Assign roles and permissions to enable AI 거버넌스

Review these required roles and permissions for the Automation Admin, Automation Lead, and GRC Lead to ensure they can access the AI 거버넌스 features to monitor all model interaction logs for compliance and security.

The following personae would benefit from viewing and monitoring the AI 거버넌스 logs:

Key personae using AI 거버넌스

The Automation Admin requires these roles and permissions to perform their tasks successfully:
  • System roles: AAE_Admin and AAE_Basic
  • Custom role with specific settings enabled for AI 거버넌스 as follows:
    • Roles > AI > View AI prompt logs > View AI prompt details.
    • Roles > AI > View AI event logs > View AI event details.
    • Roles > AI > View AI dashboards.
    • Roles > AI > View AI dashboards.
    • Roles > Model connections > View Model Connections > Manage Model Connections.
  • Settings: Administration > Settings > AI Data Management > to enable data logging for users.

The Automation Admin can enable settings and assign a custom role (with required permissions) to the Automation Lead and GRC Lead in their organization to give them access to all logs for monitoring and implementing compliance.

Enable data logging for AI 거버넌스

To enable AI 거버넌스 in the Control Room navigation, the Automation Admin would first enable data logging for the users.

There is a Bot 에이전트 version dependency to ensure that all audit logs for 생성형 AI interactions get logged and displayed. Refer to the table below to understand the impact of incompatible Bot 에이전트versions.
주: We recommend using Bot 에이전트 22.60.10 and later for successful data logging. If you encounter a run-time error during a Bot execution, we recommend updating to the latest available Bot 에이전트 version and run the Bot again.
Control Room version Bot 에이전트 version 생성형 AI 패키지 생성형 AI 프롬프트 템플릿 package version Task impact
Automation 360 v.33 and later 22.60.10 and later v.1.9.0 v.2.0.6
  • Bot execution is successful.
  • Audit logging feature is available and successful.
  • AI 거버넌스 feature is available.
Automation 360 v.32 and earlier earlier than 22.60.10 v.1.9.0 v.2.0.6
  • Bot execution is successful.
  • Audit logging data is unavailable.
  • AI 거버넌스 feature is unavailable.
Automation 360 v.33 and later Earlier than 22.60.10 v.1.9.0 v.2.0.6
  • Bot execution is successful.
  • Audit logging feature is available.
  • Audit logging data is unavailable, as the Bot 에이전트 version is not compatible.
주: 감사 로그 data generation fails due to non-compatible Bot 에이전트 version.
Automation 360 v.34 Earlier than 22.60.10 v.1.9.0 v.3.0.3
  • Bot execution is successful.
  • Audit logging feature is available.
  • Audit logging data is unavailable, as the Bot 에이전트 version is not compatible.
    주: 감사 로그 data generation fails due to non-compatible Bot 에이전트 version.
  • AI dashboards feature is available but fails to generate data logs due to non-compatible Bot 에이전트 version.

The data logging setting is disabled by default. The audit log summary of model interactions gets captured in the session logs in Administration > AI governance > AI prompt tab, but the model interaction detail logs are blank due to lack of permission. Some of the data is visible for debugging such as: Session duration, Model name, Publisher, and External session ID. But no data displays for the Request configuration and External session ID fields.

When this setting is enabled, the prompt inputs and responses exchanged with the models gets logged in Administration > AI governance > AI prompt session details. The session details data is encrypted by default and requires the View Prompt details and View Event details permissions to view the log details.

Data logging settings to enable AI 도구logs

This setting needs to be enabled for these users to see the logs:
  • Automation Lead and GRC Lead: Can view, monitor, and enforce compliance of all data generated from automation executions that involve foundational model interactions. These users are able to view logs for all users and can also drill-down to view additional log details.
  • Pro Developers: Can capture logs for all automation executions they create and run involving interactions with foundational models. These logs could be generated from using AI Skill:, 모델 연결, or 생성형 AI 패키지 in automations created and run by them. These users have permission to view the logs, but cannot drill-down to view additional log details, unless given permission.
    주: Prompts and AI Skill: contain sensitive data and we suggest reviewing the need before providing permission to view log details.

With this enabled setting, data is available for viewing and monitoring in AI governance > AI prompt log and AI governance > Event log.

  1. As an Automation Admin, log in to your Control Room.
  2. Navigate to Administration > Settings > AI Data Management > Data logging settings.
  3. Click Edit and select Enable.
  4. Additionally, you also have the option to enable the Enable > Allow users to disable logs on AI Skills option. Once this option is enabled, the Pro Developer would see the Data logging enabled toggle in the AI Skill: editor. Detailed logs of the AI 기술:displaying the prompt-text, response, and the model parameter settings will be available in the AI governance > AI prompt log screen.

    This feature gives the Pro Developer the option to log prompt details when creating an AI 기술:. The Automation Admin can enable this feature for the Pro Developers who would then see the Data logging enabled switch in the AI Skill: editor screen. The Pro Developer has the ability to enable or disable this toggle from the AI Skill: editor screen.

Once the Administration > Settings > AI Data Management > Data logging settings setting has been enabled by the Automation Admin and permissions assigned to the users such as the Pro Developer, Automation Lead, and GRC Lead, they can log in to the Control Room to view AI 거버넌스 in the navigation panel as follows:
  1. Log in to your Control Room environment.
  2. Navigate to Administration > AI governance.
  3. You are in the AI 프롬프트 로그 tab when you access AI 거버넌스 from the navigation.
  4. Click the 이벤트 로그 tab to access the event details for each session.
Refer to the following permissions table for a better understanding of their use and their relevance to the different personae:
Permission Description Persona assigned
View Settings Allows users to view the Administration > Settings > AI Data Management option.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
Manage Settings Allows users to enable or disable the Administration > Settings > AI Data Management > Data logging settings option.

Automation Admin
View AI 프롬프트 로그 Allows users to view consolidated session details of model interaction logs in the Administration > AI governance > AI Prompt log tab, and perform search, sort, and export logs to csv file.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
View AI 프롬프트 로그 details

Allows users to view details for each AI 프롬프트 로그 session.

A session can contain multiple model interactions, all of which will be displayed under the session details.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
The detail view could contain sensitive information, hence additional permissions will be required to access this information.
주: The Automation Admin, Automation Lead, and GRC Lead would be able to view these details for all users.
주: The Pro Developer can view these details only if this setting is enabled for them: Administration > Roles > AI governance > View AI prompt logs > View AI prompt details.
View 이벤트 로그 Allows users to view details of each AI 프롬프트 로그 session by events. The event details can be viewed in Administration > AI governance > Event log tab, and perform search, sort, and export logs to csv file.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
View 이벤트 로그 details Allows users to view the consolidated model interactions log of all event details.
  • Automation Admin
  • Automation Lead
  • GRC Lead
  • Pro Developer
The detail view could contain sensitive information, hence additional permissions will be required to access this information.
주: The Automation Admin, Automation Lead, and GRC Lead would be able to view these details for all users.
주: The Pro Developer can view these details only if this setting is enabled for them: Administration > Roles > AI governance > View AI event logs > View AI event details.