Governance for Citizen Automation

Hi Everyone.

In Citizen Automation using Studio X, is there any concept for “going live/production”? Or does it even make any sense. For UnAttended automation where bots are deployed on VM , we can control and maintain a “production version” . But in Citizen Automation where business users are building automations , is it even possible or desirable? Fundamental question is how do we “control” what citizen developers are doing apart from having a soft governance (CoE) around it? Would like to hear from other how are they doing it in their organisation.

1 Like


  1. Trainings - teach them deployment, coding guidelines, frameworks, best-practices
  2. CI/CD incl approvals and automatic workflow analyzer execution, if possible
  3. Utilize Workflow Analyzer in standardized way
  4. Strong governance on Orchestrator and strict guidelines on asset, log usage, naming conventions etc.
  5. Establish a Community of Practice to drive internal exchange. Collect new knowledge in CoE‘s central know-how and code repository (internal GitHub, Atlassian stack(Jira, Bitbucket, Confluence)
  6. Standardize operational environment if possible (machines on which Users operate bots)

Don‘t underestimate the training and people component, but also invest upfront in standardization of deployment and governance measures. These investments will pay off tenfold.

1 Like

Hi @Gaurav_Sharma
Consider the Organization policies some user’s needs and rules will differ, so the best way is to manage your users through Governance Config
“Studio comes with a file-based governance model that can be enforced at an organization level to exert a level of control over certain functionalities.”
Refer below for the full details and how to config

I suggest controlling your users best way is this.

In addition to that, you can follow this on the information security side.

  1. Sing off the User Acceptance Policy Agreement with user
  2. Sing-off Privileged User Agreement with user
  3. Also you can design a new Agreement according to your RPA platfrom and control user via the company IT policy and regulations

Thanks. However we are largely speaking about Studio X audience here. Mostly no-code attended bot development that users can run on their own machines. Definitely some oversight can be enforced through governance files etc and awareness through trainings but there will not be CI/DC pipelines etc.

Thanks. What does Privilege user agreement mention? Do you have some examples to share perhaps?

1 Like

hi @Gaurav_Sharma
you can have plenty of template over the internet
like below

you can edit the content according to your organization policy and RPA controls

Meanwhile check with your IT Information Secutry / Governance team or ask to form them you better get a template and also especially if you have ISO standards definitely this Privilege user agreement should be documented at least even IT staff and etc

Thanks for sharing. Yes I understand this part. But imagine lets say an accountant in finance department having a Studio X licenses and studio X on his machine. Even if he uses Studio X to build task automations he can only do what his “user” is authorized so in that sense the attended bot is running on his behalf. Hence there is no special privileges granted to Bot or the user just for Studio X . Or are you saying that Studio X itself is a “privilge”?

1 Like

Its depend actually , as i say example you can download any package form manage package. anyway this can be also control by governance file.

Also u suggest you can check with your information security team and decide it, any way at least the application given user should undercover by any agreement that the are not doing any unethical things