Assign roles and permissions to enable AI governance

Review these required roles and permissions for the Automation Admin, Automation Lead, and GRC Lead to ensure they can access the AI governance features to monitor all model interaction logs for compliance and security.

The following personae would benefit from viewing and monitoring the AI governance logs:

Key personae using AI governance

The Automation Admin requires these roles and permissions to perform their tasks successfully:
  • System roles: AAE_Admin and AAE_Basic
  • Custom role with specific features enabled for AI governance:
    • Administration > View Settings > Manage Settings to enable data logging for other users
    • AI governance > View AI prompt logs > View AI prompt details
    • AI governance > View AI event logs > View AI event details
    • Model connections > View Model Connections > Manage Model Connections
  • Settings: Administration > Settings > AI Data Management > enabled.

The Automation Admin can enable settings and assign a custom role (with required permissions) to the Automation Lead and GRC Lead in their organization to give them access to all logs for monitoring and implementing compliance.

Enable data logging for AI governance

To enable AI governance in the Control Room navigation, the Automation Admin would first enable data logging for the users.

There is a Bot Agent version dependency to ensure that all audit logs for generative AI interactions get logged and displayed. Refer to the table below to understand the impact of incompatible Bot Agentversions.
注: We recommend using Bot Agent version 22.60.10 and above for successful data logging. If you encounter a run-time error during a Bot execution, we recommend updating to the latest available Bot Agent version and run the Bot again.
Control Room version Bot Agent version Generative AI Packages Generative AI Prompt Template package version Task impact
Automation 360 v33 and above v22.60.10 and above v1.9.0 v2.0.6
  • Bot execution is successful.
  • Audit logging feature is available and successful.
  • AI governance feature is available.
Automation 360 v32 and below Below v22.60.10 v1.9.0 v2.0.6
  • Bot execution is successful.
  • Audit logging data is unavailable.
  • AI governance feature is unavailable.
Automation 360 v33 and above Below v22.60.10 v1.9.0 v2.0.6
  • Bot execution is successful.
  • Audit logging feature is available.
  • Audit logging data is unavailable, as the Bot Agent version is not compatible.
注: Audit log data generation fails due to non-compatible Bot Agent version.

The data logging setting is disabled by default. The audit log summary of model interactions gets captured in the session logs in Administration > AI governance > AI prompt tab, but the model interaction detail logs are blank due to lack of permission. Some of the data is visible for debugging such as: Session duration, Model name, Publisher, and External session ID. But no data displays for the Request configuration and External session ID fields.

When this setting is enabled, the prompt inputs and responses exchanged with the models gets logged in Administration > AI governance > AI prompt session details. The session details data is encrypted by default and requires the View Prompt details and View Event details permissions to view the log details.

Data logging settings for AI governance

This setting needs to be enabled for these users to see the logs:
  • Automation Lead and GRC Lead: Can view, monitor, and enforce compliance of all data generated from automation executions that involve foundational model interactions. These users are able to view logs for all users and can also drill-down to view additional log details.
  • Pro Developers: Can capture logs for all automation executions they create and run involving interactions with foundational models. These logs could be generated from using Prompt Templates, Model connections, or Generative AI packages in automations created and run by them. These users have permission to view the logs, but cannot drill-down to view additional log details, unless given permission.
    注: Prompts and Prompt Templates contain sensitive data and we suggest reviewing the need before providing permission to view log details.

With this enabled setting, data is available for viewing and monitoring in AI governance > AI prompt log and AI governance > Event log.

  1. As an Automation Admin, log in to your Control Room.
  2. Navigate to Administration > Settings > AI Data Management > Data logging settings.
  3. Click Edit and select Enable.
Once the setting has been enabled by the Automation Admin and permissions assigned to the users such as the Pro Developer, Automation Lead, and GRC Lead, they can log in to the Control Room to view AI governance in the navigation panel as follows:
  1. Log in to your Control Room environment.
  2. Navigate to Administration > AI governance.
  3. You are in the AI prompt log tab when you access AI governance from the navigation.
  4. Click the Event log tab to access the event details for each session.
Refer to the following permissions table for a better understanding of their use and their relevance to the different personae:
Permission Description Persona assigned
View Settings Allows users to view the Administration > Settings > AI Data Management option.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
Manage Settings Allows users to enable or disable the Administration > Settings > AI Data Management > Data logging settings option.

Automation Admin
View AI prompt log Allows users to view consolidated session details of model interaction logs in the Administration > AI governance > AI Prompt log tab, and perform search, sort, and export logs to csv file.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
View AI prompt log details

Allows users to view details for each AI prompt log session.

A session can contain multiple model interactions, all of which will be displayed under the session details.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
The detail view could contain sensitive information, hence additional permissions will be required to access this information.
注: The Automation Admin, Automation Lead, and GRC Lead would be able to view these details for all users.
注: The Pro Developer can view these details only if this setting is enabled for them: Administration > Roles > AI governance > View AI prompt logs > View AI prompt details.
View Event logs Allows users to view details of each AI prompt log session by events. The event details can be viewed in Administration > AI governance > Event log tab, and perform search, sort, and export logs to csv file.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
View Event logs details Allows users to view the consolidated model interactions log of all event details.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
The detail view could contain sensitive information, hence additional permissions will be required to access this information.
注: The Automation Admin, Automation Lead, and GRC Lead would be able to view these details for all users.
注: The Pro Developer can view these details only if this setting is enabled for them: Administration > Roles > AI governance > View AI event logs > View AI event details.