Listen
Translate
Credential usage
As a Robot creator or Robot runner, you want to use/access your credentials from a locker. You have "Usage Access" on so that you can use them securely in the task you create or run.
Access my credentials when creating a Task & Metabot: logic
- Audience & purpose
- As a Robot creator, if you create a task you must have access to all credentials from my locker and other lockers for which you have the USAGE permission. You can use the credentials from those locker(s) to develop the task.
Scenario
FinanceLocker contains a FTP credential and an OracleDB credential.
- The FTP credential contains the following attributes:
- Hostname (common attribute) and set to "www.aaftp.com" by the Credential Owner.
- Username (user-specific attribute).
- Password (user-specific attribute).
- The BatchUpload.atmx BOT has a reference to the FTP credential in FinLocker.
- Product user Jay has "Usage Access" on FinanceLocker.
Workflow
- User Jay has Usage Permission on FinanceLocker that holds the FTP and OracleDB user-specific credentials.
- Login to BOTCreator as Jay.
- Create a Task (atmx). Drag and Drop the FTP command.
- FinanceLocker is visible as an insert variable to consume (since Jay has Usage Access to the locker).
- Note: An insert variable can only display lockers: not hanging credentials.
- Insert the FTP credential variable from FinanceLocker.
- Save and run the task.
- Note: The task will run and fail until Jay fills in his FTP user specific credential.
- Upload the task (.atmx) to Product.
Create an automation with commands having F2 support for Credential Vault
Consider creating a task with each command having F2 support for Credential Vault and then test the preceding scenario.
Access my credentials when running a task
- Audience & purpose
-
This applies to users who need to provide "Role-Based Access Control" (RBAC) to credentials at runtime.
-
As an Product Client logged-in user, when you run a Robot and when the Robot fetches a credential from the locker to which you have the "USAGE" permission,
- For common attributes: The value entered by the Credential Owner is fetched for that credential and used.
- For non-common attributes: Your values are fetched for that credential and used.
- See the following screenshot.
-
As an Product Client logged-in user, when you run a Robot and when the Robot fetches a credential from the locker to which you have the "USAGE" permission,
Scenario
A locker named FinanceLocker contains a FTP credential.
- The FTP credential contains following attributes:
- Hostname: (common attribute) Set to "www.aaftp.com" by the Credential Owner.
- Username: (user-specific attribute)
- Password: (user-specific attribute)
- The BatchUpload.atmx Robot has a reference to the FTP credential in FinLocker.
- There are two Product Client users: Nicole and Paul.
- Nicole is logged in to RobotRunner A.
- Paul is logged in to RobotRunner B.
Work Flow:
Use the following steps to perform this exercise:
- Login to RobotRunnerA as Nicole.
- Login to RobotRunnerB as Paul.
- When BatchUpload.atmx (which uses the FTP Credential from FinanceLocker) is run on RobotRunnerA:
- The hostname www.aaftp.com will be used (common attribute).
- For the username and password, Nicole’s credential values will be used (as it is user-specific).
- When BatchUpload.atmx (which uses the FTP Credential from FinanceLocker) is run on RobotRunnerB:
- The hostname www.aaftp.com will be used (as it was marked as a common attribute).
- For the username and password, Paul’s credential values will be used (as it is user-specific).
Run automation with commands having F2 support for Credential Vault
Consider running the task with each command having F2 support for Credential Vault and test the above scenario.
Robot creator F2 support: Selected commands to use locker & credential variables
- Audience & purpose
-
This applies to Robot creators applying "RBAC (Role Based Access Control)". As a Robot creator, when you press [F2] on any field of a command that requires credentials:
- It will allow you to select a credential variable within a locker you own or have "Usage Access" on from the Credential Vault.
- Or, you can choose to manually input or use local variables.
F2 support for selected commands
When you create or edit a task, the following commands and fields will provide support for Lockers.
- FTP/SFTP: Connect (Server, Username, Password).
- Email Automation: Get All Messages, Delete All Messages(Host, Username, Password).
- Active Directory: (Parent path, Login User, Login Password).
- PDF Integration: (User password, Owner password).
- Excel: Open Spreadsheet (Password to Open, Password to Modify)
- Terminal emulator:
- Connect: Hostname.
- Send Text (Text) and Set Field (Text): Optional.
- Connect: Advanced View.
- Connection Type - SSH1 and Authentication Type: User Authentication and Username and Password fields will be restricted.
- Connection Type - SSH2 and Authentication Type: User Authentication and Username and Password fields will be restricted.
- Connection Type - SSH2 and Authentication Type: Key File Authentication and restrict Username.
- Send Text: Text (optional).
- REST WebService: Parameter, Authorization, Username, and Password.
- Request Header or POST Parameter.
- JSON POST parameter.
- SOAP WebService: Username and Password.
- Header, Parameter.
- Citrix Automation: Host, Username, and Password.
- PGP:
- Encrypt Files: Passphrase.
- Decrypt Files: Passphrase, Password.
- Create Keys: Password
- SAP Integration: Connect(Host, Username,Password).
- MWC: Select Action as Set Text or Append Text.
- Database: Connect(Connection String).
- Insert Keystroke: Keystroke.
- Object Cloning: Select Action as Set Text or Append Text.
- Web Recorder: Select Action as Set Text or Append Text, - Text to Set.
- MetaRobot: Import dataset.
Select locker & credential on F2
When you press [F2] on any of the above commands in the credential related fields, it will display variables of all categories: locker, local, and system category.
- The "Locker Variables" category:
- Will only be displayed if the Centralized Credential Vault is opened from Product.
- Will display all Lockers that you own, or to which you have usage-access permission.
- On selecting a Locker Variable, a "Select Credential" dialog box will pop up as shown in the following screenshot.
- The Credential Name drop-down will display all credentials within the selected locker.
- When you select the credential, the Attribute Name should display all attributes within the selected credential.
- Press OK on the dialog. The command field should be set to the value:
$<credential name>(<attribute name>)$ $myftp(servername)$
Generate event data with locker variables
Generating the event data
- Save the command. The respective event data will be created in the Task.
- Save the Task. All references to the Credential and Attribute will be saved.
- Run the Task. All command reference to Credential Variables will be resolved automatically.
- Reopen the Task. The command reference to Credential and Attribute will be retained.
Validations
The user will be able to manually input any value or use a local/system variable as before. However, once a locker variable is selected, the field will become "read only".
- Selection of any other variable will replace the existing credential variable.
- If a local variable is selected, then the "read only" restriction on the field will be removed.
- Double-click a credential variable inserted in a field, or press "Backspace" to select the variable.
- Then press "Delete" to delete the selected variable from the field.
Client-side system defined credentials
- Audience & purpose
-
This applies to Robot creators and Robot runners involved in the securing of sensitive data. As a Robot creator or Robot runner, you want:
- All settings that require a username and password be stored as system-defined credentials inside the Credential Vault.
- These system-defined credentials to be fetched so that they are secured from fraudulent attacks and misuse.
Client-side settings
The Credentials for each of the below settings will be stored as system-defined credentials in the Credential Vault and assigned a System Locker with:
- Auto-login settings (Username and Password).
- Email settings (Hostname, Port, Username, and Password).
On "Apply" or when fetching the value from the Vault, if the Vault is closed then the following error message will be displayed:
There was a problem connecting to Credential Vault. Please contact your system administrator.
Clicking OK on the message will clear and disable the following respective fields.
- In the Product → "All Credentials" view, each of the above settings ("Auto-login" and "Email") will not be visible to a Locker Admin or any other user.
- In the Client, pressing "F2" on the "Selected Commands" field will not show the system-defined variables related to the above settings (Auto-login and Email settings).
Validate credentials when task runs or scheduled
- Audience & purpose
-
This applies to Robot creators and Robot runners validating credential access. As a Robot creator or Robot runner running or scheduling a task having credential variables:
- You want appropriate validation messages to be displayed at run time so that you can ensure the required credentials are available.
- Ensure that you have the appropriate rights to access the credentials.
Missing credential variable
If a credential variable is found missing during execution, then the following error message will be displayed and the task will be terminated.
The error message is accompanied by the Talk to an expert, Check for a Solution, and OK buttons.
The credential variable "xxxx" does not exist. An error occurred at line number "n" of the task "abc.atmx". Please open the Task in the Task Editor to view the action at line number "n".
Missing attribute
If an attribute of a credential variable is found missing during execution, then the following error message will be displayed and the task will be terminated.
The error message is accompanied by the Talk to an expert, Check for a Solution, and OK buttons.
An attribute "aaa" of credential variable "xxxx" does not exist. An error occurred at line number "n" of the Task "abc.atmx". Please open the Task in the Task Editor to view the action at line number "n".
Locker unassigned from a credential
If a locker is unassigned from a credential during execution, then the following error message will be displayed and the task should be terminated.
The error message is accompanied by the Talk to an expert, Check for a Solution, and OK buttons.
The credential variable "xxxx" could not be accessed since it is not assigned to a locker. An error occurred at line number "n" of the task "abc.atmx". Please open the Task in the Task Editor to view the action at line number "n".
Locker usage access is revoked or changed
If usage access on a locker to which the credential was assigned is revoked, then during execution the following error message will be displayed and the task will be terminated.
The error message is accompanied by the Talk to an expert, Check for a Solution, and OK buttons.
The credential variable "xxxx" could not be accessed due to one of the following reasons: 1. The credential is not assigned to a locker. 2. You do not have a consumer permission on the locker "xxxx" to which the credential variable "yyy" is assigned. An error occurred at line number "n" of the task "abc.atmx". Please open the task in the Task Editor to view the action at line number "n" with "Talk to an expert", "Check for a Solution" and the "OK" buttons.
Vault is closed
If a credential variable cannot be fetched when the Vault is closed for any reason, then the following message should be displayed and the task should be terminated.
There was a problem connecting to Credential Vault. Please contact your system administrator.
The preceding message will also be displayed:
- If a Client is offline.
- On commands having: "TestConnection", "Test Output", and "Send Request".
The "Insert Variable" dialog box will show an empty list under the
$LockerVariable$
category.