Bot processes security and restricting users

Hi all,

I have some important questions i was hoping someone could help?

  1. Our aim is to start rolling out attended bots for end users to run on their local machines. However, we have concerns around users access to bot processes in orchestrator. We don’t want users to have UIpath studio on their local machines. Just the bot tray. Is the a way to do the below:
    a. As the bot tray is linked to orchestrator, can we only show bot processes for particular users?
    b. Can we publish bot process straight to the bot tray and not orchestrator?
    c. We don’t want users to have UIpath studio on their local machines. Just the bot tray. We have found on the forum that we can develop a bot on studio and then move the package to any bot tray on any machine and then run it. Does that firstly sound right to you and secondly a stable way to do it?
    d. Can we restrict bot processes with Active Directory integration?

  2. Do you have any suggestions on best practices for what we are try to do to minimise risk from a securities point of view as well as keeping a stable bot process?


Hello @rohangroombridge

When you have the orchestrator it is not a good practice to have the deployed packages in each user machines separately. This will run into version issues over the time as an when new versions are released of the process. So the best option is to deploy to orchestrator.

For the concern of users having full access to all processes in orchestrator, you can create different folders in the orchestrator. Each folder will have it’s own properties and processes. The robots can be allocated to these processes so that the users will not see the processes in the robot tray of other folders. You can also think of multi tenancy for this case.

Also, for users machines you dont need to install studio to get the robot. You can install only the robot in user machines. This will solve all your concerns I guess.

1 Like

Hi, thank you for your help @Lahiru.Fernando A few questions:

You mentioned to use folders in orchestrator, (we will go with this option) we are thinking two options, either each user has the bot processes on their local machine or we give them a VM to login to. Our concerns are:

  1. if it’s running on their local machine then what’s the reliability? Could it break easily?
  2. if we give a department a VM and then have all that departments bot processes linked to tha not machine then how to we manage what each user sees on the bot tray when they login as the VM wont have studio installed?

Linked to that machine*