Development Controls in Orchestrator

Hello,

I wanted to query the forum on the topic of risk-based controls insofar as development and deployment are concerned. I have a small Robotics team (2 people) who basically jockey between who is the primary developer and who is the secondary developer. Each have their roles that they follow via an automated SDLC process. The primary developer only develops the solution in a development environment while the secondary reviews the solution and associated code and is responsible for deployment to production once approved by our internal Risk Department and IT Security.

Can anyone lend me your thoughts on how your organization deals with compensating risk controls? UiPath doesn’t appear to have the ability to enforce the primary/secondary developer roles we have defined. What tools or solutions have you come up with the remediate the risk associated with developing and deploying Robots in your company?

Thank you for your thoughts!
Tim

1 Like

Hi

Here are some thoughts on how to compensate risk controls in your development and deployment process:

Use a version control system (VCS).

VCS will allow you to track changes to your code and roll back to previous versions if necessary. This can help to mitigate the risk of introducing errors into production.

Use a continuous integration (CI) and continuous delivery (CD) pipeline.

CI/CD pipeline will automate your build, test, and deployment process. This can help to reduce the risk of errors and ensure that your code is always in a deployable state.

Use a code review tool.

code review tool will allow you to have other members of your team review your code before it is deployed to production. This can help to identify and fix errors before they cause problems.

Use a change management process.

change management process will help you to track and control changes to your production environment. This can help to mitigate the risk of accidental changes disrupting production.

Use a risk assessment tool.

risk assessment tool can help you to identify and assess the risks associated with your development and deployment process. This can help you to prioritize your efforts and mitigate the most critical risks.

In addition to these general controls, you may also want to implement specific controls to mitigate the risks associated with your development and deployment process. For example, you could:

Implement a role-based access control (RBAC) system.

RBAC system will allow you to control who has access to your development and production environments. This can help to mitigate the risk of unauthorized access.

Implement a security monitoring system.

security monitoring system will allow you to monitor your development and production environments for suspicious activity. This can help you to identify and respond to security incidents quickly

Hope this helps

Refer this documents for further insights

https://docs.uipath.com/studio/standalone/2023.4/user-guide/design-best-practices

Cheers @

1 Like

HI @timothy.farrell

Welcome to UiPath community

  1. Version Control: Orchestrator provides version control for your automation projects. You can upload different versions of your automation packages and select which version to run. This ensures that you can roll back to a previous version if a new one has issues.
  2. Environment Management: Orchestrator allows you to define different environments, such as development, testing, and production. You can configure your automation processes to run in specific environments to prevent accidental execution in production.
  3. User Roles and Permissions: You can assign roles and permissions to users within Orchestrator. This control ensures that only authorized individuals can access and modify automation processes, minimizing the risk of unauthorized changes.
  4. Access Control Lists (ACL): ACLs enable you to control access to specific processes, robots, queues, and assets within Orchestrator. This fine-grained access control helps maintain data security.
  5. Source Code Management Integration: Orchestrator can integrate with popular source code management systems like Git. This allows you to store your automation project’s source code in a version-controlled repository and link it to your Orchestrator environment.
  6. Asset Management: You can manage sensitive data, such as API keys and credentials, by storing them as assets in Orchestrator. Assets can be encrypted and controlled, ensuring data security and easy updates when needed.
  7. Queue Management: Orchestrator supports the management of job queues. You can prioritize, pause, or stop jobs in the queue, ensuring efficient execution of automation tasks.
  8. Package Deployment: You can publish and deploy automation packages to robots through Orchestrator. This centralizes the deployment process, making it easier to ensure that the latest, tested automation packages are running.
  9. Logging and Audit Trail: Orchestrator maintains logs and audit trails of all activities. This helps track changes, troubleshoot issues, and maintain compliance with auditing and security requirements.
  10. Scheduled Execution: Orchestrator allows you to schedule when automation processes should run. You can set up regular intervals or specific times for execution to avoid disrupting other business processes.
  11. Monitoring and Alerts: You can set up alerts and notifications to be triggered based on specific events or conditions. This allows you to proactively respond to issues and ensure smooth automation operations.
  12. Recovery Mechanisms: Orchestrator provides mechanisms for handling exceptions and errors. You can define how the system should react to different types of issues, ensuring a graceful recovery process.

Hii @timothy.farrell

Some key development controls in UiPath Orchestrator:

  1. User Roles and Permissions: Orchestrator allows you to define user roles with specific permissions. You can grant or restrict access to various functionalities based on roles. This ensures that only authorized individuals can perform specific actions, such as publishing, starting, or editing processes.
  2. Environments: Environments are used to group robots and processes for a specific business unit or use case. You can allocate specific environments to development, testing, or production. This separation helps maintain the integrity of your automation projects and ensures that processes are deployed to the right environment.
  3. Queues: Orchestrator provides a queue mechanism to manage the input and output data for your processes. This helps in better handling transactions and data flow within automation workflows. You can control how items in a queue are processed and assign them to specific robots.
  4. Process Version Control: Orchestrator allows you to publish different versions of your automation processes. This is crucial for managing updates and ensuring that new versions are thoroughly tested before being deployed to production.
  5. Development and Deployment Pipelines: Orchestrator can be integrated with version control systems (e.g., Git) and CI/CD pipelines to automate the development and deployment of automation projects. This enables a structured and controlled approach to managing code changes and promoting them through different environments.
  6. Packages: You can package your automation projects into reusable units and publish them to Orchestrator. This helps in version control and simplifies the deployment process, as you can easily install, update, or roll back packages as needed.
  7. Asset Management: Orchestrator allows you to store and manage sensitive information, such as credentials and configuration data, in a secure manner. You can control who has access to these assets, which is crucial for data security and compliance.
  8. Release Management: You can define release strategies and schedules for deploying processes to different environments, ensuring that they are rolled out at the right time and in a controlled manner.
  9. Audit Trails and Logging: Orchestrator maintains logs and audit trails for actions taken by users and robots. This helps in tracking changes, troubleshooting issues, and maintaining accountability.
  10. Robot Permissions: You can assign specific permissions to robots, allowing you to control which robots can access certain processes and data. This is particularly important for managing multi-robot environments.

Cheers…!