Subscribe

UiPath Automation Ops

The UiPath Automation Ops Guide

Settings for Robot Policies

Runtime Analyzer

Runtime analyzer rules verify that processes adhere to organization policies when executed by robots. Runtime rules are included in activity packages and apply to certain activities in those packages. The robot retrieves the configured runtime rules and each one is verified when an activity that requires it is executed.

On the Runtime Analyzer tab, you can select which runtime rules to enable, set the rule actions, and configure rule parameters. The rules are configured similarly to how you configure Workflow Analyzer rules.

Automation Ops comes with the following default runtime rules:

  • RT-UIA-001 (App/Url Restrictions) - Allows you to define a list of allowed / blocked applications or URLs for the activities in the UI Automation activities package.
  • RT-OUT-001 (Email Blocklist) - Allows you to define addresses to which emails cannot be sent by activities from the GSuite, Mail. and Office 365 activities packages.

By default, the rules are enabled but no parameters are defined. The action is set to Error, which means that when a rule violation is detected, an error is thrown and the execution stops.

Enabling Runtime Governance

Runtime governance is not enabled by default. A banner is displayed at the top of Automation Ops pages informing you that the feature is disabled. Click Enable in the banner to enable the runtime analyzer.

You can also enable/disable runtime governance using the following API requests:
POST "https://cloud.uipath.com/{organizationName}/roboticsops_/api/Product/Robot/enable"
-H "Authorization: Bearer {token}"

POST "https://cloud.uipath.com/{organizationName}/roboticsops_/api/Product/Robot/disable"
-H "Authorization: Bearer {token}"

You can retrieve the token from the browser developer tools. In Google Chrome:

  1. Open Developer Tools from an Automation Ops page and select Application.
  2. Under Storage, select Local Storage and then the application (e.g. cloud.uipath.com).
  3. Locate the token key and copy its value.

RT-UIA-001 - App/Url Restrictions

The rule checks whether any restricted applications or web pages are used in the project. Restrictions are set by defining lists of either allowed or blocked applications and URLs using the available parameters. The rule checks both local and remote applications (for example, applications automated over RDP connections).

📘

Note:

The rule is available starting with UiPath.UIAutomation.Activities v21.10.3.

To define the applications and/or URLs that are allowed, use the following parameters:

  • whitelistApps - Execution is allowed only for the applications that are on this list.
  • whitelistUrls - Execution is allowed only for the URLs that are on this list.

To define the applications and/or URLs that are prohibited, use the following parameters:

  • blacklistApps - Execution is allowed for all the applications that are not on this list.
  • blacklistUrls - Execution is allowed for all the URLs that are not on this list.

If both prohibited and allowed lists are set up for the same scope (applications or URLs), the allowed list takes precedence.

Configuring Restrictions

Specify a list of URLs / application names separated by comma (,) or semicolon (;). If multiple items are specified, they are all verified.

You can use the * and ? wildcard characters to define patterns. For example:

  • *uipath*.exe - blocks all executable files with names that start with uipath.
  • *www.uipath*.com - blocks all URLs that start with uipath, regardless of the protocol used.

What the Rule Verifies

For both modern and classic activities, the rule verifies at execution time each target UI element found using the defined selector or an input UI element.
:information-source: Note: To avoid an impact on performance, UI automation-related triggers such as Click Trigger and Key Press Trigger do not perform any verification. The checks are performed by the underlying workflow activities.

RT-OUT-001 - Email Blocklist

The rule checks all the activities from the Mail, Office365, and GSuite packages that send, reply, or forward emails, send notifications, create events or send calendar invites, and verifies that the emails are not sent to recipients added to the email blocklist.

📘

Note:

The rule is available starting with the following package versions:

  • UiPath.GSuite.Activities v1.11.3
  • UiPath.Mail.Activities v1.12.2
  • UiPath.Office365.Activities v1.11.1

Configuring restrictions

Using the EmailRegex parameter, specify a pattern for the email addresses that are not allowed using a regular expression.

For example:

  • .*@uipath.com - blocks all emails sent to addresses with the uipath.com domain.
  • .*@(?!uipath\.com$) - blocks all emails except those sent to addresses with the uipath.com domain.

What the Rule Verifies

The rule verifies all the properties that indicate email recipients in the following activities that can send emails:

  • Mail package:
    • Integrations (StudioX) activities - Send Email, Forward Email, Reply To Email, Send Calendar Invite
      :information-source: Note: The rule does not apply when activities save messages as drafts rather than sending them.
    • App Integration activities - Send Exchange Mail Message, Send IBM Notes Mail Message, Send Outlook Mail Message, Reply To Outlook Mail Message
  • GSuite package - Send Mail Message, Create Event, Add Attendee, Share File, Delete Event, Modify Event
  • Office 365 package - Send Mail, Reply to Mail, Forward Mail, Add Attendee, Share File/Folder

Configure Runtime Rules

For each default rule, you can configure the following options:

  • Enabled - Select this option to enable the rule.
  • Action - Set the action of the rule: Error, Warning, Info, or Verbose. The default action is Error.
  • Parameters - To edit a parameter, click Edit next to it and then deselect the Use default value option to configure restrictions in the Value box.

Updated 4 days ago

Settings for Robot Policies


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.