Governance Frame work - Studiox

Hi All,

We are trying to understand the governance for citizen developer. in this i would like to know any feature that we can restrict the citizen developers to automate production URL’s and application prod environments.

I could find some feature in the work flow analyzer rules like restrict application/URL’s in that i have given one sample prodution URL under prohibited list and changed the dropdown to error for the rule. after ading that URL i have verified the process with work flow analyzer it is throwing it as error but i am able to execute the process seamlessly. here the rule is to not allow us to run the process but it is just throwing error.

please adivse.

Regards,
Kirankumar.

For this action, the citizen developer won’t be able to change the workflow analyzer rules? Also that is just analyzer, nothing to do at process run level.

Ideal way to restrict the Production URLs is to create an AD group and the person on that list will have the access to production entities.

Although at website level we can whitelist/blacklist a user or a group too. See if that is possible

Hi Rahul,

i understood we cannot change the rules but we can add the prohibited URL’s in the Add restricted URL/application rule right. in java if you have compile time/run time error you cannot even run the process right the same way the rule should be in uipath. in my point of view if we classify the rules as error it should not allow us to run the process from studio and if we classify it as warning we can ignore and run the process from studio.

Sorry to inform you that we cannot restrict the business users to access production applications since they have some regular task with those prod applications. the only way i could see we should restrict in the Uipath if they try to access prod applications from Uipath it should not allow them to run. may be uipath should consider this request because as part of COE team we cannot monitor each and every citizen developer what they are doing in their machine.

thanks for your thoughts.

Regards,
Kirnakumar.

Analyzer is just to analyze the file, it is not like the compiler. It is just to check if the project is designed as per standards, it will give you error or warning but that will be only for analysis. that won’t affect the run part.

This is interesting to give a thought over, but just to mention → Even if you do succeed in achieving that, what will be the use? If the user has access, that user will open that website and the start/use the robot. makes sense?

just think on that.

If the user has the link to production URL, they will any which way use that, you are just trying to restrict them to open that webbsite using UiPath, which is not worth tbh.

Yeah rahul that i understood it is not like compiler but it should be in the case of citizen developer because they are not too technical. i will tell you the reason why we would need it in this way.

i understand your point but just assume the citizen developer(business user) have access to application prod env they know how to access it manually and they will not do any wrong things. they are new to UiPath studiox there is high chances of create infinite loops or some wrong flows to create some issue to production application. the work flow anlayzer warn them the flow have infinite loops but it will not prevent them to stop running the process. the citizen developers might not know what is the waring their getting in the analyzer to understand they should not run the flow with infinite loop or some wrong flows that create problems to prod application. my point is if we can restrict run that particular URL of the prod application in our UiPath it will good right instead we will allow QA URL’s to them. we are in the process of creating governance for citizen developers in our organization. this is my thought to prevent the issue in the begin of this citizen developer program.

thanks for your time.

Regards,
Kirankumar.

Got your views, that are all valid.

May some new feature can be there for StudioX, that can block the running of robot on some specified conditions. Not sure if one exists.

@loginerror @Pablito → Any thoughts on this?

thanks for your views Rahul. greatly appreciated.

Regards,
Kirankumar.

Hi @kirankumar.mahanthi1,

PFB steps to do the same:

1. As your requirements is to block the url’s, you will need to add list of url’s under below rule name/category,id.
   App/Url Restrictions Security UI-SEC-010

2. Once done, to be able to stop the developers from being able to run or publish, you will also need to enable few settings as shown below:
   

   

   image1195×508 33.8 KB

3. Enable analyzer before run - if you dont even want developers to be able to run the process if rule throws error.

4. Enable analyzer before publish- if you dont want developers to be able to publish the process but they can run the process if rule throws error.

5. Enable analyzer before run and publish as well - if you dont want developers to be able to run and publish the process if rule throws error.

You can change these settings locally from studio (this will be implemented locally) but to be able to control these settings centrally, you will need to implement this via governance policy(changes in uipath.policies.config file) or via Automation ops feature.

Hope this helps.

Let me know if you need any further help on this.

Regards
Sonali

Hi,

Thanks for your valuable help. i will follow the steps you suggested. could you please mention steps on how to make changes for policies.config file. that would be great.

thanks again.

Regards,
Kirankumar.

Hi @kirankumar.mahanthi1,

Lets open another topic for your other queries so queries are handled better.
Please share in that post what is it you are looking help on.

How are currently trying to achieve it, what version of studio are you using etc etc.

Regards
Sonali

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.