Submitted on12-13-201908:12 AMSubmitted byNicholasPlanton12-13-201908:12 AM
At present there is a security role of Bot Author. That is fine as far as it goes. However, once a user is given the Bot Author role they can edit any bot in the entire environment. That is nowhere near enough granularity of control. The security role once applied must then be constrained by the concept of Business Unit applying in the normal way as it does in D365 Sales or Customer Service. Otherwise, as it stands, a junior person who only needs to be able to edit a small and insignificant bot must be given the same access as those who are managing a bot which might be the very lifeblood of the business or have access to confidential information such as medical records. That's crazy and drastically limits the use cases. This is because either it can't be used for business critical functions or if it is used for business critical functions it cannot be used for more trivial functions where junior citizen developers could be permitted to develop and deploy bots because it will not be possible to give them the bot author security role without jeopardising the security of the business critical bots.
... View more
Basically, for the bot to move to production, we need to ensure we can leverage AD and pass the tokens to down stream systems, but also that we can have multiple authors and permissions levels within the space for a single bot and related assets. I think someone mentioned a permissions hierarchy in another post, but it sure would be a great starting point if I could share out my bot and allow others of my choice the access to contribute directly to the bot. Thanks! Joe [msft]
... View more