and there is an option to set governance for user via Orchestrator Asset. I created required folder and asset and it worked pretty well. When I changed asset, after restarting Studio, policy had changed too.
But… According to this page I can set this asset with value per user. So my goal was to create two governance and switch beetwen them (by changing text value in asset) for specific user. When I turned off global value, and paste the same governance for user in user/value section, no governance was loaded for Studio.
I know I can create governance and paste location to file in registry or even paste governance to local. But I would rather like to switch them in Orchestrator for specific users. Right now it is working global only. Is it my configuration or it just not working in Studio/Orchestrator?
This option requires from users to log in in assistant. We would like to use machine template key and url service type connection. When robot is installed in service mode then changing that settings requires admin privileges. And that’s ok, because in that case user would not be able to log in in any other orchestrator.
Our goal is to let user install UiPath by himself (access to installation would be given for specific users in company). Installation is based on .msi file. After installation, prepared bash script (or sth like that) should connect robot to orchestrator. Basically user should do just two clicks.
After that I want to give user governance for building robot or just using assistant. I know I can just install assistant for user who would use only robots, but in case his needs for developing a robot I would not be able to install studio and after finishing development to uninstall studio. That’s why I need governance which allow me to block users running projects from studio without permission.
Licence Attended still alow user to open Studio and run project. It blocks editing the project but it’s not enough. User would be able to build few projects and then run them in Studio without showing jobs on Orchestrator.
So I would still use governance as shown in my first post, but I still need to get easier solution to manage policy by user (like asset without global value)
Hi, @Yameso - Thanks for this question, I’ll try to clarify things. Please correct me if I missed something. The Governance capabilities in Automation Ops address the same product functionalities as the Governance file - i.e. Backstage settings, Package Sources, Workflow Analyzer Rules etc. So, if the Governance file helps you achieve something, Automation Ops will come with the same enforcement capabilities but will enhance deployment settings (i.e. who gets which policy, which is something you can’t achieve with Orchestrator’s asset)
Adding Automation Ops goes like this:
Installing Robot in service mode won’t interfere with the possibility to add governance via Automation Ops (only in Cloud at the moment), you can complete the installation and connect it to an Orchestrator
You enforce user authentication in Orchestrator
The users are forced to authenticate using interactive sign-in and when they do, they get governance from Automation Ops
Now, what I don’t really understand, is the use-case you’re pursuing, can you please clarify this? You don’t want users to run projects in Studio (as in production)? If yes, this is something we haven’t yet included in our current governance capabilities, but it is planned. Thanks!
Thats why all our users would have the same machine template and URL, because it would be easy to connect only by running special script (which has those priviliges). Therefore we prevent to log in to any other Orchestrator then ours.
We dont have Automation Ops - we use Orchestrator on premise.
We are able right now to switch beetwen governance by using local file and Orchestrator. I tested it out and this is possible, but it is quite complicated and difficult to manage.
We can block running process in Studio by creating governance, which disallow it in specific way. But yes - it is just workaround.
I am having the same issue trying to provide different policies to different users in an OnPrem Orchestrator version 2020.10.7
The use-case in my case is that for some developers who are experimenting with new features and workflow analyzer settings I want to give them the option to for example edit some setting by setting “AllowEdit”: true for some values in the policies, but not enable this for all users globally.
So the Idea was to have a GlobalValue for all users and a Per-User value for some as described here https://docs.uipath.com/studio/docs/governance#using-an-orchestrator-asset
I also tried the uipath.studio.governancesource workaround mentioned by @Yameso but could not get it to work.
Jakub how did you manage to set a per-user file? In may case the per-user for that asset also has no effect.
Keep the global value enabled and then override the value for the specific user, that should work.
As a note however, the long term recommended way of doing this will be to use Automation Ops which is now GA for Cloud Customers. It will be available on-premise in a future update.
We are on on-prem version so Automation ops is not an option for us currently.
Hence, we have applied governance using exact method as shown in your scheenshots above by using asset - uipath.studio.governancepolicy
Our requirement is to have global level policy but also want to have value per user with different settings in policy file. So to make this happen and verify, I changed policy name at both locations.
kept Global-policy at global and user-policy at user level. But only global level policy is being picked if “Global value” radio button is enabled.
And if “Global value” radio button is disabled, no policy is being applied to studio.
Apparently, studio is not picking value per user to apply the policy.
Have you guys been able to find its resolution? Please suggest.
Us being on on-prem version, automation ops is not an option currently. Hence, we are applying policy at enterprise level using asset - uipath.studio.governancepolicy
However, it is only picking global value defined and never the one defined per user.
For policy to enable at an enterprise level, we would definitely require “value per user” to work as that way, we will be able to make changes in the policy file per teams.
When I test it with my Studio and Orchestrator setup it is picking up the value per user rather than the global value. Unfortunately this is extremely hard to debug over the forum, so I would recommend you create a support ticket with UiPath and the UiPath support engineers can help debug why it isn’t working in your environment.
I was running 21.4 when I tried and everything worked as expected. I went back and tried with 20.10.6/7 and it appears that there is a bug in 20.10.6/7 with loading individual values that has been subsequently fixed.
Thanks for finding and report, I’ll file this internally, but a support ticket will also be helpful so please raise that as well to help for prioritization in a patch.
Sorry to bring that up once again. It’s not working properly with our current setup. We are going to raise a ticket to support but maybe you know the answer…
So I have two enviroments (two servers) for Orchestrator. Both are 22.10.2.
In the first one we connected 21.10.4 Studio. User are connected to Orchestrator old way - with machine key to one machine template. I created modern folder UiPath.settings.config with asset UiPath.studio.governancepolicy. And here global and per user settings are working fine.
In the second Orchestrator we have 22.10.5 Studio. Machine’s are connected via client secrets (each user has own machine template). I also created right folder and asset. Only Global Value is working. I was trying with directory and local user. I also created new role which contain only asset view permission - it didn’t helped.
In both scenarios I didn’t assign any machines to UiPath.settings.config folder.
Hi the reason you’re not seeing the “Generate Governance File” option when using the machine key to connect to your Orchestrator tenant is that this option is only available when connecting via user credentials. As for why you’re not able to upload the Classic policy, it’s possible that the policy file you’re trying to upload is not in the correct format. Make sure the file you’re uploading is a JSON file, and that it contains the correct information