At present there is a security role of Bot Author. That is fine as far as it goes. However, once a user is given the Bot Author role they can edit any bot in the entire environment. That is nowhere near enough granularity of control. The security role once applied must then be constrained by the concept of Business Unit applying in the normal way as it does in D365 Sales or Customer Service. Otherwise, as it stands, a junior person who only needs to be able to edit a small and insignificant bot must be given the same access as those who are managing a bot which might be the very lifeblood of the business or have access to confidential information such as medical records. That's crazy and drastically limits the use cases. This is because either it can't be used for business critical functions or if it is used for business critical functions it cannot be used for more trivial functions where junior citizen developers could be permitted to develop and deploy bots because it will not be possible to give them the bot author security role without jeopardising the security of the business critical bots.