Read and Review Automation Anywhere Documentation

Automation 360

Close Contents

Contents

Open Contents

Defining Custom Role for IQ Bot

  • Updated: 10/19/2021
    • Automation 360 v.x
    • Explore
    • RPA Workspace

Defining Custom Role for IQ Bot

By defining granular permissions for various roles within IQ Bot, role-based access control (RBAC) enables or restricts access to new learning instances, related features, and functionality. In this article, you will learn about RBAC for Custom roles in IQ Bot.

IQ Bot supports two types of role definitions:

  • System Roles in Control Room: These are built-in roles that have pre-defined set of permissions that are not configurable. Create administrator, services, and Validator IQ Bot users with Microsoft Windows credentials using the following roles:
  1. AAE_IQ Bot Admin
  2. AAE_IQ Bot Services
  3. AAE_IQ Bot Validator
  • Custom Roles in Control Room: These roles can be customized and modified to grant granular permissions to an IQ Bot user. Assigning custom roles at an organization-wide level gives role users permission to manage all organization resources, and at the same time, this scope can also be narrowed down to a department-specific perspective.

The Control Room provides access to the creation of custom roles and managing role privileges for users with the View and Manage Roles privilege.:

View learning instances
A user can enable any of the following permissions by selecting it from the list:
  • View my learning instances

    This permission allows user to access their own learning instances.

  • View learning instances from the same role

    This permission allows a user to only view learning instances created using a specific role.

  • View all learning instances

    This permission allows users to view all learning instances created by any user across all roles.

Note: If multiple users have access to one role, then all these users will have access to the same learning instance. This happens when View learning instances from the same role is enabled.
Things to remember:
  1. Ensure that users with View learning instance from the same role do not have non-IQ Bot roles
  2. Users who create learning instances must not be assigned non-IQ Bot roles
  3. It is required that creators of learning instances for a specific department must be assigned a minimum of two roles:
    • To Create a learning instance
    • A dummy role with View learning instance from the same role
  4. To do any activity using a department's learning instance (example: train, edit, etc), a user must be assigned both a role to complete this activity and a dummy role.
    Note: Permissions for the following have not been established:
    • Delete learning instance
    • Edit learning instance
    • Send learning instance to production
    • Export domain
  5. Migration of learning instances do not migrate roles. Role assignment to the learning instances are handled by the backend of the target system. Ensure that you reach out to Automation Anywhere Support for the same.
  6. A user must be able to access only one type of learning instance at a time.
    Note: If a user trains learning instance groups, then the role permissions are applicable to all learning instances they get assigned.
    • Example: User abcHR creates learning instance 1 (LI1), L12, LI3 and a role LIHRTrain
    • The following permissions are not currently supported in IQ Bot for the user abcHR:
      1. Learning instance 1 (LI1) - Train groups and not Validate or Edit learning instance
      2. Learning instance 2 (LI2) - Validate and not Train or Edit learning instance
      3. Learning instance 3 (LI3) - Edit and not Train or Validate learning instance
Send Feedback