Robots app permissions
A combination of four elements controls access to the Robots app, and the ability to perform various tasks in the app (permissions):
-
Diligent One system-wide user type (Launchpad user type)
-
subscription
-
Robots app role
-
robot role
| Element | Type/role options | Controls |
|---|---|---|
|
Diligent One system-wide user type (Launchpad user type) |
|
Diligent One system-wide access For detailed information, see System-wide user types and group roles (permissions) |
| subscription |
|
Broadly defined Diligent One app access For detailed information, see Managing subscriptions and licenses |
| Robots app role |
|
Robots app-level access |
| robot role |
|
|
Permissions from a user perspective
A user's Launchpad user type and subscription broadly define what they can do in Diligent One, and which apps they can access.
For app-level access to Robots, you assign a single Robots role to a user: User or Robots Admin. Robots Admins automatically have access to every robot and folder in Robots, with the greatest degree of access.
Users with the app-level User role can have multiple robot-level or folder-level roles, each of them assigned on a per-robot or a per-folder basis. This granular permissions structure means that:
-
A user can be granted access to some robots and folders and not others.
-
The degree of access for a user can differ from robot to robot, or folder to folder.
In addition to a user's app-level Robots role, a user's subscription type has implications for which robot-level or folder-level roles they can have assigned.
Note
For organizations using an on-premise Robots Agent, the app-level Robots role does not control access by Analytics users to tables on the Robots Agent server. For more information, see On-premise Robots Agent security.
Robots app-level access
Robots app-level access dictates the high-level activities that a user can perform in Robots. App-level access is controlled by the combination of:
- Launchpad user type
- subscription
- Robots role
Note
For organizations that use Robots, all users with Professional or Oversight subscriptions automatically have basic app-level access. Users with Contributor subscriptions cannot access Robots.
| Launchpad user type | Launchpad System Admin | Launchpad User | |||
|---|---|---|---|---|---|
| Subscription | Professional | Oversight | Professional | Oversight | |
| Robots role | Robots Admin * | User | Robots Admin | User | User |
| Basic app access |
|
|
|
|
|
| Access ACL robots |
|
|
|
|
|
| Access HighBond robots |
|
|
|
|
|
| Access Workflow robots |
|
|
|
|
|
| Can be a Reviewer in a robot |
|
|
|
|
|
| Can be an Editor in a robot |
|
|
|
|
|
| Can be an Owner in a robot |
|
|
|
|
|
| Automatically an Owner in all robots |
|
|
|
|
|
| Create robots |
|
|
|
|
|
| Create robot folders |
|
|
|
|
|
| Work with robots and robot folders (Specific permissions depend on the assigned robot role) |
|
|
|
|
|
| Access task sequences |
|
|
|
|
|
| Grant Robots Admin role to other users |
|
|
|
|
|
| Manage Robots Agent (Settings page) |
|
Depends on the user's Manage Agent? setting |
|||
| Manage users (Settings page) |
|
|
|
|
|
| * A Launchpad System Admin with a Professional subscription is automatically a Robots Admin with the Manage Agent permission. This automatic assignment cannot be changed in Robots. | |||||
Assign Robots app roles
Note
You must be a Robots Admin to assign app roles.
- Open the Robots app.
- In the upper-right corner, click Settings.
- Under Global Settings, click User management.
All users with Professional or Oversight subscriptions appear in the user list.
- Next to the appropriate user, select a role to assign.
By default, the User role is assigned.
Tip
Use the search bar to filter the names in the list.
If the Robots Admin role is assigned and cannot be changed, the user is a Launchpad System Admin with a Professional subscription. The Robots Admin role is automatically assigned to these users and cannot be changed in Robots.
Robot and robot folder access
A user's access to a robot, or a robot folder, is controlled by the robot role assigned to them for the specific robot or folder:
-
Owner role (most permissions)
-
Editor role
-
Reviewer role (least permissions)
At the robot level, and at the robot folder level, users are called collaborators. If a user has not been added as a collaborator to a robot or a folder, with one of the three robot roles, the robot or folder is invisible to them.
Robot access, and robot folder access, are similar. One is applied at the robot level, and the other is applied at the robot folder level.
Robot access
Robot access dictates the specific, low-level activities that a user can perform in an individual robot. Robot access is controlled, on a per-robot basis, by the robot role assigned to a user.
You assign the robot role at the robot level if the robot is not contained in a folder. If the robot is contained in a folder, you assign the role at the folder level.
Robot folder access
Robot folder access dictates the specific, low-level activities that a user can perform in an individual folder, and in all the robots contained in the folder. Robot folder access is controlled, on a per-folder basis, by the robot role assigned to a user.
The role assigned at the folder level automatically cascades to all the robots in the folder and controls access to the individual robots.
Robots Admins have access to every robot and folder
Robots Admins are automatically a collaborator for every robot and folder, with the role of owner. This automatic assignment ensures that:
- At least one user has a global view and maintenance capability for all robots and folders
- No robot or folder is left without any collaborators and becomes invisible
As an additional safeguard, a Launchpad System Admin with a Professional subscription is automatically a Robots Admin. This automatic assignment cannot be changed in Robots.
Robot roles
The robot and folder permissions associated with each robot role are summarized below. Detailed information appears in subsequent sections.
| Robot role | Permissions for the robot or folder | Required license |
|---|---|---|
| Owner |
|
Professional |
| Editor |
|
Professional |
| Reviewer |
|
Professional or Oversight |
Permissions for Workflow robots are treated differently
To access Workflow robots, you must be assigned the System Admin user type with a Professional subscription. This combination of user type and subscription provides the greatest degree of access in Diligent One, and full permissions for all actions with Workflow robots.
For any other combination of user type and subscription, Workflow robots are not accessible or even visible.
Note
The intention is that a System Admin with a Professional subscription will be able to configure tasks in Workflow robots that are triggered by Diligent One events. This functionality is still being developed and not yet available.
Robot permissions in detail
A collaborator's role for a specific robot controls the activities that the collaborator can perform in the robot. If a user is not added as a collaborator to a robot, the robot is invisible to the user.
The ability to create a robot is controlled by a user's app-level access. For more information, see Robots app-level access.
Note
If a robot is contained in a folder, the robot role is specified at the folder level and automatically cascades to the robot.
| Area | Permission | Robot role | ||
|---|---|---|---|---|
| Owner | Editor | Reviewer | ||
| Mode | access development mode |
|
|
|
| access production mode |
|
|
|
|
| Robot |
view the robots on the Robots dashboard (robots not contained in a folder) |
|
|
|
| edit robot details |
|
|
|
|
| upload/commit scripts to robot |
|
|
|
|
| view robot collaborators |
|
|
|
|
| add/update/remove robot collaborators |
|
|
|
|
| delete robot |
|
|
|
|
| Task | create task |
|
|
|
| run task ad hoc |
|
|
|
|
| enable task |
|
|
|
|
| disable task |
|
|
|
|
| edit task |
|
|
|
|
| delete task |
|
|
|
|
| view task run details |
|
|
|
|
| delete task run |
|
|
|
|
| Scripts | activate script versions to production mode |
|
|
|
|
Working data Input/Output tab or Working data tab |
view tab with list of stored tables and files |
|
|
|
| upload/export files to tab |
|
|
|
|
| delete tables or files |
|
|
|
|
|
Results data Task runs tab |
view Analytics result tables |
|
|
|
|
delete task run including results tables and files |
|
|
|
|
| Downloads | download result package |
|
|
|
| download failed package |
|
|
|
|
| download scripts (included in a package) |
|
|
|
|
| download script versions (development mode) |
|
|
|
|
| download robot |
|
|
|
|
Robot folder permissions in detail
A collaborator's role for a specific robot folder controls the activities that the collaborator can perform in the folder and in all the robots contained by the folder. If a user is not added as a collaborator to a folder, the folder and all the robots it contains are invisible to the user.
The ability to create a folder is controlled by a user's app-level access. For more information, see Robots app-level access.
For detailed information about robot permissions, see Robot permissions in detail.
| Area | Permission | Robot role | ||
|---|---|---|---|---|
| Owner | Editor | Reviewer | ||
| Mode | access development mode |
|
|
|
| access production mode |
|
|
|
|
| Robot folder | view the robots in a folder |
|
|
|
| edit robot folder details |
|
|
|
|
| move robot to a folder |
must also be an owner of the robot |
|
|
|
| move robot from a folder |
|
|
|
|
| view robot folder collaborators |
|
|
|
|
| add/update/remove robot folder collaborators |
|
|
|
|
| delete robot folder |
|
|
|
|
Assign robot roles to collaborators
Note
To assign robot roles to collaborators, you must be the owner of the robot, or the robot folder.
Robots Admins are automatically a collaborator for every robot and folder, with the role of owner. This automatic assignment cannot be changed from inside a robot or folder.
If a robot is not contained in a folder, assign robot roles at the robot level. For robots that are contained in a folder, assign robot roles at the folder level. The role assignment automatically cascades to every robot in the folder.
Assign robot roles at the robot level
Note
You cannot assign roles at the robot level if the robot is in a folder.
- Open the Robots app.
- From the dashboard in Robots, select the tab for the appropriate robot type.
- Click the robot that you want to manage collaborators for.
- In the side panel, under Robot details, click Add collaborators or Manage.
The Collaborators side panel opens.
- To manage the collaborators, do any of the following:
- Add to add a user to the robot, click Add collaborators and select the user.
By default, the user is added as a Reviewer, the role with the least permissions. If necessary, update the user's role.
- Update to change a user's role, select a new role from the dropdown list beside the user's name.
- Remove to remove a user, click the X next to the dropdown list.
Tip
Use the search bar to filter the names in the list.
- Add to add a user to the robot, click Add collaborators and select the user.
- When you are finished, click the X in the upper-right corner of the Collaborators side panel.
Assign robot roles at the folder level
- Open the Robots app.
- From the dashboard in Robots, select the tab for the appropriate robot type.
- Click the robot folder that you want to manage collaborators for.
- In the side panel, under Folder details, click Add collaborators or Manage.
The Collaborators side panel opens.
- To manage the collaborators, do any of the following:
- Add to add a user to the folder, click Add collaborators and select the user.
By default, the user is added as a Reviewer, the role with the least permissions. If necessary, update the user's role.
- Update to change a user's role, select a new role from the dropdown list beside the user's name.
- Remove to remove a user, click the X next to the dropdown list.
Tip
Use the search bar to filter the names in the list.
- Add to add a user to the folder, click Add collaborators and select the user.
- When you are finished, click the X in the upper-right corner of the Collaborators side panel.
Robots Agent management
Any user with basic access to Robots can be assigned the permission to manage the Robots Agent. The permission is independent of any role assignment or subscription, with the exception of Launchpad System Admins with a Professional subscription, who are granted the permission by default.
Segregation of duties
If required, IT staff can be given the permission to manage the Robots Agent, while being prevented from seeing any data in Robots. For example, an IT staff member could have this Robots security profile:
- Launchpad user type User
- subscription Oversight
- Robots role User
- Manage Agent permission on
- robot-level and folder-level access none
Scope of the Manage Agent permission
The Manage Agent permission applies to just the agent management tasks that are performed in Robots. Essentially, the permission allows or prohibits access to the Agent management page in Robots.
Tasks such as installing an on-premise Robots Agent are not affected by the Manage Agent permission.
Manage Agent permission in detail
The following tasks are allowed for users with the Manage Agent permission.
| ACL Robotics edition | Agent type | Agent tasks allowed |
|---|---|---|
| Enterprise Edition | on-premise Robots Agent |
|
| Enterprise Edition | cloud-based Robots Agent |
|
| Professional Edition | cloud-based Robots Agent |
|
Assign the Manage Agent permission
Note
You must be a Robots Admin to assign the Manage Agent permission.
- Open the Robots app.
- In the upper-right corner, click Settings.
- Under Global Settings, click User management.
All users with Professional or Oversight subscriptions appear in the user list.
- Next to the appropriate user, click the Manage Agent? toggle to turn it on (green = on).
By default, the Manage Agent? toggle is off.
Tip
Use the search bar to filter the names in the list.
If the Manage Agent? toggle is on and cannot be changed, the user is a Launchpad System Admin with a Professional subscription. The Manage Agent permission is automatically assigned to these users and cannot be changed in Robots.
Enable the AI Script Assistant
Note
You must be a Robots Admin to enable or disable the AI Script Assistant.
To make the AI Script Assistant available in the Robots script editor, you must first enable it on the Settings page.
- Open the Robots app.
- In the upper-right corner, click Settings.
- Under Global Settings, click Manage AI solutions.
- Click the AI Script Assistant toggle to enable (or disable) the AI Script Assistant for all Robots users.
