Banner background image
UI Automation Activities
Last updated Apr 26, 2024

UI-SEC-010 - App/Url Restrictions

Rule ID: UI-SEC-010

Scope: Activity

Default action: Warning


This rule applies only to activities that are part of the Classic UI Automation experience.

Also, the rule checks both local and remote applications (for example, applications automated over RDP connections).


Enables you to control which applications and URLs can be used by the current workflow by throwing an error when a prohibited one is used. This can be done in two ways:


By using the Allowed Applications and Allowed Urls fields in the Workflow Analyzer, you can specify which applications or URLs can be accessed by the current workflow.

Note: If an application or URL is specified in these fields, they are the only ones that can be accessed by your automation project. If an application or URL that is not specified is accessed, the automation throws an error.

By using the Prohibited Applications and Prohibited Urls fields in the Workflow Analyzer, you can specify which applications or URLs cannot be accessed by the current workflow.

Note: All applications and URLs except the ones specified in these fields can be accessed by your automation. If either an application or URL that is specified in this Workflow Analyzer rule is accessed, an error is thrown.


Do not create automations for applications or web pages that are not allowed by your organization.

Modifying the Rule

In the Project Settings window, select the Workflow Analyzer tab. Find and select the rule, and then define the restrictions for applications and URLs using the prohibited lists or the allowed lists. When modifying the rule:

  • Add a list of URLs / applications separated by semicolons ;. For applications, you can add any part of the full path to executable files. For web pages, you can add any part of the URL.
  • You can use wildcards when defining the lists. The supported wildcards are * and ?.
    Note: Do not use the prohibited and allowed lists concurrently for the same scope. If both lists are populated for the same scope, the list of allowed applications/URLs takes precedence.

Reset to Default

By default, the rule does not restrict the use of any activity. To reset the rule to default, right-click it in the Project Settings window, and then click Reset to default.

What the Rule Verifies

The rule verifies all of the app type attributes of the selectors within the entire project. This includes scope activities, such as Attach Browser. Also, the FileName property of the Open Application activity and the Url property of the OpenBrowser activity are verified.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.