Robots app permissions

A combination of four elements controls access to the Robots app, and the ability to perform various tasks in the app (permissions):

  • Diligent One system-wide user type (Launchpad user type)

  • subscription

  • Robots app role

  • robot role

Element Type/role options Controls

Diligent One system-wide user type

(Launchpad user type)

  • LaunchpadSystem Admin

  • LaunchpadUser

Diligent One system-wide access

For detailed information, see System-wide user types and group roles

subscription
  • Professional

  • Oversight

Broadly defined Diligent One app access

For detailed information, see Managing licenses and subscription permissions

Robots app role
  • Robots Admin

  • User

Robots app-level access
robot role
  • Owner

  • Editor

  • Reviewer

  • Developer

  • Read-Only

  • robot access

  • robot folder access

Permissions from a user perspective

A user's Launchpad user type and subscription broadly define what they can do in Diligent One, and which apps they can access.

For app-level access to Robots, you assign a single Robots role to a user: User or Robots Admin. Robots Admins automatically have access to every robot and folder in Robots, with the greatest degree of access.

Users with the app-level User role can have multiple robot-level or folder-level roles, each of them assigned on a per-robot or a per-folder basis. This granular permissions structure means that:

  • A user can be granted access to some robots and folders and not others.

  • The degree of access for a user can differ from robot to robot, or folder to folder.

In addition to a user's app-level Robots role, a user's subscription type has implications for which robot-level or folder-level roles they can have assigned.

Note

For organizations using an on-premise Robots Agent, the app-level Robots role does not control access by Analytics users to tables on the Robots Agent server. For more information, see On-premise Robots Agent security.

Robots app-level access

Robots app-level access dictates the high-level activities that a user can perform in Robots. App-level access is controlled by the combination of:

  • Launchpad user type
  • subscription
  • Robots role

Note

For organizations that use Robots, all users with Professional or Oversight subscriptions automatically have basic app-level access. Users with Contributor subscriptions cannot access Robots.

Launchpad user type LaunchpadSystem Admin LaunchpadUser
Subscription Professional Oversight Professional Oversight
Robots role Robots Admin * User Robots Admin User User
Basic app access
Access ACL robots

Access HighBond robots
Access Workflow robots
Can be an Owner in a robot
Can be an Editor in a robot
Can be a Reviewer in a robot
Can be a Developer in a robot
Can be a Read-Only user in a robot
Automatically an Owner in all robots
Create robots
Create robot folders
Work with robots and robot folders

(Specific permissions depend on the assigned robot role)

Access task sequences
Grant Robots Admin role to other users
Manage Robots Agent

(Settings page)

 

Depends on the user's Manage Agent? setting

Manage users

(Settings page)

* A LaunchpadSystem Admin with a Professional subscription is automatically a Robots Admin with the Manage Agent permission. This automatic assignment cannot be changed in Robots.

Assign Robots app roles

Note

You must be a Robots Admin to assign app roles.

  1. From the Launchpad home page (www.highbond.com), select the Robots app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Robots app.

  2. In the upper-right corner, click Settings.
  3. Under Global Settings, click User management.

    All users with Professional or Oversight subscriptions appear in the user list.

  4. Next to the appropriate user, select a role to assign.

    By default, the User role is assigned.

    Tip

    Use the search bar to filter the names in the list.

    If the Robots Admin role is assigned and cannot be changed, the user is a Launchpad System Admin with a Professional subscription. The Robots Admin role is automatically assigned to these users and cannot be changed in Robots.

Robot and robot folder access

A user's access to a robot, or a robot folder, is controlled by the robot role assigned to them for the specific robot or folder:

  • Owner role (most permissions)

  • Editor role

  • Reviewer role

  • Developer role

  • Read-Only role (least permissions)

At the robot level, and at the robot folder level, users are called collaborators. If a user has not been added as a collaborator to a robot or a folder, with one of the five robot roles, the robot or folder is invisible to them.

Robot access, and robot folder access, are similar. One is applied at the robot level, and the other is applied at the robot folder level.

Robot access

Robot access dictates the specific, low-level activities that a user can perform in an individual robot. Robot access is controlled, on a per-robot basis, by the robot role assigned to a user.

You assign the robot role at the robot level if the robot is not contained in a folder. If the robot is contained in a folder, you assign the role at the folder level.

Robot folder access

Robot folder access dictates the specific, low-level activities that a user can perform in an individual folder, and in all the robots contained in the folder. Robot folder access is controlled, on a per-folder basis, by the robot role assigned to a user.

The role assigned at the folder level automatically cascades to all the robots in the folder and controls access to the individual robots.

Robots Admins have access to every robot and folder

Robots Admins are automatically a collaborator for every robot and folder, with the role of owner. This automatic assignment ensures that:

  • At least one user has a global view and maintenance capability for all robots and folders
  • No robot or folder is left without any collaborators and becomes invisible

As an additional safeguard, a Launchpad System Admin with a Professional subscription is automatically a Robots Admin. This automatic assignment cannot be changed in Robots.

Robot roles

The robot and folder permissions associated with each robot role are summarized below. Detailed information appears in subsequent sections.

Permissions for Workflow robots are treated differently

To access Workflow robots, you must be assigned the System Admin user type with a Professional subscription. This combination of user type and subscription provides the greatest degree of access in Diligent One, and full permissions for all actions with Workflow robots.

For any other combination of user type and subscription, Workflow robots are not accessible or even visible.

Note

The intention is that a System Admin with a Professional subscription will be able to configure tasks in Workflow robots that are triggered by Diligent One events. This functionality is still being developed and not yet available.

Robot permissions in detail

A collaborator's role for a specific robot controls the activities that the collaborator can perform in the robot. If a user is not added as a collaborator to a robot, the robot is invisible to the user.

The ability to create a robot is controlled by a user's app-level access. For more information, see Robots app-level access.

Note

If a robot is contained in a folder, the robot role is specified at the folder level and automatically cascades to the robot.

Area Permission Robot role
Owner Editor Reviewer Developer Read-Only
Mode access development mode
access production mode
Robot

view the robots on the Robots dashboard

(robots not contained in a folder)

edit robot details
upload/commit scripts to robot
view robot collaborators
add/update/remove robot collaborators
delete robot
Task create task
run task ad hoc
enable task
disable task
edit task
delete task
view task run details
delete task run
Scripts activate script versions to production mode

Working data

Input/Output tab

or

Working data area

view list of stored tables and files
upload/export files to tab or area
delete tables or files

Results data

Task runs tab

view Analytics result tables

delete task run including results tables and files

Downloads download result package
download failed package
download scripts (included in a package)
download script versions (development mode)
download robot

Robot folder permissions in detail

A collaborator's role for a specific robot folder controls the activities that the collaborator can perform in the folder and in all the robots contained by the folder. If a user is not added as a collaborator to a folder, the folder and all the robots it contains are invisible to the user.

The ability to create a folder is controlled by a user's app-level access. For more information, see Robots app-level access.

For detailed information about robot permissions, see Robot permissions in detail.

Area Permission Robot role
Owner Editor Reviewer Developer Read-Only
Mode access development mode
access production mode
Robot folder view the robots in a folder
edit robot folder details
move robot to a folder

must also be an owner of the robot

move robot from a folder
view robot folder collaborators
add/update/remove robot folder collaborators
delete robot folder

Assign robot roles to collaborators

Note

To assign robot roles to collaborators, you must be the owner of the robot, or the robot folder.

Robots Admins are automatically a collaborator for every robot and folder, with the role of owner. This automatic assignment cannot be changed from inside a robot or folder.

If a robot is not contained in a folder, assign robot roles at the robot level. For robots that are contained in a folder, assign robot roles at the folder level. The role assignment automatically cascades to every robot in the folder.

Assign robot roles at the robot level

Note

You cannot assign roles at the robot level if the robot is in a folder.

  1. From the Launchpad home page (www.highbond.com), select the Robots app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Robots app.

  2. From the dashboard in Robots, select the tab for the appropriate robot type.
  3. Navigate to the robot that you want to manage collaborators for, and select the robot to open it.
  4. In the side panel, under Robot details, click Add collaborators or Manage.

    The Collaborators side panel opens.

  5. To manage the collaborators, do any of the following:
    • Add to add a user to the robot, click Add collaborators and select the user.

      By default, the user is added as a Reviewer. If necessary, update the user's role.

    • Update to change a user's role, select a new role from the dropdown list beside the user's name.
    • Remove to remove a user, click the X next to the dropdown list.

      Tip

      Use the search bar to filter the names in the list.

  6. When you are finished, click the X in the upper-right corner of the Collaborators side panel.

Assign robot roles at the folder level

  1. From the Launchpad home page (www.highbond.com), select the Robots app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Robots app.

  2. From the dashboard in Robots, select the tab for the appropriate robot type.
  3. Click the robot folder that you want to manage collaborators for.
  4. In the side panel, under Folder details, click Add collaborators or Manage.

    The Collaborators side panel opens.

  5. To manage the collaborators, do any of the following:
    • Add to add a user to the folder, click Add collaborators and select the user.

      By default, the user is added as a Reviewer. If necessary, update the user's role.

    • Update to change a user's role, select a new role from the dropdown list beside the user's name.
    • Remove to remove a user, click the X next to the dropdown list.

      Tip

      Use the search bar to filter the names in the list.

  6. When you are finished, click the X in the upper-right corner of the Collaborators side panel.

Robots Agent management

Any user with basic access to Robots can be assigned the permission to manage the Robots Agent. The permission is independent of any role assignment or subscription, with the exception of Launchpad System Admins with a Professional subscription, who are granted the permission by default.

Segregation of duties

If required, IT staff can be given the permission to manage the Robots Agent, while being prevented from seeing any data in Robots. For example, an IT staff member could have this Robots security profile:

  • Launchpad user type User
  • subscription Oversight
  • Robots role User
  • Manage Agent permission on
  • robot-level and folder-level access none

Scope of the Manage Agent permission

The Manage Agent permission applies to just the agent management tasks that are performed in Robots. Essentially, the permission allows or prohibits access to the Agent management page in Robots.

Tasks such as installing an on-premise Robots Agent are not affected by the Manage Agent permission.

Manage Agent permission in detail

The following tasks are allowed for users with the Manage Agent permission.

ACL Robotics edition Agent type Agent tasks allowed
Enterprise Edition on-premise Robots Agent
  • edit details (name and description)
  • register a Robots Agent (generate a registration keyfile)
  • Delete a Robots Agent registration
  • change from on-premise to cloud-based Robots Agent
Enterprise Edition cloud-based Robots Agent
  • edit details (name and description)
  • switch encoding (non-Unicode or Unicode)
  • change from cloud-based to on-premise Robots Agent
Professional Edition cloud-based Robots Agent
  • edit details (name and description)
  • switch encoding (non-Unicode or Unicode)

Assign the Manage Agent permission

Note

You must be a Robots Admin to assign the Manage Agent permission.

  1. From the Launchpad home page (www.highbond.com), select the Robots app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Robots app.

  2. In the upper-right corner, click Settings.
  3. Under Global Settings, click User management.

    All users with Professional or Oversight subscriptions appear in the user list.

  4. Next to the appropriate user, click the Manage Agent? toggle to turn it on (green = on).

    By default, the Manage Agent? toggle is off.

    Tip

    Use the search bar to filter the names in the list.

    If the Manage Agent? toggle is on and cannot be changed, the user is a Launchpad System Admin with a Professional subscription. The Manage Agent permission is automatically assigned to these users and cannot be changed in Robots.

Enable the AI Script Assistant

Note

You must be a Robots Admin to enable or disable the AI Script Assistant.

To make the AI Script Assistant available in the Robots script editor, you must first enable it on the Settings page.

  1. From the Launchpad home page (www.highbond.com), select the Robots app to open it.

    If you are already in Diligent One, you can use the left-hand navigation menu to switch to the Robots app.

  2. In the upper-right corner, click Settings.
  3. Under Global Settings, click Manage AI solutions.
  4. Click the AI Script Assistant toggle to enable (or disable) the AI Script Assistant for all Robots users.