Enterprise 11 credential requirements

Login credentials are required at different stages of the Automation Anywhere Enterprise deployment and use. Credentials are required for installation and data center servers, access to Automation Anywhere Enterprise components, and to run tools in bots.

Access point Task Type
Data center servers Install Control Room System administrator on hosting server.
Data center servers Manage (run, stop, restart) Control Room Administrator and Logon as Service permission for Windows services and the Domain.
Databases Installer creates databases for Control Room and Bot Insight

Permissions required depend upon the Automation Anywhere Enterprise version, and whether the installation mode is Express or Custom.

Enterprise Client installation setup Services and registry updates during installation, application or system updates Administrator.
Enterprise Client file access

Default file location: C:\Program Data

bot Auto Login, bot schedules Full control permissions.
Enterprise Client folder access C:\Program Data\Properties\Security\ Advanced\Permissions Edit application files stored and used during run-time. Client user requires read, write, and update permissions.
Automation Anywhere login Perform specific tasks, such as create a bot or run a bot. License and role based permissions.
Bot task Used by bots to perform bot tasks. Credential Vault stores securely created credentials.
Automation Anywhere Service Run all Windows services created by Automation Anywhere Local system account user or Domain user account.
Data center server credentials
Data center server credentials for Automation Anywhere hosting servers and integrated product servers are required to deploy Automation Anywhere.
To install and deploy Automation Anywhere requires that users login to the hosting servers. These users must have permissions to install and run Automation Anywhere components on the servers. Permissions levels need to be assigned to the user on selected data center applications and servers.
Automation Anywhere login
To login to Control Room or Enterprise Client interfaces require a username and password. These credentials are linked to the machine you use to access the Automation Anywhere components. Your credentials are assigned roles that give you permission to perform specific tasks, such as create a bot or run a bot.
Bot task
As an automation expert, Credential Vault provisions you to securely create and store your credentials. This ensures that your credentials can be used in bots without compromising security with safe deployment of tasks. Any authorized user can create credentials.
Windows services
The Windows Service credentials include a user name and password. The user specified needs to:
  • Be a member of the local system administrator group.
  • Have permission to manage services, including Automation Anywhere services.
  • To avoid any failure of Control Room services, ensure that windows service account is always included in the Administrator group.
  • For Microsoft Azure installations, the service account user needs to have read/write access to the remote Microsoft Azure repository share path.
Unless otherwise selected, these service credentials are used to create database tables and allow the Control Room processes to access the database and repository.
Note: If you want to connect with a shared repository to the Control Room, ensure that you use the Windows credentials for the shared repository folder or location.

During installation, you have the option to specify a user, other than the logged on user, for creating and managing the Automation Anywhere Enterprise required databases. This user must have minimum database permissions. The permissions required vary depending upon the Automation Anywhere Enterprise version, and the installation mode selected.

During upgrades, the database data is fetched automatically. The user performing the upgrade must have the minimum database permissions.

In Express mode installation:
The logged in user permissions are used.
Two databases are required: One Control Room and one Bot Insight PostgreSQL Server databases created.
In Custom mode installation:
You have the option for non-logged in user.
Five databases are required: One Control Room and four Bot Insight databases created.
Database user condition Database required permission Notes
Custom,Version 11.3.4 or later, Microsoft SQL Server database Can have the minimum database permissions: datareader, datawriter and ddladmin. Microsoft SQL Server database must be created before Control Room installation.
Custom, Version 11.3.4 or later, Oracle Database Can have the minimum database permissions: GRANT CONNECT, RESOURCE, CREATE TABLE, CREATE VIEW Oracle Database database must be created before Control Room installation.
Custom, older than Version 11.3.4 Database Owner (DBO) permissions. Databases created during Control Room installation.
Note: The user permission for databases that is set during Control Room installation remains the same after installation.
The service credential choices are:
Local System Account
(default) The logged on user performing the installation.
Domain User Account
A user that is not the local system account user.
Reasons and requirements for using a domain account user include:
  • Do not use the Windows domain credentials.

    Enter credentials valid for running Automation Anywhere services, or the Control Room fails to launch.

  • PowerShell script restrictions.

    Specify a user with permissions to launch PowerShell scripts, that is not a Windows domain user, or database table creation can fail.

  • Remote PostgreSQL Server for creating the database.

    Specify a domain user account. Do not use the local system account user when you are using a remote database server for creating the database.

    See Database and Services Matrix.