We identified the risk that the persons who are managing the assets (credentials for applications) and the persons that manage the credentials of Robot-user, can use these credentials anonymously and login to systems they are not allowed to login to.
I think I can make a Robot that changes his own password (for application or WindowsID) but can the robot update the orchestrator with this new password? So change an asset-value and change the Robot Credentials.
If we can build a robot like that, no human knows the passwords of the robot and there the identified risk is gone.
Hope anybody can help me.