specific settings enabled for AI governance
as follows:
- .
- .
- .
- .
- .
- Settings: to enable data logging for users.
The Automation Admin can enable settings and assign a custom role (with required permissions) to the Automation Lead and GRC Lead in their organization to give them access to all logs for monitoring and implementing compliance.
Enable data logging for AI governance
To enable AI governance in the Control Room navigation, the Automation Admin would first enable data logging for the users.
Control Room version | Bot Agent version | Generative AI Packages | Generative AI Prompt Template package version | Task impact |
---|---|---|---|---|
Automation 360 v.33 and later | 22.60.10 and later | v.1.9.0 | v.2.0.6 |
|
Automation 360 v.32 and earlier | earlier than 22.60.10 | v.1.9.0 | v.2.0.6 |
|
Automation 360 v.33 and later | Earlier than 22.60.10 | v.1.9.0 | v.2.0.6 |
Note: Audit log data
generation fails due to non-compatible Bot Agent version.
|
Automation 360 v.34 | Earlier than 22.60.10 | v.1.9.0 | v.3.0.3 |
|
The data logging setting is disabled by default. The audit log summary of model interactions gets captured in the session logs in Session duration, Model name, Publisher, and External session ID. But no data displays for the Request configuration and External session ID fields.
tab, but the model interaction detail logs are blank due to lack of permission. Some of the data is visible for debugging such as:When this setting is enabled, the prompt inputs and responses exchanged with the models gets logged in View Prompt details and View Event details permissions to view the log details.
session details. The session details data is encrypted by default and requires the- Automation Lead and GRC Lead: Can view, monitor, and enforce compliance of all data generated from automation executions that involve foundational model interactions. These users are able to view logs for all users and can also drill-down to view additional log details.
- Pro Developers: Can capture logs for all automation executions they
create and run involving interactions with foundational models. These logs
could be generated from using
AI Skills, Model connections, or Generative AI
packages in automations created and run by them. These users
have permission to view the logs, but cannot drill-down to view additional
log details, unless given permission.Note: Prompts and AI Skills contain sensitive data and we suggest reviewing the need before providing permission to view log details.
With this enabled setting, data is available for viewing and monitoring in
and .- As an Automation Admin, log in to your Control Room.
- Navigate to .
- Click Edit and select Enable.
- Additionally, you also have the
option to enable the Data logging enabled toggle in the AI Skills editor. Detailed logs of the AI Skilldisplaying the prompt-text, response, and the model parameter settings will be
available in the screen.
This feature gives the Pro Developer the option to log prompt details when creating an AI Skill. The Automation Admin can enable this feature for the Pro Developers who would then see the Data logging enabled switch in the AI Skills editor screen. The Pro Developer has the ability to enable or disable this toggle from the AI Skills editor screen.
option. Once this option is enabled, the Pro Developer would see
the
- Log in to your Control Room environment.
- Navigate to .
- You are in the AI prompt log tab when you access AI governance from the navigation.
- Click the Event log tab to access the event details for each session.
Permission | Description | Persona assigned |
---|---|---|
View Settings | Allows users to view the | option.
|
Manage Settings | Allows users to enable or disable the | option.
Automation Admin |
View AI prompt log | Allows users to view consolidated session details of model interaction logs in the | tab, and perform search, sort, and export logs to csv file.
|
View AI prompt log details |
Allows users to view details for each AI prompt log session. A session can contain multiple model interactions, all of which will be displayed under the session details. |
The detail view could contain sensitive information, hence
additional permissions will be required to access this
information.
Note: The Automation
Admin, Automation Lead, and GRC Lead would be able to
view these details for all users. Note: The Pro Developer can view these
details only if this setting is enabled for them: . |
View Event logs | Allows users to view details of each AI prompt log session by events. The event details can be viewed in tab, and perform search, sort, and export logs to csv file. |
|
View Event logs details | Allows users to view the consolidated model interactions log of all event details. |
The detail view could contain sensitive information, hence
additional permissions will be required to access this
information.
Note: The Automation
Admin, Automation Lead, and GRC Lead would be able to
view these details for all users. Note: The Pro Developer can view these
details only if this setting is enabled for them: . |