About Governance
To ensure Studio users adhere to development standards and comply with certain rules, organizations can enforce governance policies that control Studio functionalities.
You can enforce governance policies in one of the following ways:
- Create and deploy policies from UiPath Automation Ops, an easy-to-use web application available in Automation Cloud.
- Use a file-based governance model that consists of creating a JSON policy file and deploying the file locally, externally, or via Orchestrator.
This page documents the file-based governance model. For information on how to deploy policies from Automation Cloud, see the Automation Ops Guide.
The current capabilities are:
- enforce different policies per Studio profile.
- restrict usage of package feeds from the Manage Packages window and Backstage View> Settings > Manage Sources.
- enforce organizational development standards using Workflow Analyzer rules.
- enforce design and location settings, and configure several settings that are not available Studio.
- enable sending Studio usage data to your organization.
- enforce the use of specific repositories for GIT source control.
Watch the following video for an overview of the governance capabilities available in Studio and a demo of how to use them in StudioX.
To enforce a governance policy, start by generating a governance file from Studio, then configure the file using the parameters it contains, and apply the policy in one of the following ways:
- Using a local file (for testing purposes) - Place the governance file in the Roaming folder on the machine where Studio is installed.
- Using an external file (for large deployments) - Place the governance file at a path (for example, an HTTP/HTTPS server) referenced by either a registry key or an asset in Orchestrator.
- Using an asset in Orchestrator - Copy the contents of the governance file to an asset in Orchestrator.
Generate the Governance File
The first step in enforcing development standards in your organization is to generate a governance file from Studio or manually create a similar file that would incorporate all or part of the capabilities we listed above.
Important!
The governance file must be of type
.configwith the following nameuipath.policies.config.
To generate a governance file with your current configuration from Studio, go to the Backstage view > Help tab, and select Generate Governance File. The exported file can be shared across your team.
Note:
If Studio is connected to a Cloud Orchestrator, you are prompted to select whether to generate a Classic or a Modern policy. Select the classic option for the file-based governance model. The modern option generates policies that you can then import in Automation Ops for an easy migration to that model.
Use the button below to download the sample that includes all Workflow Analyzer rules. Modify the sample to fit your organization's needs.
Configure the Governance File
File Version and File Label
Governance files may have different versions and a custom name.
{
"Metadata": {
"Version": "1.0"
"LastUpdatedUtc": "2021-08-25T07:49:26.3089368Z",
"Availability": null
},
"Info": {
"Name": "Sample Policy Registry Key"
}
}
Parameters | Values |
|---|---|
"Metadata" > "Version" | major.minor between quotation marks "" |
"Info" > "Name" | Label written between quotation marks "", visible in Home > Help, under Company Policy. |
Studio Profiles
The governance file may contain policies for Studio and StudioX users, however, these must be structured per profile. Policies for Studio must be separated from those for StudioX as in the example below:
{
"Profiles": {
"Development": {
"Shell": {
"IsFeedbackEnabled": true,
"HideGettingStartedScreen": false
},
"PackageManager": {},
"Analyzer": {}
},
"Business": {
"Shell": {
"IsFeedbackEnabled": true,
"HideGettingStartedScreen": false
},
"PackageManager": {},
"Analyzer": {}
}
}
}
Parameters | Values |
|---|---|
"Profiles" | For Studio: |
Settings Users Cannot Configure from Studio
The parameters under "Shell" enable you to prevent production runs from StudioX by setting a limit for the number of runs a user can perform for a project without any changes.
In addition, you can configure whether the feedback form and welcome screen are available to users.
{
"Shell": {
"IsFeedbackEnabled": true,
"HideGettingStartedScreen": false,
"RequireUserPublish": {
"PermittedConsecutiveRuns": 3,
"DialogMessage": null,
"LogToQueue": {
"QueueName": "NameOfQueue",
"QueueFolder": "NameOfQueueFolder"
}
}
}
}
Studio Setting | Parameters | Values |
|---|---|---|
Enables or disables the Send feedback form that can be accessed from the Studio title bar. | "IsFeedbackEnabled" | Either |
Enables or disables the welcome screen with links to the UiPath Academy, an introduction video, and tutorials that is displayed when users open Studio | "HideGettingStartedScreen" | Either |
The parameters under "RequireUserPublish" enable you to limit the number of consecutive runs that can be triggered from Studio for a project that has no changes, and to configure logging settings for events where the limit is exceeded. This can be used to prevent users from triggering production runs from Studio. As a best practice, projects that are ready for production should be published to Orchestrator and executed from the Assistant. | "RequireUserPublish" | N/A |
Maximum number of consecutive times a project without changes can be run from Studio. | "PermittedConsecutiveRuns" | Enter the allowed number of times. If the value is |
Message to display to the user in a dialog box when the allowed number of consecutive executions is exceeded. The dialog box prompts the user to either publish the project or cancel the execution. | "DialogMessage" | Enter a custom message to display between quotation marks "". If the value is |
The parameters under "LogToQueue" give you the option to configure an Orchestrator queue where to log events. The following information is logged for each event: username, project name, hash of the main XAML file, and timestamp from the local machine. | "LogToQueue" | N/A |
Orchestrator queue in which to save the records. | "QueueName" | Enter the name of the queue between quotation marks "". If the value is |
Orchestrator folder containing the queue in which to save the records. | "QueueFolder" | Enter the name of the Orchestrator folder between quotation marks "". If the value is |
1 - Changes take effect only in the StudioX profile.
Usage of Package Sources
You can restrict accessing, adding, or removing package sources per Studio or StudioX using the governance file.
{
"PackageManager": {
"AllowAddRemoveFeeds": false,
"AllowEnableDisableFeeds": false,
"AllowOrchestratorFeeds": true,
"Feeds": [{
"Name": "Organization Internal Feed",
"Source": "https://[company].pkgs.visualstudio.com/_packaging/nuget-packages/nuget/v3/index.json",
"IsEnabled": true
},
{
"Name": "Official",
"Source": "https://packages.uipath.com/activities",
"IsEnabled": true
}
]
}
}
Parameters | Values | ||
|---|---|---|---|
"Package Manager" | "AllowAddRemoveFeeds" | Either | |
"AllowEnableDisableFeeds" | Either | ||
"AllowOrchestratorFeeds" | Either | ||
"Feeds" | "Name" | Label written between quotation marks "", visible in Manage Packages. | |
"Source" | Feed source written between quotation marks ", visible in Manage Packages. | ||
"IsEnabled" | Either |
If the "AllowAddRemoveFeeds" and "AllowEnableDisableFeeds" parameters are set to true, the user may modify feeds available in the Package Manager. If any changes are made, they are persisted when Studio is restarted.
If the "AllowOrchestratorFeeds" parameter is set to true and the Robot is Connected to Orchestrator, users cannot disable the default Orchestrator feeds.
Feeds that are defined in the governance file are added to the Default package sources section in the Manage Packages window and the user can add the custom feeds (if provided with the required rights in the governance file) to the User defined package sources section.
Please note that the path to the Local feed for per-user installations is C:\Users\CurrentUser\AppData\Local\Programs\UiPath\Studio\Packages.
Activities Panel Settings (StudioX only)
The settings under ActivitiesManager enable you to hide specific activities and enforce the use of the Show Developer filter in StudioX.
"ActivitiesManager": {
"AllowShowDeveloper": false,
"HiddenActivities": ["UiPath.Mail.Activities.Business.GmailApplicationCard","UiPath.Mail.Activities.Business.OutlookApplicationCard"]
}
Setting | Parameters | Value |
|---|---|---|
Allows users to select the Show Developer filter in the activities panel in StudioX. If set to | "AllowShowDeveloper" | Either |
A list of activities to be hidden from the activities panel. | "HiddenActivities" | Enter activity names in the array, separated by commas. In the example below, the Use Gmail and Use Desktop Outlook App activities have been hidden. "HiddenActivities": ["UiPath.Mail.Activities.Business.GmailApplicationCard", |
Source Control Settings
The settings under "SourceControl" enable you to enforce the use of allowed repositories when working with GIT, and committing changes before publishing.
{
"SourceControl": {
"CheckInBeforePublishParam": {
"AllowEdit": false,
"Value": false
},
"RepositoriesConfigParam": {
"AllowEdit": true,
"Value": {
"AllowSaveLocal": null,
"AllowEditRepositories": null,
"Repositories": [
{
"SourceControlType": 0,
"Name": null,
"Url": null,
"DefaultFolder": null
}
]
}
}
The "AllowEdit" parameter indicates whether or not users are allowed to change the default setting configured by the governance file.
Studio Setting | Parameters | Value |
|---|---|---|
Enforce Check-In before Publish | "CheckInBeforePublishParam" | Either |
The parameters under RepositoriesConfigParam enable you to govern the use of source control repositories. This applies only for GIT. | "RepositoriesConfigParam" | N/A |
Allow users to save projects locally on their machine. | "AllowSaveLocal" | Either When set to false, users can't select This PC as the location when creating a new project in StudioX and will save the project to a repository. |
Allow users to add and edit repositories. | "AllowEditRepositories" | Either If set to |
A list of allowed GIT repositories. This parameter accepts a JSON array of repositories. | "Repositories" Note: A repository that is already checked out locally by a user is allowed for both profiles even if it is on the allowed list for only one of them. | Enter repositories in the array by adding the Name, Url, and optionally DefaultFolder (the default folder of the repository). Example of a repository: Adding a base URL (e.g. |
1 - Changes take effect only in the StudioX profile.
Studio Settings
The following parameters enable you to configure settings found in Home (Studio Backstage View) > Settings. For more information, see Configuring Studio Settings.
{
"Workflow": {
"DefaultProjectLanguageParam": {
"Value": VisualBasic,
"AllowEdit": false
},
"DefaultProjectFrameworkParam": {
"Value": "Classic",
"AllowEdit": true
},
"AllowedProjectFrameworks": {
"Classic": true,
"Modern": true,
"CrossPlatform": true
},
"DockedAnnotationsParam": {
"AllowEdit": false,
"Value": true
},
"IsCollapsedViewSlimParam": {
"AllowEdit": false,
"Value": false
},
"UseSmartFilePathsParam": {
"AllowEdit": true,
"Value": true
},
"EnableLineNumberingParam": {
"AllowEdit": true,
"Value": true
},
"EnableActivityOnlineRecommendationsParam": {
"AllowEdit": true,
"Value": true
},
"EnforceReleaseNotes": null,
"AnalyzeOnPublishParam": {
"AllowEdit": false,
"Value": false
},
"AnalyzeOnRunParam": {
"AllowEdit": false,
"Value": false
},
"AnalyzeRpaXamlsOnlyParam": {
"AllowEdit": false,
"Value": false
},
"AdditionalAnalyzerRulePathParam": {
"AllowEdit": false,
"Value": null
},
"DefaultProjectFolderParam": {
"AllowEdit": false,
"Value": null
},
"DefaultProcessPublishUrlParam": {
"AllowEdit": false,
"Value": null
},
"DefaultLibraryPublishUrlParam": {
"AllowEdit": false,
"Value": null
},
"DefaultTemplatePublishUrlParam": {
"AllowEdit": false,
"Value": "C:\\Users\\username\\Documents\\UiPath\\.templates"
},
"ModernBehaviorParam": {
"AllowEdit": false,
"Value": false
},
"ObjectRepositoryEnforcedParam": {
"AllowEdit": false,
"Value": false
},
"UseConnectionServiceParam": {
"AllowEdit": true,
"Value": false
}
},
}
Two parameters are available for most options:
- "AllowEdit" - Indicate whether or not users are allowed to change the default setting configured by the governance file (
trueto allow,falseto deny). - "Value" - Indicate the default setting, as described in the following tables.
Under "Workflow":
Studio Setting | Parameters | Value |
|---|---|---|
Use C# Language | "DefaultProjectLanguageParam" |
|
Create docked annotations | "DockedAnnotationsParam" | Either |
Default project target framework | "DefaultProjectFrameworkParam" |
|
The parameters under "AllowedProjectFrameworks" determine the target frameworks allowed when creating or opening a project in the Studio profile. To enable a framework, set its parameter to | "AllowedProjectFrameworks" | Either |
Use Smart File Paths | "UseSmartFilePathsParam" | Either |
Enable line numbering | "EnableLineNumberingParam" | Either |
Enable AI activity suggestions | "EnableActivityOnlineRecommendationsParam" | Either |
Make the Release Notes field in the Publish wizard mandatory | "EnforceReleaseNotes" | Either |
Slim View for Collapsed Activities | "IsCollapsedViewSlimParam" | Either |
Enforce Analyzer before Publish | "AnalyzeOnPublishParam" | Either |
Enforce Analyzer before Run | "AnalyzeOnRunParam" | Either |
Analyze RPA XAML Files Only | "AnalyzeRpaXamlsOnlyParam" | Either |
Workflow Analyzer Rules Location | "AdditionalAnalyzerRulePathParam" | |
Project Path | DefaultProjectFolderParam | |
Publish Process URL | "DefaultProcessPublishUrlParam" | |
Publish Library URL | "DefaultLibraryPublishUrlParam" | |
Publish Project Templates URL | "DefaultTemplatePublishUrlParam" | To change the location, enter the path between quotation marks. |
Use Modern for new projects | "ModernBehaviorParam" | Either |
Object Repository enforced | "ObjectRepositoryEnforcedParam" | Either |
Default to managed connections | "UseConnectionServiceParam" | Either |
1 - Changes take effect only in the Studio profile.
2 - Changes take effect only in the StudioX profile.
Under "ObjectBrowser":
Studio Setting | Parameters | Value |
|---|---|---|
Send anonymous UI Descriptors | "SendUiDescriptors" | Either |
Send Studio Usage Data to Your Organization
The parameters under "Telemetry" allow you to enable sending Studio usage data to an Application Insights resource in your Azure portal. This data allows you to monitor and analyze what users are doing in Studio. To enable this feature, enter the instrumentation key of your Application Insights instance in the "instrumentation-keys" parameter.
{
"Telemetry": {
"TelemetryOptions": {
"TelemetryOptionsDictonary": {
"instrumentation-keys": ""
}
}
}
}
See the following table for information about the telemetry data that is sent to Application Insights.
Action | Event Name | Data Collected |
|---|---|---|
Studio is started | StudioStarted | Windows user ID |
Studio is closed | StudioClosed | Windows user ID |
Project is opened | OpenProject | Windows user ID |
Project is created | NewProject | Windows user ID |
Project is run / File is run | StartDebug | Windows user ID |
Run to this Activity is executed | Designer_RunTo | Windows user ID |
Project is published | PublishProject | Windows user ID |
Activity package is installed | PackageAdded | Windows user ID |
Activity is added to a project | S.Activities.ActivityAdded | Windows user ID |
Target is indicated in UI Automation activity | S.Activities.PropertyChanged | Windows user ID |
Workflow Analyzer Rules
The Workflow Analyzer is the tool for verifying if projects meet development standards. Using the governance file, organizations can enforce custom rules pertaining to their needs across all projects, in a centralized manner.
Remarks
- The custom ruleset can be defined beforehand in a separate file of type
.json, and delivered through a dll external assembly or custom activity pack. Read more about Building Custom Rules for Workflow Analyzer. - The governance file can't deliver credentials, which means secure feeds aren't supported.
- If a custom ruleset is enforced, then users cannot make any changes to Workflow Analyzer rules.
- If a custom ruleset was not referenced or embedded in the governance file, the Workflow Analyzer default rules are used. If the "Analyzer" section is not mentioned, governance for Workflow Analyzer is not enforced. If the section is mentioned, even if it's empty, then the management of rules is disabled in Studio.
- When enforcing governance, rules built-in Studio or UiPath activity packages are disabled by default unless otherwise mentioned in the governance file or custom ruleset.
Enforcing Rules
There are two ways to manage the custom ruleset in the uipath.policies.config governance file:
- Point to the ruleset located at one of the following paths:
- on the local machine;
- shared on a network server or machine, identifiable by the UNC path;
- in shared blob storage, identifiable via the http(s) path.
- Embed the custom ruleset by enabling or disabling rules, mentioning their IDs, parameters, error levels.
All custom rules must be referenced or added in the "Analyzer" section. Rules and counters must be split into their own sections, as illustrated below:
{
"Analyzer": {
"AllowEdit": false,
"ReferencedRulesConfigFile": null,
"EmbeddedRulesConfig": {
"Rules": [
{
"Id": "ST-NMG-001",
"IsEnabled": false,
"Parameters": [{
"Name": "Regex",
"Value": null
}],
"ErrorLevel": "Error"
}
],
"Counters": [{
"Id": "ST-ANA-009",
"IsEnabled": true,
"Parameters": []
}]
}
}
}
Parameters/Sections | Values |
|---|---|
"AllowEdit" | If set to |
"ReferencedRulesConfigFile" | Path to |
"EmbeddedRulesConfig" | Holds |
"Id" | Rule ID, ex. |
"IsEnabled" | Either |
"Parameters" | Holds the rule parameter's |
"Name" | The parameter's name written between quotation marks. |
"Value" | The parameter's value written between quotation marks |
"ErrorLevel" | Either |
"Counters" | Holds parameters for counters: "Id", "IsEnabled", "Parameters" |
1 - Since counters don't have parameters, use [].
If the "AllowEdit" parameter is set to true, the user may modify rules available in the Workflow Analyzer settings window. If any changes are made, they are persisted when Studio is restarted.
Enforce the Governance Policy
Using a Local File
If stored locally, the governance file must be located at the following path: %AppData%\UiPath.
Using an External File
If stored externally, the path to the policy file must be defined using the Windows Registry or an Orchestrator asset:
To define the file path using the Windows Registry:
- Open Registry Editor on the machine where Studio is installed.
- Locate the following registry key:
Computer\HKEY_CURRENT_USER\Software\UiPathand hit Enter. - In the Registry Editor, right-click and select New > String Value. Type in the
GovernanceSourcename for the new value. Do not use another name for the value! - Double-click the
GovernanceSourcestring to edit. In the Value data field add the path to theuipath.policies.configfile, and click OK.
The registry key should look like this:
To define the file path using an Orchestrator asset:
- In Orchestrator, select Tenant > Folders and add a new folder named uipath.settings.config.
- Assign the users for which to enforce the governance policy to the folder.
- In the uipath.settings.config folder, create a new asset and configure it as follows:
- Asset name - uipath.studio.governancesource.
- Type - Text.
- Global Value - Select this option and enter the full path to the uipath.policies.config file in the text box.
Optionally, you can apply different policies to different users by adding per-user values with paths to different files.
Using an Orchestrator Asset
- In Orchestrator, select Tenant > Folders and add a new folder named uipath.settings.config.
- Assign the users for which to enforce the governance policy to the folder.
- In the uipath.settings.config folder, create a new asset and configure it as follows:
- Asset name - uipath.studio.governancepolicy.
- Type - Text.
- Global Value - Select this option and paste the entire contents of the uipath.policies.config file in the text box.
Optionally, you can apply different policies to different users by adding per-user values and pasting different parameters.
Applying and Precedence
When a policy is defined, it is applied after Studio is restarted.
A message appears in the Workflow Analyzer settings window, Send Feedback window, in the Settings tab in Backstage View,, and in the Manage Packages window.
Studio applies the governance policy using the following order of precedence: Automation Ops > uipath.studio.governancepolicy > uipath.studio.governancesource > Registry key > local file.
If the governance policy is removed for the user, settings that were enforced through the governance file are persisted as defaults. However, now the user has the option to modify settings that were restricted when the governance policy was in place.
Updated about a month ago