RBAC on packages

Based on the business requirements and expertise of developers, administrators can restrict package access for a simplified developer experience, along with the capability to enforce access policies for custom groups.

Overview

The RBAC feature helps you to set access at the package level to restrict usage and execution of packages to improve security. This feature can be applied to all package types, including custom packages where you can control assigning and managing the packages to your users.

RBAC access to packages applies only to the task of creating bots. If a user role does not have access to a particular package, these users cannot view the package on the Actions palette and therefore cannot use it when creating bots. However, these users can run bots (created by a different user who has access to the package) that uses the package.

  • Each developer sees only the approved list of packages in their workspace.
  • Some packages might be available for all users, while some are available only for certain groups.

The following image shows how RBAC can be set for user roles and groups:

RBAC on packages

Benefits of packages RBAC

  • Centralized policy enforcement for secure, user-friendly developer access: Role-based access to automation provides enhanced security, confidence, and ease of use for developers.
  • Enterprise-wide access policy: Establish group-based package access with clear policies restricting package access to all the users or users with specific roles.
  • Access based on business needs: Create required access groups, expose group-appropriate library of packages, and manage the phased rollout of package access.
  • Simplified automation for citizen developers: Hide complex packages from the action palettes for citizen developers so that they can focus on easy-to-complete automation.
  • Automation reuse with compliance: Enable users to create utility bots from complex packages to use as cloned bots in the a private workspace or inside public bots.

The following image lists the benefits of packages RBAC:

Benefits of using RBAC on packages

User types

Administrator
  • Customizes packages so that they are accessible to developers based on the developers' expertise, skill, business group, and more.
  • Creates custom groups and assign access per group.
  • Rolls out packages in a phased manner to different types of developers.
  • Provides better control over how packages are made available to developers. For example:
    • New developers can avoid causing security risks as they do not have access to complex packages.
    • Advanced developers can get broader access to packages.

    An organization can enforce centralized control over package access and best practices through this feature.

Roles and permission required: Administrators with the View Users and Roles basic information and Manage packages permission.

Bot developer
  • Gets a customized view of packages in their workspace.
  • Simplified (easy-to-use) packages are enabled for Citizen Developers so that they can build a basic functional task bot using actions and packages available in their actions palette.
  • Advanced developers can get access based on the entitlements or privileges provided by the administrator.

Roles and permission required: Users with the View Users and Roles basic information and Manage packages permission.

See the following video for an overview of how RBAC is configured: