Defining Custom Role for IQ Bot
By defining granular permissions for various roles within IQ Bot, role-based access control (RBAC) enables or restricts access to new learning instances, related features, and functionality. In this article, you will learn about RBAC for Custom roles in IQ Bot.
IQ Bot supports two types of role definitions:
- System Roles in Control Room: These are built-in roles that have pre-defined set of permissions that are not configurable. Create administrator, services, and Validator IQ Bot users with Microsoft Windows credentials using the following roles:
- AAE_IQ Bot Admin
- AAE_IQ Bot Services
- AAE_IQ Bot Validator
- Custom Roles in Control Room: These roles can be customized and modified to grant granular permissions to an IQ Bot user. Assigning custom roles at an organization-wide level gives role users permission to manage all organization resources, and at the same time, this scope can also be narrowed down to a department-specific perspective.
The Control Room provides access to the creation of custom roles and managing role privileges for users with the View and Manage Roles privilege.:
- View learning instances
- A user can enable any of the following permissions by selecting it from
- View my learning instances
This permission allows user to access their own learning instances.
- View learning instances from the same
This permission allows a user to only view learning instances created using a specific role.
- View all learning instances
This permission allows users to view all learning instances created by any user across all roles.
- View my learning instances
- Ensure that users with View learning instance from the same role do not have non-IQ Bot roles
- Users who create learning instances must not be assigned non-IQ Bot roles
- It is required that creators of learning instances for a specific department
must be assigned a minimum of two roles:
- To Create a learning instance
- A dummy role with View learning instance from the same role
- To do any activity using a department's learning instance (example: train,
edit, etc), a user must be assigned both a role to complete this activity
and a dummy role.Note: Permissions for the following have not been established:
- Delete learning instance
- Edit learning instance
- Send learning instance to production
- Export domain
- Migration of learning instances do not migrate roles. Role assignment to the learning instances are handled by the backend of the target system. Ensure that you reach out to Automation Anywhere Support for the same.
- A user must be able to access only one type of learning instance at a
time.Note: If a user trains learning instance groups, then the role permissions are applicable to all learning instances they get assigned.
- Example: User abcHR creates learning instance 1 (LI1), L12, LI3 and a role LIHRTrain
- The following permissions are not currently supported in IQ Bot for the user abcHR:
- Learning instance 1 (LI1) - Train groups and not Validate or Edit learning instance
- Learning instance 2 (LI2) - Validate and not Train or Edit learning instance
- Learning instance 3 (LI3) - Edit and not Train or Validate learning instance