- Release Notes
- Introduction
- Governance
- Logging
Automation Ops User Guide for Automation Cloud Public Sector
Settings for Robot Policies
Runtime analyzer rules verify that processes adhere to organization policies when executed by robots, enabling you to enforce your best practices while processes are running. This way, you can make sure that robots do not send emails outside the organization or automate apps and web pages that shouldn't be automated.
Runtime rules are included in activity packages and apply to certain activities in those packages. The robot retrieves the configured runtime rules and each one is verified when an activity that requires it is executed.
On the Runtime Analyzer tab, you can select which runtime rules to enable, set the rule actions, and configure rule parameters. The rules are configured similarly to how you configure Workflow Analyzer rules.
Automation Ops™ comes with the following default runtime rules:
- RT-UIA-001 (App/Url Restrictions) - Allows you to define a list of allowed / blocked applications or URLs for the activities in the UI Automation activities package.
- RT-OUT-001 (Email Blocklist) - Allows you to define addresses to which emails cannot be sent by activities from the GSuite, Mail. and Office 365 activities packages.
By default, the rules are enabled but no parameters are defined. The action is set to Error, which means that when a rule violation is detected, an error is thrown and the execution stops.
Runtime governance is not enabled by default. A banner is displayed at the top of Automation Ops™ pages informing you that the feature is disabled. Click Enable in the banner to enable the runtime analyzer.
You can also enable/disable runtime governance using the following API requests:
POST "https://govcloud.uipath.us/{organizationName}/roboticsops_/api/Product/Robot/enable"
-H "Authorization: Bearer {token}"
POST "https://govcloud.uipath.us/{organizationName}/roboticsops_/api/Product/Robot/disable"
-H "Authorization: Bearer {token}"
You can retrieve the token from the browser developer tools. In Google Chrome:
- Open Developer Tools from an Automation Ops™ page and select Application.
- Under Storage, select Local Storage and then the application (e.g. cloud.uipath.com).
- Locate the token key and copy its value.
The rule checks whether any restricted applications or web pages are used in the project. Restrictions are set by defining lists of either allowed or blocked applications and URLs using the available parameters. The rule checks both local and remote applications (for example, applications automated over RDP connections).
To define the applications and/or URLs that are allowed, use the following parameters:
- whitelistApps - Execution is allowed only for the applications that are on this list.
- whitelistUrls - Execution is allowed only for the URLs that are on this list.
To define the applications and/or URLs that are prohibited, use the following parameters:
- blacklistApps - Execution is allowed for all the applications that are not on this list.
- blacklistUrls - Execution is allowed for all the URLs that are not on this list.
If both prohibited and allowed lists are set up for the same scope (applications or URLs), the allowed list takes precedence.
Configuring Restrictions
Specify a list of URLs / application names separated by comma (,) or semicolon (;). If multiple items are specified, they are all verified.
*
and ?
wildcard characters to define patterns. For example:
*uipath*.exe
- blocks all executable files with names that start withuipath
.*www.uipath*.com
- blocks all URLs that start withuipath
, regardless of the protocol used.
What the Rule Verifies
For both modern and classic activities, the rule verifies at execution time each target UI element found using the defined selector or an input UI element.
The rule checks all the activities from the Mail, Office365, and GSuite packages that send, reply, or forward emails, send notifications, create events or send calendar invites, and verifies that the emails are not sent to recipients added to the email blocklist.
- UiPath.GSuite.Activities v1.11.3
- UiPath.Mail.Activities v1.12.2
- UiPath.Office365.Activities v1.11.1
Configuring restrictions
Using the EmailRegex parameter, specify a pattern for the email addresses that are not allowed using a regular expression.
For example:
.*@uipath.com
- blocks all emails sent to addresses with the uipath.com domain..*@(?!uipath\.com$)
- blocks all emails except those sent to addresses with the uipath.com domain.
What the Rule Verifies
The rule verifies all the properties that indicate email recipients in the following activities that can send emails:
- Mail package:
- Integrations (StudioX) activities - Send Email, Forward Email, Reply To Email, Send Calendar Invite
Note: The rule does not apply when activities save messages as drafts rather than sending them.
- App Integration activities - Send Exchange Mail Message, Send IBM Notes Mail Message, Send Outlook Mail Message, Reply To Outlook Mail Message
- Integrations (StudioX) activities - Send Email, Forward Email, Reply To Email, Send Calendar Invite
- GSuite package - Send Mail Message, Create Event, Add Attendee, Share File, Delete Event, Modify Event
- Office 365 package - Send Mail, Reply to Mail, Forward Mail, Add Attendee, Share File/Folder
For each default rule, you can configure the following options:
- Enabled - Select this option to enable the rule.
- Action - Set the action of the rule: Error,Warning,Info, or Verbose. The default action is Error.
- Parameters - To edit a parameter, click Edit next to it and then deselect the Use default value option to configure restrictions in the Value box.