Feature permissions for a role
- Updated: 2024/10/04
Feature permissions for a role
A user with the Manage roles permission can create and assign roles to users to provide them with access to features and operations.
Administration
| Permission | Description |
|---|---|
| View users | Allows users to only view all other users in the system.
They cannot create, edit, or delete users. Note: You
must assign this permission before assigning the
Create
user
Update user, or Delete user
permission. |
| Create users | Allows users to create new users in the Control Room. |
| Edit users | Allows users to edit all users in the system. |
| Delete users | Allows users to delete other users the Control Room. |
| View roles | Users with this permission are able to view the roles in
the Control Room. Note: You must assign
this permission before assigning the
Manage roles
permission. |
| Manage roles | Allows users to view and manage all roles in the Control Room. |
| View users and roles basic information | Allows users to view basic information on users and roles in the Control Room. |
| View Settings | Allows users to view all the administrator settings in the Control Room. However, users will be unable to edit the settings. |
| Manage Settings | Allows users to edit the administrator settings in the Control Room. |
| View and manage compliance reports | Allows users to view, create, and download compliance reports for users. |
| View migration | Allows users to view new migrations, but not run them. Note: You must assign this permission before assigning
the
manage migration permission. |
| Manage migration | Allows users to view and run new migrations. |
| Allow a Bot Runner user to run migrations | Allows Bot Runner user to update the bot conversion status in the Control Room. |
| View bot update | Allows a user to view the status and summary of each bot update instance when the bots are converted on the page. However, the user cannot run the updates. To do that, a user needs the Manage bot update permission. |
| Manage bot update | Allows a user to run new bot updates by using the Update Bot wizard. |
| Allow a Bot Runner user to update bots | Allows Bot Runner users to send bot update status back to the Control Room so
that it is visible in the Update Bot wizard report. This permission is assigned by default to the user with the AAE_Admin role. |
| View licenses | Allows users to view the license details for the Control Room. |
| Manage user's device licenses | Allows users to assign device licenses to other users. |
| Install licenses | Allows users to install Automation 360 licenses for the Control Room. |
| View policies | Allows users to view the policies which define how automations can be built. |
| Manage policies | Allows users to view and manage the policies which define how automations can be built. |
| View operations data | Allows users to view operations related widgets on the Automation Command Center homepage. |
| View operations details | Allows users to select widgets on the Automation Command Center homepage to view their operations details. |
Automation Co-Pilot for Business Users
| Permission | Product behavior |
|---|---|
| View and manage MY teams | Roles with this permission can view and manage Teams. This includes creating a new Team and adding and removing users on existing Team they created. |
|
View and manage ALL teams |
Roles with this permission can view and manage ALL teams. |
| View and manage ALL applications | Roles with this permission can access and manage applications created for their Automation Co-Pilot instance. The applications feature offers an iFrame widget of Automation Co-Pilot embedded in third party applications. |
| View and Manage ALL bots |
Roles with this permission will be able to access and manage bots created for their Automation Co-Pilot. |
| View and Manage ALL extensions |
Roles with this permission will be able to access and manage extensions created for their Automation Co-Pilot. |
| Extension API for Service Account |
Roles with this permission can be used to set up a service account, required for the Automation Co-Pilot extension. |
Process Composer
| Permission | Product behavior |
|---|---|
| Co-Pilot Scheduler |
Roles with this permission can be assigned as a scheduler user to run automation. |
|
View and manage all processes |
Roles with this permission have access to all processes. |
| View all requests from public processes |
Roles with this permission have access to processes in the public space. |
| View all requests from public and private processes |
Roles with this permission have access to processes in public and private spaces. |
| Delete my requests |
Users with a role with this permission can delete any requests assigned to them. |
| Delete my group requests |
Users with a role with this permission to delete any requests assigned to their group. |
| Delete all requests |
Roles with this permission can delete all requests. |
| View all tasks from public processes |
Roles with this permission have access to all tasks from processes in the public space. |
| View all tasks from public and private processes |
Roles with this permission have access to all tasks from processes in the public and private space. |
| Reassign my group tasks |
Users with a role with this permission can reassign tasks that are assigned to the group of the user. |
| Reassign all tasks |
Roles with this permission can reassign all tasks. |
API
| Permission | Description |
|---|---|
| Bot Insight Data API | Allows access to Bot Insight RESTful APIs to the data logged by the Control Room and by a task during production runs. |
| Generate API-Key | Users can generate an apiKey that can be used in the Authentication
API. Note: Users without the
generateapikey permission can use APIs by authenticating
using their username and password. Authentication API
|
Activity
| Permission | Description |
|---|---|
| View my activity | Allows users to view their in progress and historical activities. |
| Manage my activity | Allows users to pause, resume, or cancel their in progress activity and move their finished activities to history. |
| View activity from user's folder | Allows user to view in progress and historical activity of bots from the assigned folders where the user has either run or schedule access. |
| Manage activity from user's folder | Allows users to pause, resume or cancel in progress activity, and view historical activity for bots from the assigned folders where the user has either run or schedule access. |
| View everyone's activity | Allows users to monitor ongoing automations where the user has either run or schedule access on the respective bot. |
| Manage everyone's activity | Allows users to pause, resume, or cancel all in progress activities and move the finished activities to history. |
| View my scheduled bots | Allows users to view their own schedules only. |
| Schedule my bots to run | Allows users to schedule their bots to run when they have permission to view and manage Bot Runners. |
| Edit my scheduled activity | Allows users to edit their own schedules only. |
| Delete my scheduled activity | Allows users to delete their own schedules only. |
| View ALL scheduled activity from my Folders | Allows users to view all the schedules for the bot folders to which they have access. It includes their own schedules and schedules created by other users. |
| Manage ALL scheduled activity from my Folders | Allows users to view, edit, and delete all schedules for the bot folders to which they have access. It includes their own schedules and schedules created by other users. |
| View ALL scheduled activity | Allows users to view all the schedules in the system. This includes schedules that the user created or schedules created by other users. |
| Manage ALL scheduled activity | Allows users to view, edit, and delete all the schedules in the system. This includes schedules that the user created or schedules created by other users. |
| Set automation priority to high | Allows users to set the automation priority to high to run and schedule bots. Automations with high priority are given preference over the medium and low priority automations so that you can run and schedule the high priority automations. |
Audit log
| Permission | Description |
|---|---|
| View everyone's audit log actions | Allows users to view all audit log activity for the Control Room. |
Bots
| Permission | Description |
|---|---|
| View my bots | Allows users to view the bots they created
and bots that were assigned to them. Note: You must assign
this permission before assigning any other bots
permissions.
|
| Run my bots | Allows users to run the bots they created and bots that were assigned to them. |
| Export bots | Allows users to export bots and related bot dependencies for which they have download permission. |
| Download exported files | Allows users to download exported zip files. |
| Import bots | Allows users to import bots and bot dependencies for which they have upload permission. |
| Label bots | Allows users to create labels for a particular version of a
bot. These labels allow the users to schedule, run, queue,
export, and trigger bot development workflows with the
version of their choice. Note: The Set production
version permission is redundant in Automation 360 although it might be displayed when you
migrate bots from Enterprise 11. The
Label bots permission is the equivalent of
Set production version in Automation 360.
If you want to select the Export bots option, you must select the Set production version permission in such cases. Also, if you want to provide the ability to set production version, you must select the Label bots permission. |
| Recover bots | Allows users to recover the private workspace of deleted users (Bot Creators or Citizen Developers) |
| Create folders | Allows users to create folders within the folders that they have access to. |
| Rename folders | Allows users to rename the folders to which they have
access. Note: Only empty folders can be renamed.
|
| Cancel checkout | Allows users to cancel bot checkout and unlock the file from the public repository. |
| Restore from git | Allows users to restore bots and files from Git. |
| Download data files | Allows users to download data files (non-bot
files) such as .docx, .xls, .txt, and so on from
Private and Public
workspaces in Control Room. Note: The Download data
files permission requires the Enterprise Platform license. See Enterprise Platform.
|
Bot Insight
| Permission | Description |
|---|---|
| View and manage default business dashboards | Allows users to perform operations such as view, save, save as, delete on default or custom dashboards from private folder bots. |
| View published dashboards | Allows users to view the published dashboards for all public folder bots. |
| Manage published dashboards | Allows users to perform operations such as save, save as, delete, add chart on published dashboards from public folder bots. |
| View operations data | Allows users to view operations data for all the bots irrespective of the folder permissions. |
Bot Store
| Permission | Description |
|---|---|
| View Bot Store | Allows users to view Bot Store. |
| Add bots from Bot Store to My Bots | Allow users to add bot packages from Bot Store to their Control Room private workspace. |
| Submit bots to Bot Store | Allow users to submit bot packages to Bot Store. |
Code analysis policy enforcement
| Permission | Description |
|---|---|
| Enable enforcement for bot check-in | Allows users to check in the automation file if it has no code analysis violations. |
| Allow check-in with low severity violations | Allows users to check in the automation file if it has low severity code analysis violations. |
| Allow check-in with high severity violations | Allows users to check in the automation file if it has high severity code analysis violations. |
Credentials
| Permission | Description |
|---|---|
| Manage my credentials and lockers | Allows users to create, edit, and delete their own credentials. In addition, the user can interact with credentials from their assigned lockers. |
| Manage my lockers | Allows users to create and manage their own lockers. |
| Administer ALL lockers | Allows users to create, edit, and delete all lockers (including lockers created by other users) available in their Control Room. |
| Create standard attributes for a credential | Allows users to create a standard attribute for a credential that is shared across all users of that credential. |
| View and edit ALL credentials attributes value | Allows authorized users to access and
modify attribute values for all credentials, including masked credentials,
through APIs Important: Be
extremely cautious while granting this permission, as it will provide the
user with access to all credential values including passwords.
|
| Bot Auto-Login Credentials API | Allow users to automate the login process to run bots remotely. |
Note: A user with the
AAE_Locker Admin
role can view all credentials and lockers in the Control Room. See System roles.Dashboards
| Permission | Description |
|---|---|
| View dashboards | Allows users to view the dashboard. |
Devices
| Permission | Description |
|---|---|
| Register device | Allows users to register a local host device. Devices |
| Edit the devices | Allows users to edit the devices that they have permission
to see. Allows you to view and manage
all (registered and non-registered) devices from a specific accessible
group.
Note: To view and manage registered and
non-registered devices,
|
| Devices from my device pools | Allows users to view and edit devices from the device pools that they own. |
| Run as users default devices | Allows users to view and edit run-as users default devices that they have access to. |
| Delete the devices | Allows users to edit the devices that they have permission to see. |
| View and manage ALL devices | Allows users to view and manage all devices in the Control Room. |
| View all bot runner users | Allows users to view and add all run-as-users (unattended Bot Runner users) when creating a role, running bots, or scheduling bots. |
| Attest device credentials | Allows users to attest device credentials
for Bot Runner users. You can deploy bots on user devices with unlocked and active
user session without a system password to bypass credential validation. Note: This permission works only if the auto-login setting
Reuse an existing session is
selected in the Control Room by the
administrator.
|
| View and manage my Bot Runners, Bot Creators and device pools | Allows users to view and manage Bot Creators, Bot Runners, and device pools. Note: All roles have this permission
by default.
|
| Create device pools | Allows users to create and manage their own device pools. |
| Administer ALL device pools | Allows users to manage all device pools. |
Note: A user with the
AAE_Pool Admin
role can manage all device pools in the Control Room.
See System roles.Discovery Bot process
| Permission | Description |
|---|---|
| View assigned process | Allows users to view assigned
processes. Note: This is the standard permission. You
must assign this permission before assigning any process discovery
permissions.
|
| View all processes | Allows users to view all the defined processes. |
| Edit process | Allows users to create and edit processes. |
Discovery Bot recording
| Permission | Description |
|---|---|
| View all recordings | Allows users to view all recordings. |
| View own recording | Allows users to view their own
recording. Note: You must assign this permission before
assigning any of the following permissions.
|
| Run recorder and create recording | Allows users to run the recorder and create recording. |
| Edit own recording | Allows users to edit their own recording. |
| Delete own recording | Allows users to delete their own recording. |
Discovery Bot aggregation
| Permission | Description |
|---|---|
| View all aggregation | Allows users to view all aggregations. |
| View own aggregation | Allows users to view their own
aggregations. Note: You must assign this permission
before assigning any of the permissions below.
|
| Create or delete own aggregation | Allows users to create and delete aggregations. |
| Edit aggregation | Allows users to update aggregations. |
| View system generated aggregation | Allows users to view system aggregations. |
Discovery Bot opportunity
| Permission | Description |
|---|---|
| View all opportunities | Allows users to view all opportunities. |
| View opportunity | Allows users to view opportunities within
assigned process. Note: You must assign this permission
before assigning any of the permissions below.
|
| Create or delete opportunity | Allows users to create and delete opportunities within the assigned process. |
| Convert to bot | Allows users to convert an opportunity to a bot. |
| Export opportunity | Allows users to export an opportunity. |
Event triggers
| Permission | Description |
|---|---|
| View event triggers | Allows users to view event triggers. |
| Manage event triggers | Allows users to view and manage event
triggers. Note: You must assign the
view permission before assigning this
permission. |
Global values
| Permission | Description |
|---|---|
| View and manage global values | Allows users to view, create, edit, and delete global values. |
IQ Bot
| Permission | Description |
|---|---|
| View IQ Bot | Allows users to view the default
dashboards in the IQ Bot portal. Note: You must assign this permission before assigning any of
the other IQ Bot permissions.
|
IQ Bot administration permissions
| Permission ID | Description |
|---|---|
| View Administration | Allows users to access the Administration tab in the IQ Bot portal. Note: You must
assign this permission before assigning any other administration
permissions.
|
| View and manage settings | Allows users to manage the IQ Bot portal advanced configuration settings. |
| View and manage migration | Allows users to access the migration utility to import and export learning instances in the IQ Bot portal. |
IQ Bot domains permissions
| Permission | Description |
|---|---|
| View domains | Allows users to view all domains in the
IQ Bot portal. Note: You
must assign this permission before assigning any other domain
permissions.
|
| Create domains | Allows users to create domains in the IQ Bot portal. |
| Import domains | Allows users to import domains in the IQ Bot portal. |
| Export domains | Allows users to export domains in the IQ Bot portal. |
IQ Bot learning instance permissions
| Permission | Description |
|---|---|
| View learning instances | Allows users to view their learning
instances in the IQ Bot portal. Note: You must assign this permission before assigning any
other learning instance permission.
|
| View learning instances from the same role | Allows users to view learning instances created by other users with the same role in the IQ Bot portal. |
| View ALL learning instances | Allows users to view all learning instances in the IQ Bot portal. |
| Launch validator | Allows users to access the IQ Bot Validator to review and update documents with exceptions. |
| Create learning instances | Allows users to create learning instances in the IQ Bot portal. |
| Edit learning instances | Allows users to edit learning instances in the IQ Bot portal. |
| Delete learning instances | Allows users to delete their learning instances in the IQ Bot portal. |
| Send learning instances to production | Allows users to send their learning instances to production in the IQ Bot portal. |
| Train learning instance groups | Allows users to train their learning instance groups in the IQ Bot portal. |
OAuth connections
| Permission | Description |
|---|---|
| View connections | Allows users to view the configured OAuth connections and their respective attributes. |
| Manage connections | Allows users to create, edit, and delete OAuth connections. |
Package manager
| Permission | Description |
|---|---|
| View packages | Allows users to view packages. |
| Manage packages | Allows users to view and manage packages. |
Workload
| Permission | Description |
|---|---|
| Schedule my bots to run | Allows a user to run a bot with queue |
| View and manage all activities from my folders | Allows users to pause, resume, and stop all the WLM automations on the bot folders which they have access to. |
| View and manage all activities | Allows users to pause, resume, and stop all the WLM automations. |
| Create queues | Allows users to create and manage their own queues. |
| Manage ALL queues | Allows users to manage all queues. |
| Export queues | Allows users to export queues. |
| Import queues | Allows users to import queues. |
Note: A user with the
AAE_Queue Admin role has all
the workload permissions. In addition, the AAE_Queue Admin can manage
all the queues in the Control Room. See System roles.Update Bot wizard permissions
You can assign feature permissions to access and convert a bot from Internet Explorer to Microsoft Edge with IE by using the Update Bot wizard. These permissions can be assigned from the page.
| Permission | Description |
|---|---|
| View bot update | Allows a user to view the status and summary of each bot update instance when the bots are converted on the page. However, the user cannot run the updates. To do that, a user needs the Manage bot update permission. |
| Manage bot update | Allows a user to run new bot updates by using the Update Bot wizard. |
| Allow a Bot Runner user to update bots | Allows Bot Runner users to send bot
update status back to the Control Room so
that it is visible in the Update Bot wizard report. This permission is assigned by default to the user with the AAE_Admin role. |