I am working on an automation project in Studio Web at my company. My company has an access restriction policy; we have an internal LAN and the JIRA application installed, which cannot be accessed from outside the network. When I try to debug the automation, I notice that the image loaded in the “live stream” is from an external computer, specifically the one I use at my other job. In other words, the application seems to be running on an external PC. Is there any way to restrict which PC the application runs on?
Hello!
When debugging the automation, it can only run on two possible environments:
- In our cloud via serverless robots.
- On your local machine via the Assistant.
At debug time, the automation cannot run anywhere else.
If you are concerned that the automation can run elsewhere than the above two places, let me know.
Yes, it seemed like a significant intrusion into the computer of the person I accessed. Although my account was registered, I could see their entire desktop, applications, and even WhatsApp conversations. The issue is that it happens randomly; sometimes it opens my desktop, and other times it opens theirs. I will try to capture an image to illustrate this. Regards.
Yes, I am aware of that option, Anil. However, I am particularly interested in ensuring that when we use the cloud version, we can restrict which machine it operates on. As I mentioned below, there is a situation where there is interference with computers being used by other people. Perhaps my original post was not very clear on this point. Best regards.
in cloud when you debug you can either run on local or serverless cloud robots
when scheduling or running in unattended then you can choose any configured machine as well
cheers
It sounds like you guys have set up your machines to be able to run as unattended automations. Doing so does allow anyone with access to the Orchestrator and the appropriate permissions to run jobs to start stuff remotely on your machine without you needing to consent.
The problem would be that you set yourself up as unattended if I am right in diagnosing your setup based on what you say.
Yes, it is very likely that will happen, but I believe that if I am debugging on machine A, the desktop of machine B should not open.
If machine B is set to be an unattended robot and available this will happen I think.
If you want privacy you cannot have your personal machine set to be an unattended robot.
Thank you for your perspective. I hadn’t yet fully understood the implications of defining a machine to be an unattended robot.
You are welcome, hope this helps you understand the behaviour.
The perhaps elaborate further and to perhaps explain why it seems ‘random’.
When you have an unattended robot it will have a ‘heartbeat’ with the Orchestrator, this basically means it pings it every 30-60 seconds and says ‘I’m available, do you have a job for me’.
The Orchestrator on the other hand has a list of jobs running and pending.
When it has a pending job it waits for an unattended bot heartbeat and if that unattended bot meets the right criteria for the job to start it sends it the job.
In this manner, if your personal machine is an unattened robot its entirely possible for it to get a job you didnt intend if its on the same machine template as others.
Even separating machine templates creates a large security risk as someone can easily add your template to a folder to run automations on your machine without you realizing.
Its best to keep your licence as attended only on your personal machine.
@Matias_Clemente.Arg I will forward your feedback to the Orchestrator team. Maybe they will consider an improvement in the future to avoid such situations.
Thank you! Happy automation!
Thank you, your explanation was very clear and I will adjust the licenses accordingly.
Best regards
I believe such feedback has been suggested in the past. I actually caused a fuss last year by demonstrating a shared tenant that was used by all the UiPath MVPs wasn’t securing by demonstrating this exact behaviour and running automations on the machine of another MVP.
I believe we suggested an option where it was partly unattended and if someone tries to trigger an automation it would give a popup asking if you accept the job.
This would allow us to configure our dev machines as unattended robots for unattended testing when we don’t have a separate machine, but not expose our machine to others so easily.
Of course, that solution seems quite logical to me. I had thought of it, but I didn’t want to mention it since I am not fully familiar with all the background, as I am relatively inexperienced in UiPath.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.