Migrating RBAC in IQ Bot
Role-based access control (RBAC) enables you manage access to new learning instances and related functionality in IQ Bot. Before you start your migration, review the comparison matrix for in RBAC IQ Bot 11.3.5.x with Automation 360 IQ Bot.
|Feature||Supported in IQ Bot 11.3.5.x||Supported in Automation 360 IQ Bot|
|Separation of permissions to learning instances by departments using custom roles||Yes||Yes|
|Assigning roles to learning instances on creation||Yes||Yes|
|Support for system roles:
|Changing assigned role for learning instances||Yes||No|
|User can have different access levels to different learning instances||Yes||No|
|Transfer of roles when learning instances are moved from one environment to another||No
However, you can use the Assign Roles functionality to assign roles to the learning instance.
|All permissions of IQ Bot are implemented||Yes||No
The following permissions are not implemented:
Requirements before migrating RBAC
- Ensure that you do not associate the role of a user who can create a learning instance with any of the IQ Bot system roles. Instead, associate these users with a custom role.
- If a user who can create a learning instance has a custom role, a correct role corresponding to the department must be assigned to ensure a seamless RBAC operation on the learning instance. However, ensure that these users do not have any other role assigned other than the custom role for creating a learning instance and the corresponding department role.
- User who can create a learning instance must not be associated with any non IQ Bot roles. This restriction is not applicable to other users with custom roles.
- All users who can create a learning instance must not be assigned to one custom role (for creating learning instance). Instead, these users must be assigned to department-specific custom role (for creating learning instance).
- Ensure that the View ALL learning instances permission is not used in the custom role because it provides users with access to IQ Bot services.
- Ensure that any role other than the department role is not assigned to a learning instance, as this can increase the risk of unauthorized users accessing the learning instance.
- Users with the Launch validator permission in the custom role can only view IQ Bot if there is at least one learning instance with documents to validate.
Plan your migration
- You can migrate RBAC to Automation 360 IQ Bot only from IQ Bot 11.3.5 or later versions.
- You can migrate IQ Bot 11.3.5.x to both Automation 360 IQ Bot On-Premises and Cloud.
- When you migrate RBAC, all the custom and user roles are also migrated from Control Room 11.3.5.x to Automation 360.
- Ensure you segregate the learning instances for RBAC use cases between departments, organization units, and so on.
Choose your RBAC migration path
Choose your RBAC migration path based on the IQ Bot version you are currently using and the Automation 360 IQ Bot deployment model that meets your business requirements: