My client has a setup with several robot servers that all have their own robot account. Having the accounts set on the “Robot” level requires them to allow the robot accounts to access all applications they need to work in (they usually go with single sign on). This makes the robot accounts “superusers” that is not appreciated by IT etc. If we keep the robots separated to a collections of processes, we can keep the access down to a selection of applications but forces us to only run certain process on certain robots.
We would like to have a scenario where we can use separate process account that run on any robot really. Same process always run under this account no matter what Robot/Server it uses. Tracing the robots in the applications logs will reveal the process account name, rather than the robot account.
One way to explain this would be to imagine that setting the account in orchestrator on “Processes” items instead of “Robots”.
If it helps, you can separate the Processes in Orchestrator by using Environments. So when you Provision a Process on a certain Environment, it only allows you to run that Process on certain Robots that you have selected for that Environment. Or did I misunderstand?
I know about Environments but they’re just a way to group robots/servers right? We still keep the issue with having to use the same accounts for several processes and thereby adding to many permissions to the same accounts and also making it harder to trace what perticular process was in a system at a certain time.