To enable organizations to provide StudioX to a broad group of users securely, StudioX has automatic logging and controls built in that can enforce organizational policies.
Watch the following video for an overview of the governance capabilities available in Studio and a demo of how to use them in StudioX.
One of the main concerns organizations have regarding broad Citizen Developer deployments is how to track usage, know what automations exist, and what those automations are doing.
If your organization licenses Robots and StudioX through Orchestrator, the Robots and associated StudioX instances are connected to Orchestrator. This means that many common actions are logged by default in the execution logs including every time an automation is executed. The logged events include:
- Windows identity of the user
- Name of the machine
- Name of the process
- Version, and more
This enables your organization to have deep visibility into automation use in the organization.
Events in the execution logs include user and machine information. This enables you to build reports from the execution logs showing all the users who ran automations in your organization using supported reporting technologies (direct queries against the logs, UiPath Insights, etc.).
By logging all user and process information in the execution logs, you can build reports and know who is running which automations. This enables you to enact organizational policies that ensure all automations are shared with IT and properly documented and understood if needed, avoiding situations where employees build automations that nobody else in the organization knows about.
By default, the activities used by StudioX projects record important information in the execution logs with no action required from the user. This gives you a high-level picture into important actions performed by the Robot. For more details on what is logged, see Audit Logging.
Every execution started event in the execution logs includes an
initiatedBy property that records which product started the automation (Assistant, StudioX, Studio, or Orchestrator). This means that you can build a report from the logs showing who is using which product, and detect patterns such as users running only from StudioX, rather than publishing completed processes and running them from the Assistant.
Many organizations want the ability to put guardrails in place to ensure that Citizen Developers follow organizational policies and guidelines. To enable this, StudioX offers the ability to specify policies that control areas such as:
- Settings (for example, Workflow Analyzer)
- Permitted activities package feeds
- Permitted activities and packages
- Applications and URLs that can be automated
You can enforce governance policies by using either:
- Automation Ops, a web application available in Automation Cloud that enables administrators to quickly set up and deploy policies in the organization. For more information, see the Automation Ops Guide.
- A file-based governance model that consists of creating a JSON policy file and deploying the file via a registry key or via Orchestrator. You place this file in a read-only location accessible from your users' machines, such as a network share or blob storage, and then set a registry key either via your install script or Windows group policy. Alternatively, you can paste the contents of the file or add the file path in specific assets in Orchestrator. StudioX loads the policy when it starts and behaves as defined by the policy. For more information, see Governance in the Studio Guide.
StudioX includes an App/URL Restrictions Workflow Analyzer rule. To limit which applications and/or URLs users may automate, you can choose to either prohibit specific apps/URLs or allow only those from a specific list (both options are supported). To block any non-compliant workflows from being run or published:
- In the policy, enable the Enforce Analyzer before Run and Enforce Analyzer before Publish options (for the file-based model, set the AnalyzeOnRun and AnalyzeOnPublish properties to
true). This will require automations to pass a Workflow Analyzer check prior to being run or published.
- Configure the App/URL Restrictions rule using either the prohibited or allowed lists per your organization's requirements, and set the Default action to Error.
See About Workflow Analyzer for a full list of rules.
You can create custom Workflow Analyzer rules for StudioX in the same way as you do for Studio. To make a rule available in the StudioX profile, an additional property must be defined. For more information, see Building Custom Rules in the Studio Guide.
Updated 5 months ago