studiox
2023.4
false
UiPath logo, featuring letters U and I in white
StudioX User Guide
Last updated Aug 7, 2024

Governance and Auditing

To enable organizations to provide StudioX to a broad group of users securely, StudioX has automatic logging and controls built in that can enforce organizational policies.

Watch the following video for an overview of the governance capabilities available in Studio and a demo of how to use them in StudioX. The video showcases the file-based governance model. For an even easier way to manage governance policies, use Automation Ops.

Reporting and Auditing

One of the main concerns organizations have regarding broad Citizen Developer deployments is how to track usage, know what automations exist, and what those automations are doing.

If your organization licenses Robots and StudioX through Orchestrator, the Robots and associated StudioX instances are connected to Orchestrator. This means that many common actions are logged by default in the execution logs including every time an automation is executed. The logged events include:

  • Windows identity of the user
  • Name of the machine
  • Name of the process
  • Version, and more

This enables your organization to have deep visibility into automation use in the organization.

Frequently Asked Questions

How can we know who is using automations in the organization?

Events in the execution logs include user and machine information. This enables you to build reports from the execution logs showing all the users who ran automations in your organization using supported reporting technologies (direct queries against the logs, UiPath® Insights, etc.).

How can we know what automations are used in the organization?

By logging all user and process information in the execution logs, you can build reports and know who is running which automations. This enables you to enact organizational policies that ensure all automations are shared with IT and properly documented and understood if needed, avoiding situations where employees build automations that nobody else in the organization knows about.

How can we know what users are doing in their automations?

By default, the activities used by StudioX projects record important information in the execution logs with no action required from the user. This gives you a high-level picture into important actions performed by the Robot. For more details on what is logged, see Audit Logging.

How can we know which users are using StudioX, Assistant, etc.?

Every execution started event in the execution logs includes an initiatedBy property that records which product started the automation (Assistant, StudioX, Studio, or Orchestrator). This means that you can build a report from the logs showing who is using which product, and detect patterns such as users running only from StudioX, rather than publishing completed processes and running them from the Assistant.

Governance Controls

Many organizations want the ability to put guardrails in place to ensure that Citizen Developers follow organizational policies and guidelines. To enable this, StudioX offers the ability to specify policies that control areas such as:

  • Settings (for example, Workflow Analyzer)
  • Permitted activities package feeds
  • Permitted activities and packages
  • Applications and URLs that can be automated
  • Preventing production runs from StudioX
  • Source control settings in StudioX
  • Filtering settings in the Activities Panel

Frequently Asked Questions

How do we configure and deploy a governance policy to our users?

You can enforce governance policies by using either:

  • Automation Ops, a web application available in Automation Cloud that enables administrators to quickly set up and deploy policies in the organization. For more information, see the Automation Ops Guide.
  • A file-based governance model that consists of creating a JSON policy file and deploying the file via a registry key or via Orchestrator. You place this file in a read-only location accessible from your users' machines, such as a network share or blob storage, and then set a registry key either via your install script or Windows group policy. Alternatively, you can paste the contents of the file or add the file path in specific assets in Orchestrator. StudioX loads the policy when it starts and behaves as defined by the policy. For more information, see Governance in the Studio Guide.

How can we place limits on which applications and/or websites can be automated?

StudioX includes an App/URL Restrictions Workflow Analyzer rule. To limit which applications and/or URLs users may automate, you can choose to either prohibit specific apps/URLs or allow only those from a specific list (both options are supported). To block any non-compliant workflows from being run or published:

  • In the policy, enable the Enforce Analyzer before Run and Enforce Analyzer before Publish options (for the file-based model, set the AnalyzeOnRun and AnalyzeOnPublish properties to true). This will require automations to pass a Workflow Analyzer check prior to being run or published.
  • Configure the App/URL Restrictions rule using either the prohibited or allowed lists per your organization's requirements, and set the Default action to Error.

How can we make sure users perform production runs from Assistant and not from StudioX?

You can limit the number of runs allowed from StudioX for projects that have no changes. After the limit is reached for a project, running it from StudioX is no longer allowed, the user is prompted to publish the project, and optionally, an event is logged in an Orchestrator queue of your choice. To set this up, for the file-based model, configure the parameters in the RequireUserPublish section of the governance file.

What Workflow Analyzer rules are included in StudioX?

See About Workflow Analyzer for a full list of rules.

Can we create custom Workflow Analyzer rules for StudioX?

You can create custom Workflow Analyzer rules for StudioX in the same way as you do for Studio. To make a rule available in the StudioX profile, an additional property must be defined. For more information, see Building Custom Rules.

Audit Logging

Audit information regarding the data used by activities in automation projects is recorded in execution logs at the Information level in messages that begin with Audit: (except for the Use Application/Browser activity, which has information recorded at the Trace level).
In addition, logs also contain an initiatedBy property that records where each project execution was initiated: Assistant, StudioX, Studio, or Orchestrator. This enables organizations to keep track of how the tools are used.

Watch the following video for an overview of the governance capabilities available in Studio and a demo of how to use them in StudioX.

The following table lists audit information logged for StudioX activities. For more information about logging, see the Studio guide.

Activity

Audit Information Logged

Use Application/Browser

  • For desktop applications:

    • The name of the target application executable file.
    • Any arguments passed to the application at startup.
  • For web browsers:

    • The name of the web browser (IE, Firefox, Chrome, or Edge).
    • The URL of the targeted web page.

Use Excel File

  • The name of the Excel file used by the activity.

Use Word File

  • The name of the Word document used by the activity.

Use Outlook 365 / Use Gmail / Use Desktop Outlook App

  • The email account used by the activity.

Extract Table Data

  • URL of the web page from which the data is extracted.

Send Email

  • Recipients added to the To field.
  • Recipients added to the Cc field.
  • Whether the email is sent or saved as draft.

Reply to Email

  • Recipients added to the To field.
  • Recipients added to the Cc field.

Forward Email

  • Recipients added to the To field.
  • Recipients added to the Cc field.

Use PowerPoint Presentation

  • The name of the PowerPoint file used by the activity.

Use Google Document / Use Google Spreadsheet / Use Google Drive

  • The Google account used by the activity.

Use OneDrive & SharePoint

  • The Microsoft 365 account used by the activity.
  • Reporting and Auditing
  • Frequently Asked Questions
  • Governance Controls
  • Frequently Asked Questions
  • Audit Logging

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.