Setting account on level "Processes" rather than "Robots"

orchestrator

#1

My client has a setup with several robot servers that all have their own robot account. Having the accounts set on the “Robot” level requires them to allow the robot accounts to access all applications they need to work in (they usually go with single sign on). This makes the robot accounts “superusers” that is not appreciated by IT etc. If we keep the robots separated to a collections of processes, we can keep the access down to a selection of applications but forces us to only run certain process on certain robots.

We would like to have a scenario where we can use separate process account that run on any robot really. Same process always run under this account no matter what Robot/Server it uses. Tracing the robots in the applications logs will reveal the process account name, rather than the robot account.

One way to explain this would be to imagine that setting the account in orchestrator on “Processes” items instead of “Robots”.

Any suggestions on how this can be achieved?


#2

Hi David,

I see your point and from my knowledge this will be implemented as a feature next year as it involves a lot of changes on the Robot and Orchestrator.

I am not aware of any workaround for now.


#3

If it helps, you can separate the Processes in Orchestrator by using Environments. So when you Provision a Process on a certain Environment, it only allows you to run that Process on certain Robots that you have selected for that Environment. Or did I misunderstand?

Thanks.


#4

I know about Environments but they’re just a way to group robots/servers right? We still keep the issue with having to use the same accounts for several processes and thereby adding to many permissions to the same accounts and also making it harder to trace what perticular process was in a system at a certain time.


#5

Thanks Ovi!

Do you mean during 2018 or 2019?


#6

2019 since 2018.1 has just been released.