Audience & purpose

As a Product Administrator, you want to see the details (description, permissions) of a role in a department which was deleted from the system one year ago.

This is used to:

• Record point-in-time data of a Role object from its creation to its deletion.
• Help in understanding what changed in the Role object.
• Show details of objects which have been deleted from the system.

Audit log entries and actions

1. In the "Audit Log" page, an Audit entry will be logged when a Role is created, edited, or deleted.

   Status	Time	Action	Object name	Action taken by	Device	Source	Start time
   Successful	<datetime>	Create role	<role name>	<user a>	<hostname>	Product	N/A
   Successful	<datetime>	Edit role	<role name>	<user a>	<hostname>	Product	N/A
   Successful	<datetime>	Delete role	<role name>	<user a>	<hostname>	Product	N/A

2. If an error occurs during the CRUD (Create, Read, Update, Delete) operation, then the status of the Audit entry will be set to "Unsuccessful".
3. In the "Audit Log" page, select an Audit entry and click "View action".
4. The "Details" page of the Audit entry will be displayed as shown in the following screenshot.

   

5. For each of the Create/Edit/Delete role actions, the "Details" page will show whether the action was "Successful" or "Unsuccessful" as shown in the preceding screenshot (for a successful action).
6. If the action was unsuccessful then it will also display the error message in the "Results" frame.

   

7. The Audit log page will be read-only. A user can only act on the page-level toolbar.
8. The lower-half of the page will show details of the Role object when the action was performed.
   1. It will not show data of the date when this page was being accessed unless there was absolutely no change in the Role object.
9. For the "Edit role" action, the lower-half of the page will display a data table with fields, along with their old and new values. It will only display the fields that are modified. See the following data table.

   What Changed?	Old value	New value
   Role name	abc	xyz
   Number of users	10	20
   Features
   View my scheduled robots	No	Yes
   Schedule my robots to run	No	Yes
   Robots
   My Tasks	Upload: Yes	Download: Yes
   	Delete: Yes	Delete: No
   My Tasks → Folder1	Upload: Yes	Upload: No
   My Tasks → Folder1 → Folder2	Upload: Yes	Upload:No
   	Download: Yes	Download: No
   Devices
   Device	BR1, BR2	BR1
   Users
   User	User1, User2, User3	User1, User2, User3, User4, User5

10. For the "Create role" action, the table will display the same fields as the "Edit role" action except that it will additionally show the Rolename field.
    • The "Old value" column will not be displayed.
11. For the "Delete role" action, the lower half will display the old value.
12. The breadcrumb trail will show Audit log → View action.
13. Click the Back button to return to the previous page.

Security

• Only authorized users will be allowed to view ALL the audit entries and their details.
• Each user can only view audit entries that are specific to the action taken by that user.

Return to top

Audience & purpose

As a Product user having the "View and manage roles" permission, you want to do a bulk delete of selected roles to get rid of redundant roles.

Deleting multiple roles

It will be possible to select multiple roles and perform a "Delete" operation (excluding System-created roles).

1. If the selected roles only include user-created roles and it has a number of users greater than 0, then the Delete operation will fail with an error message:

   Unable to delete these roles since there are users assigned to one or more roles.

2. If the selected roles include system-created roles, the "Delete" operation will fail with an error message:

   Unable to delete these roles since they are System-created roles.

3. If the selected roles only include user-created roles and have a number of users = 0 then a confirmation message with "Yes" and "No" options will be displayed. On confirmation (Yes) the selected roles will be deleted.

   Do you want to permanently delete these <#no. of custom roles> roles?
   Yes   No

4. If the selected roles include a mix of system-created roles and user-created roles, then ask confirmation for other roles and ignore the system roles. The following note will be added to the confirmation (Yes) message.

   NOTE: System-created roles, if any, cannot be deleted.

Return to top

Audience & purpose

As a Product user having the "Roles" permission, you want to create new roles with different permissions and provide users with RBAC (Role Based Access Control) to different features of the Product.

Create a new role with features

Create a new role only with the Features permission

Use the following steps to create a Role only with the "Features" permission.

1. In the Administration > Roles page, click the "New Role" icon.
   • The "Create New Role" page will be displayed with a list of Product Features as shown in the following screenshot.

     

2. Input the name and description of the role, and select one or more features from the displayed list.
3. Click "Create role".
4. The new role will be created with the selected features, no Robots, no Devices, and no Users.

Entry in the Roles Table

The new role entry will be displayed in the Roles table.

Validations

Note the following validations:

1. Role Name and Description: A maximum 255 characters is allowed.
   1. The Role Name must be unique. If it is a duplicate, then an error message "The role <rolename> already exists." will be displayed.
   2. Characters not allowed in Role Name are: - \ / " ' [ ] : | < > + = ; , ? * @
   3. The Role Name is not case sensitive and is mandatory.
2. The Role Name cannot begin with "AAE_"
   • If a user attempts to create a role starting with this prefix, then the following error message will be displayed:

     Type	Reason	Message
     Error	Reserved word.	Role name cannot begin with "AAE" because it is reserved for System-defined Roles.

3. The Feature "View and manage Settings" permission under the Administration tab is reserved only for the Admin Role.
4. By default, all Features permissions will be unselected except for the following:
   1. Dashboard tab → View dashboards (selected and disabled).
   2. Robots tab → View and manage my credentials (selected and disabled).
   3. Administration tab → View and manage settings (unselected and disabled).
5. If a parent permission is not selected, then all of its child permissions will be unselected and disabled.
6. After selecting a parent permission, all of its child permissions will be enabled but remain unselected.
7. If a parent permission is unselected, then after selecting it, all of its child permissions will be unselected.

Create a New Role with Next

Use the following steps to create a new Role with Next.

1. Click "Next" to go to the next page of the "Create New Role" wizard.
   1. The next page to be displayed depends on the features selected.
      1. The Robots page will be displayed if "View my bots and supporting files" under the Robots tab is selected.
      2. The Devices page will be displayed if the "Run my bots" under the Robots tab or "View and manage my Schedule activity" under the Activity tab are selected.
      3. The Users page will be displayed by default.

Create a new role with Robots

Creating a new Role with Robots

Use the following steps to create a new Role with Robots.

1. Under the "Robots tab" Feature, select one or more permissions and click "Next".
2. The Robots page will be displayed with a list of folders for the Product Repository as shown in the following screenshot.

   

3. Select permissions for "Upload", "Download" or "Delete" in one or more folders under the "TaskRobots" or "MetaRobots" sub-tabs.
   • "Select all horizontally" will select all permissions against the selected folder (applicable to both TaskRobots and MetaRobots sub-tabs).
     • When user assigns (checks) a permission to a parent folder, the same action will be propagated to all child folders. The user can individually go to any child folder and is free to change permissions.
     • When user withdraws (un-checks) a permission from a parent folder, the same action will be propagated to all child folders. The user can individually go to any child folder and is free to change permissions.
4. Click "Next" or "Create Role".
   • The new role will be created with the selected features and permissions for the selected Robots.

Validations

Use the following steps to set your validations.

1. Clicking "Next" will display the "Devices" page if "Run my bots" under the Robots tab, or "View and manage my Schedule activity" under the "Activity" tab are selected.
   1. Otherwise, it will display the "Users" page.
2. By default, none of the permissions on the "Robots" tab are selected.
3. Selecting a permission within the Robots tab is optional.
   1. When selecting a parent folder permission, the child folder(s) permission will be auto-selected.
   2. When deselecting a parent folder permission, the child folder(s) permission will be deselected.
4. If a new folder(s) is added after a Role creation, then the new folder(s) will inherit its immediate parent folder permissions.
5. In the "MetaRobots" tab:
   1. Selecting a "Download" permission for a file will auto-select and disable the "Execute" permission.
   2. If the "Download" permission is not provided, then the "Execute" permission will still be allowed to be independently assigned.

Create a new role with Devices

Creating a New Role with Devices

The "Devices" page will be displayed with a list of Devices registered with Product as shown in the following screenshot.

When creating a "Role": If "Run my bots" under the Robots tab or "View and manage my Schedule activity", "Edit schedule", or "Manage all schedule" from the "Activity" tab is selected, then the Devices page will be displayed.

1. Select one or more devices (Robot runners) and add it/them to the list.
2. Click "Next" or "Create Role".
   • The new role will be created with the chosen features and permissions for the selected devices.

Validations

Use the following steps to set your validations.

1. Click "Next" to display the Users page.
2. Click "Back" to display the last visited tab/page.
3. By default, none of the Devices are selected; selecting a Device is optional.
4. The "Devices" table will only display Robot runners.
   1. Each Robot runner will have an icon or status to indicate whether it is connected or disconnected.
5. The "Devices" table will be updated as and when RobotRunners are added or deleted.

Create a new role with users

Creating a new Role with users

Use the following steps to create a new Role with users.

1. Click "Next" from the "Features", "Robots", or "Devices" page in the "Create new role" wizard.
2. The "Users" page will be displayed with a list of all existing users as shown in the following screenshot.

   

3. Select users and add them to the new role being created.
4. Click "Create Role".
   1. The new Role will be created with the selected features and permissions.
   2. The Role will be added to the selected users belonging to this role.

Validations

The "Next" button will not be displayed on the "Users" page.

1. Click "Back" to display the last visited tab/page.
2. By default none of the users are selected.
   1. Selecting a user is optional.
3. The Users table will be updated when users are added or deleted.
4. If the user does not have the "Create role" permission, clicking "Save changes" produces the following error message. Note:
   • The "Create role" page will close and the user will see the "Roles" landing page.
   • The "Create role" button will be removed.

   Type	Reason	Message
   Error	Permission not granted or revoked.	You do not have permission to manage roles. To create a new role, please contact your system administrator.

Roles and users permission mappings

Permission granted to user	What user can see or do	Which associated permissions are required?	What if the associated permissions are not granted to user?
View User	View all users in User landing page. View individual user details. Export users to CSV.	--- --- ---	--- --- ---
Create User	View all users in User landing page. View individual user details. Export users to CSV. Create a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Edit User	View all users in User landing page. View individual user details. Export users to CSV. Edit a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Delete User	View all users in User landing page. View individual user details. Export users to CSV. Delete user.	View User. View User. --- View User (No explicit permissions required for roles or license)	N/A N/A --- N/A
View and Manage Role	View all roles in Roles landing page. View individual role details. Create/Edit a role. --- --- Delete a role.	--- --- View bots. View devices. View user, Edit user. (No explicit permissions required for bots, devices or users)	--- --- Robots will not be displayed in the Robots tab of the Create Role page. Devices will not be displayed in the Device tab of the Create Role page. Users table should not be displayed in Users tab of Create Role page. ---

Return to top

Audience & purpose

As a Product user having the Roles permission:

• You want the "Feature" permission in the Roles UI to be provided in tabular form.
• While creating Roles, you can simply drag and drop or add/remove the set of features/permissions that you want to grant/revoke to/from a Role.

This is used:

• To simplify the UX by providing permission selection from a list of features.
• To scale easily with new roles/permission requirements for other product lines (without having an impact on the UI).

Create Role - Features subtab

Use the following steps to provide Features permission selection from a list of features.

1. Login to Product as a Product Admin.
2. In the "Administration" → "Roles" page, click "Create Role".
   1. The Create Role page will be displayed.
3. The "Features" sub-tab in the Create Role page will display a list of all permissions grouped under a tree structure as shown in the following screenshot.

   

4. Check a parent permission.
   • The child permissions beneath the parent permission will be enabled or disabled.
   • You can check or uncheck any permission from the permission list and save the changes.
5. Other criteria are same as in the "Create new role" document.

Validations

The following validations are applicable.

1. The following default permissions should be checked and disabled since they are applicable to all users. See the following data table.

   Feature	Default permissions
   Activity tab	View my "In progress activity".
   Robots tab	Manage my credentials and lockers.

2. The following permissions should be deselected and disabled since they are applicable only to the Product Admin role.

   Feature	Default permissions
   Devices tab	View and manage RobotFarm.
   Administration tab	View and manage Settings.

3. The following table lists the permissions dependent on the View permission for each feature.

   Feature	Permissions	Dependent View permission
   Dashboard tab	View dashboards.	-
   Activity tab	Create, Edit, Delete, View, and manage All schedule activity.	View my scheduled Robots.
   Robots tab	Manage my locker, Administer ALL lockers.	Manage my Credentials and Lockers.
   Robots tab	Run my Robots, unlock locked Robots, set the product version of Robots.	View my bots.
   Administration tab	Create, Edit, and Delete users.	View users.

4. Other auto-selected permissions are in the following data table:

   Manually-selected permission	Auto-selected permission
   Schedule my bots to run	View and manage my Robot runners and Robot creators.
   Run my bots	View and manage my Robot runners and Robot creators.

5. If you select the "Schedule my bots to run" permission, the following features will be selected automatically:
   • "View and manage my Robot runners"
   • "Robot creators"

Permission Descriptions

View dashboards

1. This permission is available by default to all users.
2. All users will see the "Dashboards" tab. They will see dashboards that reflect the other permissions they have.

View my In-Progress activity

1. If selected, users will see the "Activity" → "In Progress" tab.
2. Users with this permission can see the in progress automation activity of the Robots and Devices to which they have access.

View, Create, Edit, Delete, Manage all scheduled activity

1. If selected, users will see the "Activity" → "Scheduled" tab.
2. If the user does not have permission either for in-progress or scheduled activity, then the user will not see the primary "Activity" tab itself.
   • View scheduled activity: A user with this permission can view schedules for the Robots and Devices to which they have access.
   • Create schedule activity: A user with this permission can create a new schedule activity with the Robots and Devices to which they have access. They can also view the schedule they created.
   • Edit scheduled activity: A user with this permission can edit their scheduled activity. They can also view the schedule they edited.
   • Delete scheduled activity: A user with this permission can delete their schedule activity.
   • Manage all scheduled activity: - A user with this permission can view, create, edit, and delete all schedules created by all the users.

View Robots in repository, run Robots, unlock locked Robots, set production version of Robots

1. If selected, users will see the "Robots" → "My Robots" tab.
   • View Robots in repository: A user with this permission can view the Repository and the Robots belonging to the folders to which they have access.
   • Run Robots: A user with this permission can select the Robot to which they have access, and can run the automation process.
   • Unlocked locked Robots: A user with this permission can select the Robot to which they have access, and if locked (by some user) can forcibly unlock it (applicable only if Version Control is enabled).
   • Set production version of Robots: A user with this permission can select the Robot to which they have access, and can set a particular version of the Robot as the production version (applicable only if Version Control is enabled).

View and manage my credentials

1. This permission is available by default to all users.
2. All users will see the "Robots" → "Credentials" tab.
3. Users with this permission can view and perform CRUD (Create, Read, Update, Delete) operations on their credentials.

View and manage my lockers, administer all lockers

1. If selected, users will see the "Robots" → "Credentials" tab.
   • View and manage my lockers: A user with this permission can view and perform "CRUD" (Create, Read, Update, Delete) operations on their Lockers.
     • They can share the Locker that they own.
   • Administer all lockers: A user with this permission can:
     • Perform CRUD (Create, Read, Update, Delete) operations for all lockers.
     • Add/remove credentials to the lockers.
     • Share and unshare Lockers.
     • Transfer ownership.

View all devices

1. If selected users will see the "Devices" → "Robot runners" tab.
2. Users with this permission can view all the Devices listed in Product.

View and manage RobotFarm

1. If selected, users will see the "Devices" → "RobotFarm" tab.
2. Users with this permission can:
   • Can view the RobotFarm task in Progress Activity in Product.
   • Can login and configure the RobotFarm server in the RobotFarm platform.

View everyone's audit log actions

1. If selected, users will see the "Audit Log" tab.
2. Users with this permission can:
   • View the list of Audit log entries to which they have access.
   • View the Audit details for each Audit entry.

View and manage settings

1. Only users with the Admin Role will see the "Administration" → "Settings" tab.
2. This permission is not available to any other role.
3. With this permission, users can configure Product "Settings":
   • Application path
   • VCS
   • SMTP
   • Support URL, etc.

View, Create, Edit, Delete users

1. If selected, users will see the "Administration" → "Users" tab.
   • View users: A user with this permission can view all users.
   • Create users: A user with this permission can create new users.
   • Edit users: A user with this permission can edit users.
   • Delete users: A user with this permission can delete users.

View and manage Roles

1. If selected, users will see the "Administration" → "Roles" tab.
2. Users with this permission can view and perform CRUD (Create, Read, Update, Delete) operations on roles.
3. While creating roles, the "Robots" tab will only display those folders in the repository where the user has the permission.
   • Similarly the "Devices" tab will only display those devices where the user has the permission.

View and manage licenses

1. If selected, users will see the "Administration" → "Licenses" tab.
2. This permission allows users to install the license and view the "License Summary" and "Usage".
3. They can allocate/deallocate/release licenses to/from the user (provided the user also has the "Create/Edit User" permission).

Validator

1. If selected, users will see the default tabs in Product.
2. This permission is mainly for the "IQRobot Client - Validator UI".
3. Users with this permission can validate IQRobots from the Product Client.

Return to top

Audience & purpose

As a Product Admin or a user having the "Roles" permission, you want to delete an existing role that is not required. This is used to remove redundant roles from the system.

Delete a user-defined role

Use the following steps to delete a user-defined role.

1. In the "Administration" → "Roles" page, select a custom role to be deleted.
2. Click "Delete".
   1. If the role is assigned to a user, the role deletion will fail with an error message: "Unable to delete this role since it is assigned to a user."
   2. Otherwise, the confirmation message "Do you want to permanently delete the role <role name>?" with Yes/No options will be shown.

      

   3. On confirmation, the role will be deleted if it is not assigned to any user.
3. If the user does not have the "Delete role" permission, then when clicking "Save changes" the following error message will be displayed.
   • The "Confirm delete" pop-up will close and user will see the "Roles" landing page.
   • The "Delete" action will be removed from the "Actions" column.

   Type	Reason	Message
   Error	Permission not granted or revoked	You do not have permission to delete roles. To delete an existing role, please contact the system administrator.

Delete a system role

Use the following steps to "try" and delete a system role.

1. In the Roles page, select a system role to be deleted.
2. Click "Delete".
3. An error message "Unable to delete this role since it is a System-created role." will be displayed.

Roles and users permission mappings

Permission granted to user	What user can see or do	Which associated permissions are required?	What if the associated permissions are not granted to user?
View User	View all users in User landing page. View individual user details. Export users to CSV.	--- --- ---	--- --- ---
Create User	View all users in User landing page. View individual user details. Export users to CSV. Create a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Edit User	View all users in User landing page. View individual user details. Export users to CSV. Edit a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Delete User	View all users in User landing page. View individual user details. Export users to CSV. Delete user.	View User. View User. --- View User (No explicit permissions required for roles or license)	N/A N/A --- N/A
View and Manage Role	View all roles in Roles landing page. View individual role details. Create/Edit a role. --- --- Delete a role.	--- --- View bots. View devices. View user, Edit user. (No explicit permissions required for bots, devices or users)	--- --- Robots will not be displayed in the Robots tab of the Create Role page. Devices will not be displayed in the Device tab of the Create Role page. Users table should not be displayed in Users tab of Create Role page. ---

Return to top

Audience & purpose

As a Product Admin or user having the "Roles" permission, you want to edit a role to adjust the necessary permissions for users belonging to this role.

Editing a "System-defined" role

Use the following steps to edit a System-defined role.

1. In the Roles page, select the System-defined role and click "Edit".
2. For Admin Role, if the user is not a member of the Admin role, then an information message will be displayed to the user:

   Type	Reason	Message	Buttons
   Info (no icon)	A non-admin user cannot edit the Admin role.	You do not have permission to edit the Admin role. Because you are not a member of the Admin role, you cannot edit it. To make changes to the system-created Admin role, please contact your system administrator.	Close

3. Otherwise, the "Edit Roles" page will be displayed in which only the "Users" tab will be editable.

Editing a "User-defined" or "Custom" role

Use the following steps to edit a user-defined or custom role.

1. In the "Roles" page, select a user-defined role and click "Edit".
   1. The selected role will be displayed in a page with all details.
   2. The Features, Robots, Devices, and Users sub-tabs will display respective permissions for Product features, Repository, Robot runners, and users assigned to the role.
   3. The "Role name" field will be disabled and non-editable.
2. Change the description and/or check/uncheck the permissions in Features, Robots, Devices, and Users subtabs.
3. Click "Save changes" to save the changes made to the role.
4. Or, click "Cancel" to discard the changes.

   

5. If the user does not have the "Edit role" permission, when clicking "Save changes" the following error message will be displayed.
   • The "Edit role" page will close and the user will see the "Roles" landing page.
   • The "Edit" action will be removed from the "Actions" column.

   Type	Reason	Message
   Error	Permission not granted or revoked.	You do not have permission to manage roles. To make changes to the role, please contact your system administrator.

Editing a role - "No Robots or Devices"

Use the following steps to edit a no "Robots" or "Devices" role.

1. If a role to be modified does not have any Robots or Devices assigned, then clicking the "Robots & Files" subtab or the "Devices" subtab will display a link: "Change your settings on the Features tab".
2. Clicking this link will bring you to the "Features" tab.
   1. Select the "Robots" feature or the "Devices" feature (Run/Schedule).
   2. Click the "Robots & Files" subtab again. It will display the Product "Repository".

      

   3. Click the "Devices" subtab again. It will display the Robot runners.

      

   4. Select one or more permissions for the Robots, or select "Robot runners" and click "Save changes".

Editing a role - "No Users"

Use the following steps to edit a no-users Role.

1. If a role to be modified does not have any users assigned, then click the "Users" subtab to display a list of all existing users (except the Admin user) in the "Available Users" list.
   1. For the Admin role, the Admin user will be displayed in the "Selected users" list.
2. Add or remove users to the current role being modified.
3. If the currently logged in user has the "Roles" permission, he/she can modify his/her role but cannot remove their own user from that role.
   • The current logged-in user will be shown as disabled.
   • If the user attempts to remove him/herself, then the following message will appear:

     Type	Reason	Message	Buttons
     Info (no icon)	Cannot remove current user from role.	You cannot remove yourself from a role. To make this change, please contact your system administrator.	Close

4. When removing user(s) from the role, if these users have the current role as their only role, then on saving the role changes the following message will be displayed:

   Conditions	Message	Buttons
   Removing a single user from a role	The user, <username>, does not have any other roles. A user must have at least one role. This is the last role that this user has so it cannot be removed. To continue, please add another role to this user and then remove this role.	Close
   Removing multiple users from a role	<count> users do not have any other roles. A user must have at least one role. This is the last role that these users have so it cannot be removed. To continue, please add another role to these <count> users and then remove this role.	Close

5. Click "Save changes".
6. A success toast will be displayed once the role is successfully edited. See the following screenshot.

   

7. Note: The "Roles" table will be updated based on changes made to the role.

Roles and users permission mappings

Permission granted to user	What user can see or do	Which associated permissions are required?	What if the associated permissions are not granted to user?
View User	View all users in User landing page. View individual user details. Export users to CSV.	--- --- ---	--- --- ---
Create User	View all users in User landing page. View individual user details. Export users to CSV. Create a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Edit User	View all users in User landing page. View individual user details. Export users to CSV. Edit a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Delete User	View all users in User landing page. View individual user details. Export users to CSV. Delete user.	View User. View User. --- View User (No explicit permissions required for roles or license)	N/A N/A --- N/A
View and Manage Role	View all roles in Roles landing page. View individual role details. Create/Edit a role. --- --- Delete a role.	--- --- View bots. View devices. View user, Edit user. (No explicit permissions required for bots, devices or users)	--- --- Robots will not be displayed in the Robots tab of the Create Role page. Devices will not be displayed in the Device tab of the Create Role page. Users table should not be displayed in Users tab of Create Role page. ---

Return to top

Audience & purpose

This applies to Product users with the "Locker Admin" role who monitor and maintain all lockers in the system.

Locker Admin: System-created role

Use the following steps to define the Locker Admin System-created role.

1. The Administration → Roles page will display a new System-created role named "AAE_Locker Admin" by default.
2. Viewing this Role, the following permissions will be checked by default.
   • Features subtab:
     • "Manage my credentials and lockers"
     • "Administer ALL lockers"
   • Robots & Files subtab:
     • None.
   • Devices subtab:
     • None.
   • Users subtab:
     • None (if no users are added).
3. This Role cannot be modified except for the addition or removal of users to or from the role, and it cannot be deleted.
   • Note: When trying to delete this role, an error message "Unable to delete this role since it is a System-created role" will be displayed.
4. Please refer to the Locker Admin privileges topic for usage of the Locker Admin role.

Custom Role - Administer all lockers

When creating a Custom Role, the permission "Administer ALL lockers" will be unchecked and disabled by default so that no user other than a "Locker Admin" has this permission.

Return to top

Audience & purpose

As an Automation Admin you want your Finance department MetaRobots to be put in the Finance folder, and then assign RBAC on this folder.

• You can provide RBAC to a group of MetaRobots in one shot.
• This saves time and effort from going to each of the MetaRobots individually and then applying RBAC on them.

Managing the workflow

When a new MetaRobot is uploaded to Product, it will inherit the permission of its immediate parent folder at the time of first upload.

1. When you, the Admin, change the permission of a folder, it will be automatically applied to all of the MetaRobots currently present inside that folder.
2. Once a Folder/MetaRobot is created in Product, inherited permissions can be manually changed by you as an Admin.
3. After the first-time creation of a Folder/MetaRobot in Product, an inherited permission can only be changed manually.
   1. No automatic change of permission will be allowed for the already existing Folders/MetaRobots for all subsequent uploads.
4. Permissions applied on an individual MetaRobot will be the final. e.g., MetaRobot M1 is present in folder F1.
   1. If "Upload" is unchecked for F1, but is checked for M1, you will be allowed to upload the M1 MetaRobot to the F1 folder.
5. A MetaRobot's final permissions will be as applied in Product.
   1. You will not be allowed to bypass the Product permissions by tampering (e.g., Copy, Rename, Move to different folder, directly open the MetaRobot through File System) with the MetaRobot on your machine.

VCS is enabled

Note the following guidelines.

• You will not be allowed to checkout a Metabot if you do not have the "Download" permission (i.e., you only have the "Execute" permission).
• You will not be allowed to upload a MetaRobot which you checked out, but later on as an Admin, force the unlocking of that MetaRobot.

Backward Compatibility

RBAC applied on MetaRobots in older released versions will continue to be effective.

• Tasks that were created in version 10.3 and use MetaRobots: Such tasks will continue to run in 11.0 Client without any impact.
• Tasks that were created in version 10.3 and use MetaRobots: Such tasks will continue to be run and scheduled from 11.0 CR without any impact.

Return to top

Audience & purpose

This feature is applicable to users who are Product Admins and users having the "Roles" permission.

The User management feature "View a Role" enables you:

1. To view details of each role created in the Product.
2. Keeps you aware which permissions are assigned to each role.
3. Allows you to take action to edit them if required.

Viewing a "System" created role

As a Product Admin or user having the "Roles" permission, you want to:

• View details of each role created in Product to be aware which permissions are assigned to each role.
• Take action to edit them if required.

1. In the "Administration" → "Roles" tab, select a System-created role and click "View icon".
   1. The page should now display all the details of the selected role in view mode as shown in the following screenshot.
   2. Each category of permissions should be displayed within individual subtabs.
   3. Each subtab should display only the permissions that are granted. If no permissions are granted, "None" is displayed.
2. Click "Back" to take you to the "All Roles" view.
3. Click "Edit" to open the current role in "Edit" mode. This allows you to only edit the "Users" subtab.

   

Features subtab

This is the default subtab.

• It displays a list of only those features that are allocated to this role.

The Features subtab header displays the following details:

• Name heading: The name of the Role.
• Features heading: Tabs that have at least 1 permission granted.

Robots & Files subtab

This subtab displays the Product repository folder structure under the "TaskRobots" and "MetaRobots" tabs.

• The "Select All horizontally" column will not be displayed.
• If a folder or file has a permission it will be shown.
  • There should be a "X" against the "Upload", "Download" or "Delete" permissions; otherwise a blank space will be shown.

The Robots + Files subtab header displays the following details:

• Permissions heading: Directory permissions a user has on at least one folder.

Devices subtab

This subtab displays list of Robot runners that are granted to this role and it contains the following details.

• <selected count> is the count of users allocated.

  

Users subtab

This subtab displays a list of users that are allocated this role. This subtab header contains the following details:

• <selected count> is the count of users allocated.

  

Viewing a "User" created role

This is the same as the System-created role except for the following items:

• If the role does not have Robots permission, then it displays a page with the following message:
  • This role does not have permission to see any Robots and/or support files. Add permission by editing this role.
  • The Robots subtab header will display "N/A".

    

• If the role does not have the "Devices" permission, then a page is displayed with the following message:
  • This role does not have permission to see any devices. Add permission by editing this role.
  • The Devices sub-tab header will display "N/A".
  • Click "Edit" to allow editing of any feature, devices, bots, or users.

    

Return to top

Audience & purpose

As a Product Admin or user having the "Roles" permission, you want to:

• View a list of all roles created in Product.
• Easily see them at a glance.
• Manage roles and permissions as required.

This feature is limited to viewing the list of roles in the table and displaying all UI elements on the "Roles" page.

Viewing all roles

The "Administration" → "Roles" page will display a list of all roles (System & User) created in the Product as shown in the following screenshot.

• Each role entry will display the role name and the actions associated with it.
• All roles will have "View" and "Edit" actions.
• System-created roles will not have the "Delete" action.
• Selecting multiple roles via a check box, a user can perform table-level actions or row-level actions.
  • If a user performs table-level actions like "Delete", "Export", etc., then the action will be applied to all selected rows.

    

  • If a user performs row-level actions like "Edit", "Delete", etc., then the action will be applied to the selected row. All other selected rows will remain selected.

    

System defined roles

The following System-defined Roles will be displayed based on the License installed in Product.

• Each System Role is prefixed with "AAE_".
• Note:
  • The following default System Roles are pre-defined/hard-coded in the System.
  • The Roles in italics have been renamed as compared to their counterparts in version 10.x LTS.
    • AAE_Admin
    • AAE_Basic
    • AAE_Validator (if an IQ Robot license is available)
    • AAE_Robot Insight Consumer (if an Analytics license is available)
    • AAE_Robot Insight Expert (if an Analytics license is available)
    • AAE_RobotFarm Agent (if a RobotFarm license is available)
    • AAE_RobotFarm Admin (if RobotFarm license is available)

Roles and users permission mappings

Permission granted to user	What user can see or do	Which associated permissions are required?	What if the associated permissions are not granted to user?
View User	View all users in User landing page. View individual user details. Export users to CSV.	--- --- ---	--- --- ---
Create User	View all users in User landing page. View individual user details. Export users to CSV. Create a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Edit User	View all users in User landing page. View individual user details. Export users to CSV. Edit a user.	View User. View User. --- View and manage roles to assign roles to user. View and manage licenses to assign license to user.	N/A N/A --- Roles table will not be displayed in the "Create user" page. License table will not be displayed in the "Create user" page.
Delete User	View all users in User landing page. View individual user details. Export users to CSV. Delete user.	View User. View User. --- View User (No explicit permissions required for roles or license)	N/A N/A --- N/A
View and Manage Role	View all roles in Roles landing page. View individual role details. Create/Edit a role. --- --- Delete a role.	--- --- View bots. View devices. View user, Edit user. (No explicit permissions required for bots, devices or users)	--- --- Robots will not be displayed in the Robots tab of the Create Role page. Devices will not be displayed in the Device tab of the Create Role page. Users table should not be displayed in Users tab of Create Role page. ---

Return to top