Migrate RBAC to Automation 360 IQ Bot On-Premises
Migrate RBAC from an earlier IQ Bot version (11.3.5.x or later) to Automation 360 IQ Bot On-Premises for the latest features and enhancements.
Create new custom roles (department roles) corresponding to each department or
organizational unit in Control Room.
Consider a scenario where you have setup the RBAC across various departments in your organization with HR_Dept, Finance_Dept and Sales_Dept as the department roles. For sub-divisions within these departments, the roles can be Finance_AP_Payments, Finance_Cash_Payments, and so on.
Ensure you give the following permissions for each department role that you
- View IQ Bot
- View learning Instances
- View learning instances for same role in Control Room
Add the respective department roles to all of the IQ Bot users
in Control Room.
For example, Sam from the Human Resource department is assigned the HR_Dept role and Susan from the Finance department is assigned the Finance_Dept role.
Associate users who create learning instances with the corresponding
Users creating learning instances for a department can only be associated with IQ Bot roles. For example, these users cannot be associated with roles such as AA Basic, AA Bot Developer, and so on.
Additionally, only the IQ Bot custom role with Create learning instance permission must be assigned along with the corresponding department role.
Backup the LearningInstanceRoles table in the Automation 360 IQ Bot database.
The database schema name is IQBot.
Use the following database query to get the list of learning instances and the
roles from the migrated Automation 360 IQ Bot database:
SELECT p.name as LearningInstance, r.projectid as LearningInstanceID, r.role as Role FROM [IQBot].[dbo].LearningInstanceRoles r inner join [IQBot].[dbo].ProjectDetail p on r.projectid=p.id;
Download the output query of the database to a local CSV file.
For example, learninginstanceroles.csv
Remove all the role entries against the learning instances in the local CSV
For example, learninginstanceroles.csv. After removing the role entries, duplicate rows for each learning instance must be removed to keep just 1 row per learning instance in the CSV file.Note: If there are learning instances which are not RBAC controlled, then role entries must not be changed
- Assign the department role (Step 3) to each of the learning instance in the local CSV file and save your changes.
Remove all the entries from the LearningInstanceRoles
table in IQBot database scheme.
You can use the following SQL command to remove the entries:
DELETE from [IQBot].[dbo].LearningInstanceRoles;
Insert the modified learning instance role association defined in local CSV
file (Step 8) into the LearningInstanceRoles table.
For example, use the following SQL statement:
INSERT INTO [IQBot].[dbo].LearningInstanceRoles (projectid, role) values (‘i13454546erty’, ‘HR_Dept’);
- Verify the RBAC setup in Automation 360 IQ Bot and ensure that only the correct users have the access to the learning instances.