I am anticipating we would face similar sensitive data at my company. I’m trying to anticipate all vectors through which people might try and get data they shouldn’t, and admin rights was one of them.
Currently we deploy mostly attended automation with unattended in the works. I have started provisioning accounts for unattended, as I think it’s critical for logging, auditing etc. I’m looking at a windows account for a bot and then an account for each system it has access to. My hope is that this would give fully traceable automation through all systems that are touched in the process.
I think for attended you’d need to be able to encrypt the settings files for the logs, but I’m not sure this is currently supported (similar to https://docs.uipath.com/orchestrator/docs/encrypting-webconfig-sections). Alternatively, you’d be able to set parameters per project during development that define logging behavior (which can’t be changed during runtime). However, this would mean you’d need to deploy a new version to debug properly and another to switch debug off. The goal for me is to be able to debug for a user and then switch out of debug and restrict logging easily and without deploying multiple packages.
It may also be possible to do this by adding some sort of “master” password for a project that is known to developers that can be entered at runtime to toggle debugging behavior. Similar to admin rights but for the project specifically and not the operating system.
It’d be interesting to know how other software practice handles this kind of situation. I guess maybe debugging is limited for a user in production and more open in dev/test environments. Do you have any experience in that kind of set up?