RBAC for Credential Vault credentials management

Credentials created in the Control Room are used across Bot Creators and Bot Runners.

These credentials are securely stored in the centralized Credential Vault to facilitate access control, and to divide in logical groups called lockers. These lockers enable complete separation between the credentials of one department from another.

Role-based permissions

Permissions for credential management-related roles include the following:

Manage my credentials and lockers
By default, all users can manage their own credentials and interact with the lockers to which they have permissions.
Manage my lockers
Allows the user to create and manage their own lockers.
Administer ALL lockers
User can do all the actions in the Admin row of the Locker permissions table below.
Create standard attributes for a credential
User can set an attribute value that remains the same for other users of that credential attribute.

Locker permissions

Locker permissions are set when a locker is created or edited. A user can have the following permissions in a locker:
View locker Edit locker Delete locker Add participant/owner Remove participant/owner View credential Assign credential Remove credential User-provided value Standard value
Consume
Participate
Manage
Own
Admin