Question
Pegasystems Inc.
JP
Last activity: 13 Feb 2019 17:25 EST
Robot activities audit with Non-Human credentials in RPA environment
If we follow the best practice, each robot in RPA environment would have a machine name as Pega operator ID.
However, there is more rigid requirement which we might have to address.
The requirements are;
- The respective robot user IDs should not be anonymous. The ID should stand for which organization, which purpose. Ideally the ID should be associated with Human operator ID.
- Once robots are configured in VM and go-live, each robot ID and environment should be secured.
- The audit log should be recorded precisely and can be submitted to any governmental agency.
Please share with us your idea how we should address these requirements or past case study you experienced.
Thanks,
If we follow the best practice, each robot in RPA environment would have a machine name as Pega operator ID.
However, there is more rigid requirement which we might have to address.
The requirements are;
- The respective robot user IDs should not be anonymous. The ID should stand for which organization, which purpose. Ideally the ID should be associated with Human operator ID.
- Once robots are configured in VM and go-live, each robot ID and environment should be secured.
- The audit log should be recorded precisely and can be submitted to any governmental agency.
Please share with us your idea how we should address these requirements or past case study you experienced.
Thanks,
Nobuyuki Tateno
Accepted Solution
Pegasystems Inc.
US
Let's go through these requirements one by one:
- The respective robot user IDs should not be anonymous. The ID should stand for which organization, which purpose. Ideally the ID should be associated with Human operator ID.
You are right - robot should not use anonymous ID to log on to business applications. The format of IDs used by robot is limited by the requirements to the IDs dictated by the systems which the robot need to access. For example some legacy systems require IDs just 5 characters long - in this case you would need to accept some convention and encode required information (organization, purpose, robot instance etc) into these 5 characters. Other systems support SSO and in this case you need to encode the same information in the Windows ID. Also consider giving meaningful names to the VMs or desktops where Robotic Runtime is installed - machine name is used by robot to register at Robot Manager and can be used by you to audit the cases processed by the robot installed on the certain VM/desktop.
- Once robots are configured in VM and go-live, each robot ID and environment should be secured.
Let's go through these requirements one by one:
- The respective robot user IDs should not be anonymous. The ID should stand for which organization, which purpose. Ideally the ID should be associated with Human operator ID.
You are right - robot should not use anonymous ID to log on to business applications. The format of IDs used by robot is limited by the requirements to the IDs dictated by the systems which the robot need to access. For example some legacy systems require IDs just 5 characters long - in this case you would need to accept some convention and encode required information (organization, purpose, robot instance etc) into these 5 characters. Other systems support SSO and in this case you need to encode the same information in the Windows ID. Also consider giving meaningful names to the VMs or desktops where Robotic Runtime is installed - machine name is used by robot to register at Robot Manager and can be used by you to audit the cases processed by the robot installed on the certain VM/desktop.
- Once robots are configured in VM and go-live, each robot ID and environment should be secured.
After go-live access to the VM must be restricted to Robotic ID and Administrator. At the same time you must keep the VM screen unlocked (read the PDN article regarding this https://docs-previous.pega.com/robotic-process-automations-and-screen-locking). All business applications passwords used by the robot must be stored in the Credential Store that uses Windows DPAPI underneath (read more about that here https://docs-previous.pega.com/pega-rpa/pega-robotic-automation-credential-store).
- The audit log should be recorded precisely and can be submitted to any governmental agency. You can use the following logging:
- Runtime logs - runtime logs are written by runtime and stored locally on the machines where runtime is installed. You can adjust log levels for different adapters and for the whole solution in the RuntimeConfig.txt. Read through this thread for more information about Runtime Logs - https://collaborate.pega.com/question/pega-robotics-studio-8-generational-logging
- Robot Manager logs the information which case has been touched by which robot instance. This information is available in the Robot Manager UI, but you have to leverage Platform functionalities to export the log.
- You can build an automation to write a custom log to DB or file. Again this log will be written by runtime.