- Release Notes
- Getting Started
- Governance
- Logging
Configure a Governance Policy
For each policy you create or edit, you must configure general policy details and the product settings to enforce.
The product settings are organized on different tabs depending on the area they apply to. After you configure a policy, click Save on the lower-right corner of the page to apply the changes.
Configure the following general settings for the policy:
- Policy name - Edit the policy name. Use a unique name that makes the policy easily distinguishable.
- Availability (days) - How long to apply a cached policy when the governed product fails to connect to Automation Ops™. The default value is 30 days.
-
Priority - A number that determines the order of precedence when multiple policies are set at group level for the same user. The policy with the lowest priority value is applied first.
The dropdown lists the priorities currently set for existing policies for the same product. Selecting a priority that is currently set for another policy automatically decreases the priority of that policy and all other policies below it by 1.
- Description - Enter a few details about the policy.
This page documents the settings available for StudioX, Studio, and Studio Pro policies. Unless stated otherwise, the settings are available in all template versions and for all Studio profiles.
Select the Design tab to configure settings found in Home (Studio Backstage View) > Settings > Design.
- To govern a setting, select the check box or toggle next to it.
- To allow Studio users to edit a setting, select Allow users to override. This makes the setting from the policy the default, but allows users to change it. By default, overriding in Studio is not allowed.
Save and Publish
- Enforce Analyzer before Publish - Select Yes to prohibit publishing projects with Workflow Analyzer errors.
- Enforce Analyzer before Push/Check-In - Select Yes to prohibit sending projects with Workflow Analyzer errors to remote repositories.
- Enforce Analyzer before Run - Select Yes to prohibit running and debugging files or projects with Workflow Analyzer errors.
- Analyze RPA XAML Files Only - Select Yes to exclude XAML files with test cases from analysis when running the Workflow Analyzer for a project. This setting applies when the analyzer is triggered manually, as well as when it is enforced and triggered automatically before running/debugging a project and publishing test cases or a project.
- Enforce Check-In before Publish - Select Yes to restrict publishing projects added to source control repositories when they have local changes.
- Use “Smart File Paths” (For StudioX policies only) - Select Yes to enable the use of relative paths instead of absolute paths for file locations from the user profile folder so they work when shared with other users.
- Enable AI activity suggestions (For Studio X policies only) - Select Yes to enable AI activity suggestions in the Add activity search bar. If this option is enabled, when the activity search bar opens, Studio sends information about the current context to a UiPath® AI service that suggests activities to add based on the location in the workflow from which the search bar was opened.
- Export Analyzer results (For Studio policies only) - Select Yes to export the results of each workflow analysis to a JSON file in the project folder.
- Enforce Release Notes (For Studio policies only) - Select Yes to make the Release Notes field mandatory when publishing a project.
- Enable discovered activities - Select Yes to show all official activities packages that can be installed in a project.
- The Enable AI activity suggestions, Export Analyzer results, and Enforce Release Notes settings are available starting with the 21.10.0 policy template version.
- The Enable discovered activities setting is available starting with the 23.4.0 policy template version.
Design Style
-
Default language - Select the default language to use for expressions in new projects (VisualBasic or C#). Users can select a different language than the default when creating a new project.
In Studio versions prior to 2021.10, this setting applies only to the Studio Pro profile. In Studio 2021.10 and later versions, this setting applies only to the Studio profile.
- Create docked annotations - Select the default way in which annotations are added to activities: Select Yes for docked inside the activity, or No for floating next to the activity.
- Use Modern for new projects - Select Yes to enable a modern experience of working with UI Automation for new projects, with new and improved activities, recorders, and wizards. For more information, see Modern Design Experience.
- Slim View for Collapsed Activities - Select Yes to reduce the space collapsed activities take up by enabling a view that only displays the title bar.
- Default compatibility - Select the default target framework to use when creating a project in the Studio profile: Windows - Legacy, Windows, or Cross-platform.
- Allowed compatibility frameworks - Select the target frameworks that are allowed when when creating or opening a project in the Studio profile: Windows - Legacy, Windows, or Cross-platform.
- Connections service for new projects - Select Yes to use the Integration service as the default way to manage connections in all activities that support it. When enabled, the activities in the GSuite, Mail. and Office 365 packages that support this feature default to using Integration service connections for authentication.
- Show deprecation banner for legacy projects - Select yes to control the visibility of the message that is displayed at the top of the window when opening a Windows - Legacy project.
- The Default compatibility and Allowed compatibility frameworks settings are available starting with the 21.10.0 policy template version.
- The Enforce Analyzer before Push/Check-In setting is available starting with the 22.4.0 policy template version.
- The Show deprecation banner for legacy projects setting is available starting with the 22.10.5 policy template version.
Select the General tab to configure settings found in Home (Studio Backstage View) > Settings > General.
- To govern a setting, select the check box or toggle next to it.
- To allow Studio users to edit a setting, select Allow users to override. This makes the setting from the policy the default, but allows users to change it.
The following settings are available:
- Send anonymous UI Descriptors - Select Yes to enable the sending of anonymous UI descriptors created using the Object Repository.
Select the Feature Toggles tab to control settings that are not available in the Studio UI and can only be configured using governance policies, such as setting a limit for the number of consecutive runs that can be triggered from StudioX, hiding certain activities from StudioX users, or enabling the collection of usage data in Application Insights in your organization's Azure portal.
General Settings
- Allow users to send feedback - Select Yes to enable the Send feedback form that users can access from the Studio title bar. This option is enabled by default.
- Hide Getting Started screen - Select Yes to hide the welcome screen with links to the UiPath® Academy, an introduction video, and tutorials that is displayed when users open Studio. Even if you don't hide this screen, users can still hide it after it is first displayed. This option is not enabled default.
- Publish applications metadata - Select Yes to track what external applications and URLs are targeted by an automation.
Control What Activities Are Available (StudioX Policies Only)
The following settings enable you to prevent the use of certain activities in StudioX:
- Show “Developer Panel” - Select Yes to allow enabling the Show Developer filter in the Activities panel which gives users access to activities that were not designed for StudioX.
- Activities to hide - Enter a list of activities that you want not to be available to users. Add the activity namespaces (e.g.
UiPath.Excel.Activities.Business.WriteRangeX
) separated by comma (,
). The activities added to this list are hidden in all projects where the package they are included in is installed as a dependency.
Collect Telemetry Data
If you want to monitor and analyze what users in your organization are doing in Studio, you can set up an Application Insights resource in your Azure portal and configure Studio to send telemetry data to it. To enable this feature, simply enter the instrumentation key of your Application Insights instance in the Application Insights target text box.
For more information about the telemetry data that is sent to Application Insights and how you can use it, see Governance in the Studio guide.
Prevent Production Runs (StudioX Policies Only)
The following settings enable you to limit the number of consecutive runs that can be triggered from StudioX for a project that has no changes, and to configure logging settings for events where the limit is exceeded.
- Permitted consecutive runs with no change - Maximum number of consecutive times a project without changes can be run from Studio.
- Dialog message prompts for users - Message to display to the user in a dialog box when the allowed number of consecutive executions is exceeded. The dialog box prompts the user to either publish the project or cancel the execution.
- Queue name to store the run count - Orchestrator queue in which to log information when the allowed number of consecutive executions is exceeded. The following information is logged for each event: username, project name, hash of the main XAML file, and timestamp from the local machine.
- Folder location of the queue - Orchestrator folder containing the queue in which to save the records.
Select the Manage Sources tab to configure the following settings related to package sources:
- Allow users to add or remove feeds - Select whether to allow users to add and remove package sources. This option is not enabled by default.
- Allow users to enable or disable feeds - Select whether to allow users to enable and disable package sources. This option is not enabled by default.
- Append Orchestrator feeds - Select whether to automatically enable the Orchestrator Tenant (available if the tenant libraries feed is enabled in Orchestrator) and Orchestrator Host feeds in Studio. This option is enabled by default.
-
Configure which package sources are available in Studio. The Official and Connect (Marketplace) feeds are added by default.
-
To add a new feed, click Add another, provide the following information, and then click Save:
- Select whether to enable or disable the feed.
- Enter the name of the feed.
- Enter the source URL.
- To edit a feed, click Edit next to it.
-
To remove a feed, click Delete next to it.
-
Select the Workflow Analyzer tab to configure which Workflow Analyzer rules to enable, set the action, and configure parameters. The rules that are enabled by default in each Studio profile are also enabled by default in the policies for that profile, together with their default parameters, if applicable. For more information, read about the Workflow Analyzer in the Studio and StudioX guides.
General Workflow Analyzer Settings
- Allow users to override - If enabled, users are allowed to make changes to Workflow Analyzer settings. This option is not enabled by default.
-
Referenced or embedded - Select how to define the settings for Workflow Analyzer rules and counters in the policy:
- Referenced - Define the settings using a JSON file configured similarly to the RuleConfig.json file. If you select this option, indicate the full path to the file in the Referenced Rules file box. The location must be accessible from the Studio machines.
- Embedded - Define the settings using the options on the policy page. This is the default option.
Manage Workflow Analyzer Rules
If you selected the Embedded option:
- To add a new rule, click Add another.
- To edit a rule, click Edit next to it.
- To remove a rule, click Delete next to it.
Configure Workflow Analyzer Rules
For each rule, configure the following options, and then click Save to apply the changes:
- Is enabled - Select whether to enable the rule.
- Code - Enter the rule code.
- Default action - Select the default action of the rule: Error, Warning, Info, or Verbose.
-
Parameters - Configure the rule parameters:
- To add a new parameter, click Add another.
- To edit a parameter, click Edit next to it.
-
To remove a parameter, click Delete next to it.
For each parameter, configure the following options, and then click Save to apply the changes:
- Name - Enter the parameter name.
-
Use default value - Select this option to use the parameter value available by default in Studio. To use a custom value, deselect this option and enter the value in the provided text box.
To find out how to configure the default Workflow Analyzer rules, read about the rules included in Studio, the UiPath.UIAutomation.Activities, UiPath.Excel.Activities, and UiPath.Mail.Activities packages.
Select the Location tab to configure settings found in Home (Studio Backstage View) > Settings > Locations.
- To govern a setting, select the check box or toggle next to it, and then use the provided text box to enter the location. If no location is provided, the default location in Studio is used.
- To allow Studio users to edit a setting, select Allow users to override. This makes the setting from the policy the default, but allows users to change it.
The following location settings are available:
- Project path - The default location where projects are created.
- Publish process URL - The default location where processes are published when the custom feed option is selected.
- Publish library URL - The default location where libraries are published when the custom feed option is selected.
- Publish project templates URL - The default location where project templates are published when the custom feed option is selected.
- Workflow Analyzer Rules Location - The path to the folder from which to add custom Workflow Analyzer rules to Studio.
Select the Team tab to configure and enforce allowed repositories for working with Git source control.
Configure the following:
- Allow saving a project locally (For StudioX policies only) - Select True to allow users to save projects on their machine outside of local repositories. When set to False, users can't select This PC as the location when creating a new project in StudioX.
- Allow editing locations of source control repositories - Select True if you want users to be able to edit the repository locations they use for their projects. Select False if you want only the allowed repositories to be available to users.
-
Create a list of allowed repositories. For each location you want to add to the list, select Add location, provide the following information, and then click Save to apply the changes:
- Repository name - Enter a name for the repository.
- Repository URL - Enter the URL of the repository. Adding a base URL (e.g.
https://github.com/MyOrg/
) allows the use of repositories with child URLs (e.g.https://github.com/MyOrg/RPA
). - Default repository folder (For StudioX policies only) - Optionally, enter a default folder for the location.
When adding locations, take into account that:
- Any strings placed between
%
in the name and URL fields are interpreted as environment variables on the user machines. For example, this allows you to create repositories for each user named with the same pattern as the Windows username (e.g.first_name.last_name
), and then use the%username%
variable for both the name (e.g.%username%'s Repo
) and URL (e.g.https://github.com/MyOrg/%username%
). - All spaces in the URL field are replaced with hyphens (
-
). Using the previous example with%username%
, if usernames contain a space (first_name last_name
), the URL resolves tofirst_name-last_name
.
This page describes the settings available for Assistant policies.
On the Widgets tab, you can configure settings that control user access to widgets. Widgets are plugins that add functionality to the Assistant. The following widgets are added by default:
- UiPath.Apps.Widget
- UiPath.Marketplace.Widget
- UiPath.AutomationStore.Widget (available starting with the Assistant 21.10 template version)
The following settings are available:
- Allow custom widgets - Select whether to allow users to add their own custom widgets. This option is enabled by default.
- Use official feeds - Select whether to enable the official UiPath® widgets feeds for downloading widgets, in addition to the Orchestrator feed. If this option is not enabled, only the Orchestrator Library Feed is available. This option is enabled by default.
-
To add a new widget, click Add another, provide the following information, and then click Save:
- Select whether to enable or disable the widget.
- Enter the name of the widget NuGet package.
- Enter the widget version.
- To edit a widget, click Edit next to it.
- To remove a widget, click Delete next to it.
Runtime analyzer rules verify that processes adhere to organization policies when executed by robots. Runtime rules are included in activity packages and apply to certain activities in those packages. The robot retrieves the configured runtime rules and each one is verified when an activity that requires it is executed.
On the Runtime Analyzer tab, you can select which runtime rules to enable, set the rule actions, and configure rule parameters. The rules are configured similarly to how you configure Workflow Analyzer rules.
Automation Ops™ comes with the following default runtime rules:
- RT-UIA-001 (App/Url Restrictions) - Allows you to define a list of allowed / blocked applications or URLs for the activities in the UI Automation activities package.
- RT-OUT-001 (Email Blocklist) - Allows you to define addresses to which emails cannot be sent by activities from the GSuite, Mail. and Office 365 activities packages.
By default, the rules are enabled but no parameters are defined. The action is set to Error, which means that when a rule violation is detected, an error is thrown and the execution stops.
Runtime governance is not enabled by default. A banner is displayed at the top of Automation Ops™ pages informing you that the feature is disabled. Click Enable in the banner to enable the runtime analyzer.
You can also enable/disable runtime governance using the following API requests:
POST "[environment_URL]/{organizationName}/roboticsops_/api/Product/Robot/enable"
-H "Authorization: Bearer {token}"
POST "[environment_URL]/{organizationName}/roboticsops_/api/Product/Robot/disable"
-H "Authorization: Bearer {token}"
You can retrieve the token from the browser developer tools. In Google Chrome:
- Open Developer Tools from an Automation Ops™ page and select Application.
- Under Storage, select Local Storage and then the application (e.g. cloud.uipath.com).
- Locate the token key and copy its value.
The rule checks whether any restricted applications or web pages are used in the project. Restrictions are set by defining lists of either allowed or blocked applications and URLs using the available parameters. The rule checks both local and remote applications (for example, applications automated over RDP connections).
To define the applications and/or URLs that are allowed, use the following parameters:
- whitelistApps - Execution is allowed only for the applications that are on this list.
- whitelistUrls - Execution is allowed only for the URLs that are on this list.
To define the applications and/or URLs that are prohibited, use the following parameters:
- blacklistApps - Execution is allowed for all the applications that are not on this list.
- blacklistUrls - Execution is allowed for all the URLs that are not on this list.
If both prohibited and allowed lists are set up for the same scope (applications or URLs), the allowed list takes precedence.
Configuring Restrictions
Specify a list of URLs / application names separated by comma (,) or semicolon (;). If multiple items are specified, they are all verified.
*
and ?
wildcard characters to define patterns. For example:
*uipath*.exe
- blocks all executable files with names that start withuipath
.*www.uipath*.com
- blocks all URLs that start withuipath
, regardless of the protocol used.
What the Rule Verifies
For both modern and classic activities, the rule verifies at execution time each target UI element found using the defined selector or an input UI element.
The rule checks all the activities from the Mail, Office365, and GSuite packages that send, reply, or forward emails, send notifications, create events or send calendar invites, and verifies that the emails are not sent to recipients added to the email blocklist.
- UiPath.GSuite.Activities v1.11.3
- UiPath.Mail.Activities v1.12.2
- UiPath.Office365.Activities v1.11.1
Configuring restrictions
Using the EmailRegex parameter, specify a pattern for the email addresses that are not allowed using a regular expression.
For example:
.*@uipath.com
- blocks all emails sent to addresses with the uipath.com domain..*@(?!uipath\.com$)
- blocks all emails except those sent to addresses with the uipath.com domain.
What the Rule Verifies
The rule verifies all the properties that indicate email recipients in the following activities that can send emails:
- Mail package:
- Integrations (StudioX) activities - Send Email, Forward Email, Reply To Email, Send Calendar Invite
Note: The rule does not apply when activities save messages as drafts rather than sending them.App Integration activities - Send Exchange Mail Message, Send IBM Notes Mail Message, Send Outlook Mail Message, Reply To Outlook Mail Message
- Integrations (StudioX) activities - Send Email, Forward Email, Reply To Email, Send Calendar Invite
- GSuite package - Send Mail Message, Create Event, Add Attendee, Share File, Delete Event, Modify Event
- Office 365 package - Send Mail, Reply to Mail, Forward Mail, Add Attendee, Share File/Folder
For each default rule, you can configure the following options:
- Enabled - Select this option to enable the rule.
- Action - Set the action of the rule: Error,Warning,Info, or Verbose. The default action is Error.
- Parameters - To edit a parameter, click Edit next to it and then deselect the Use default value option to configure restrictions in the Value box.
- Policy Details
- Product Settings
- Settings for Studio Policies
- Design
- General
- Feature Toggles
- Manage Sources
- Workflow Analyzer
- Location
- Team
- Settings for Assistant Policies
- Widgets
- Settings for Robot Policies
- Runtime Analyzer
- Enable Runtime Governance
- RT-UIA-001 - App/Url Restrictions
- RT-OUT-001 - Email Blocklist
- Configure Runtime Rules