About Governance

To ensure Studio users adhere to development standards and comply with certain rules, organizations can enforce governance policies that control Studio functionalities.

You can enforce governance policies in one of the following ways:

• Create and deploy policies from UiPath Automation Ops, an easy-to-use web application available in Automation Cloud.
• Use a file-based governance model that consists of creating a JSON policy file and deploying the file locally, externally, or via Orchestrator.

This page documents the file-based governance model. For information on how to deploy policies from Automation Cloud, see the Automation Ops Guide.

The current capabilities are:

• enforce per Studio, Studio Pro, or StudioX, and any combination thereof.
• restrict usage of package feeds from the Manage Packages window and Backstage View> Settings > Manage Sources.
• enforce organizational development standards using Workflow Analyzer rules.
• enforce several design and location settings.
• disable Send Feedback functionality.

Watch the following video for an overview of the governance capabilities available in Studio and a demo of how to use them in StudioX.

To enforce a governance policy, start by generating a governance file from Studio, then configure the file using the parameters it contains, and apply the policy in one of the following ways:

• Using a local file (for testing purposes) - Place the governance file in the Roaming folder on the machine where Studio is installed.
• Using an external file (for large deployments) - Place the governance file at a path (for example, an HTTP/HTTPS server) referenced by either a registry key or an asset in Orchestrator.
• Using an asset in Orchestrator - Copy the contents of the governance file to an asset in Orchestrator.

Generate the Governance File

The first step in enforcing development standards in your organization is to generate a governance file from Studio or manually create a similar file that would incorporate all or part of the capabilities we listed above.

🚧

Important!

The governance file must be of type .config with the following name uipath.policies.config.

To generate a governance file with your current configuration from Studio, go to the Backstage view > Help tab, and select Generate Governance File. The exported file can be shared across your team.

📘

Note:

If Studio is connected to a Cloud Orchestrator, you are prompted to select whether to generate a Classic or a Modern policy. Select the classic option for the file-based governance model. The modern option generates policies that you can then import in Automation Ops for an easy migration to that model.

Use the button below to download the sample that includes all Workflow Analyzer rules. Modify the sample to fit your organization's needs.

Please bear in mind that if you have installed UiPathStudioSetup.exe, you need to change the path to the Local feed to C:\Users\CurrentUser\AppData\Local\UiPath\app-Studio_version.

Configure the Governance File

File Version and File Label

Governance files may have different versions and a custom name.

{
    "Metadata": {
        "Version": "1.0"
    },
    "Info": {
        "Name": "Sample Policy Registry Key"
    }
}

Studio Profiles and Send Feedback

The governance file may contain policies for Studio, Studio Pro, and StudioX users, however, these must be structured per profile. Policies for Studio must be separated from those for StudioX, and from those for Studio Pro, as in the example below:

{
    "Profiles": {
        "Development": {
            "Shell": {
                "IsFeedbackEnabled": true,
                "HideGettingStartedScreen": false
            },
            "PackageManager": {},
            "Analyzer": {}
        },
        "Business": {
            "Shell": {
                "IsFeedbackEnabled": true,
                "HideGettingStartedScreen": false
            },
            "PackageManager": {},
            "Analyzer": {}
        },
        "StudioPro": {
            "Shell": {
                "IsFeedbackEnabled": true,
                "HideGettingStartedScreen": false
            },
            "PackageManager": {},
            "Analyzer": {}
        }
    }
}

Usage of Package Sources

Accessing, adding or removing package sources may be restricted per Studio, StudioX, Studio Pro or any combination of the three, using the governance file.

{
    "PackageManager": {
        "AllowAddRemoveFeeds": false,
        "AllowEnableDisableFeeds": false,
        "AllowOrchestratorFeeds": true,
        "Feeds": [{
                "Name": "Organization Internal Feed",
                "Source": "https://[company].pkgs.visualstudio.com/_packaging/nuget-packages/nuget/v3/index.json",
                "IsEnabled": true
            },
            {
                "Name": "Official",
                "Source": "https://www.myget.org/F/workflow/",
                "IsEnabled": true
            }
        ]
    }
}

If the "AllowAddRemoveFeeds" and "AllowEnableDisableFeeds" parameters are set to true, the user may modify feeds available in the Package Manager. If any changes are made, they are persisted when Studio is restarted.

If the "AllowOrchestratorFeeds" parameter is set to true and the Robot is Connected to Orchestrator, users cannot disable the default Orchestrator feeds.

Feeds that are defined in the governance file are added to the Default package sources section in the Manage Packages window and the user can add the custom feeds (if provided with the required rights in the governance file) to the User defined package sources section.

Studio Settings

Configure settings found in Home (Studio Backstage View) > Settings. For more information, see Configuring Studio Settings.

{
      "SourceControl": {
        "CheckInBeforePublishParam": {
          "AllowEdit": false,
          "Value": false
        }
      },
      "Workflow": {
        "DefaultProjectLanguageParam": {
          "Value": VisualBasic,
          "AllowEdit": false
        },
        "DockedAnnotationsParam": {
          "AllowEdit": false,
          "Value": true
        },
        "IsCollapsedViewSlimParam": {
          "AllowEdit": false,
          "Value": false
        },
        "AnalyzeOnPublishParam": {
          "AllowEdit": false,
          "Value": false
        },
        "AnalyzeOnRunParam": {
          "AllowEdit": false,
          "Value": false
        },
        "AnalyzeRpaXamlsOnlyParam": {
          "AllowEdit": false,
          "Value": false
        },
        "AdditionalAnalyzerRulePathParam": {
          "AllowEdit": false,
          "Value": null
        },
        "DefaultProjectFolderParam": {
          "AllowEdit": false,
          "Value": null
        },
        "DefaultProcessPublishUrlParam": {
          "AllowEdit": false,
          "Value": null
        },
        "DefaultLibraryPublishUrlParam": {
          "AllowEdit": false,
          "Value": null
        },
        "DefaultTemplatePublishUrlParam": {
          "AllowEdit": false,
          "Value": "C:\\Users\\username\\Documents\\UiPath\\.templates"
        },
        "ModernBehaviorParam": {
          "AllowEdit": false,
          "Value": false
        },
        "ObjectRepositoryEnforcedParam": {
          "AllowEdit": false,
          "Value": false
        }
      },
}

Two parameters are available for each option:

• "AllowEdit" - Indicate whether or not users are allowed to change the default setting configured by the governance file (true to allow, false to deny).
• "Value" - Indicate the default setting, as described in the following tables.

Under "SourceControl":

Under "Workflow":

Under "ObjectBrowser":

Workflow Analyzer Rules

The Workflow Analyzer is the tool for verifying if projects meet development standards. Using the governance file, organizations can enforce custom rules pertaining to their needs across all projects, in a centralized manner.

Remarks

• The custom ruleset can be defined beforehand in a separate file of type .json, and delivered through a dll external assembly or custom activity pack. Read more about Building Custom Rules for Workflow Analyzer.
• The governance file can't deliver credentials, which means secure feeds aren't supported.
• If a custom ruleset is enforced, then users cannot make any changes to Workflow Analyzer rules.
• If a custom ruleset was not referenced or embedded in the governance file, the Workflow Analyzer default rules are used. If the "Analyzer" section is not mentioned, governance for Workflow Analyzer is not enforced. If the section is mentioned, even if it's empty, then the management of rules is disabled in Studio.
• When enforcing governance, rules built-in Studio or UiPath activity packages are disabled by default unless otherwise mentioned in the governance file or custom ruleset.

Enforcing Rules

There are two ways to manage the custom ruleset in the uipath.policies.config governance file:

1. Point to the ruleset located at one of the following paths:

• on the local machine;
• shared on a network server or machine, identifiable by the UNC path;
• in shared blob storage, identifiable via the http(s) path.

2. Embed the custom ruleset by enabling or disabling rules, mentioning their IDs, parameters, error levels.

All custom rules must be referenced or added in the "Analyzer" section. Rules and counters must be split into their own sections, as illustrated below:

{
    "Analyzer": {
    "AllowEdit": false,
        "ReferencedRulesConfigFile": null,
        "EmbeddedRulesConfig": {
            "Rules": [
        {
                    "Id": "ST-NMG-001",
                    "IsEnabled": false,
                    "Parameters": [{
                        "Name": "Regex",
                        "Value": null
                    }],
                    "ErrorLevel": "Error"
                }
            ],
            "Counters": [{
                "Id": "ST-ANA-009",
                "IsEnabled": true,
                "Parameters": []
            }]
        }
    }
}

1 - Since counters don't have parameters, use [].

If the "AllowEdit" parameter is set to true, the user may modify rules available in the Workflow Analyzer settings window. If any changes are made, they are persisted when Studio is restarted.

Enforce the Governance Policy

Using a Local File

If stored locally, the governance file must be located at the following path: %AppData%\UiPath.

Using an External File

If stored externally, the path to the policy file must be defined using the Windows Registry or an Orchestrator asset:

To define the file path using the Windows Registry:

1. Open Registry Editor on the machine where Studio is installed.
2. Locate the following registry key: Computer\HKEY_CURRENT_USER\Software\UiPath and hit Enter.
3. In the Registry Editor, right-click and select New > String Value. Type in the GovernanceSource name for the new value. Do not use another name for the value!
4. Double-click the GovernanceSource string to edit. In the Value data field add the path to the uipath.policies.config file, and click OK.

The registry key should look like this:

To define the file path using an Orchestrator asset:

1. In Orchestrator, select Tenant > Folders and add a new folder named uipath.settings.config.
2. Assign the users for which to enforce the governance policy to the folder.
3. In the uipath.settings.config folder, create a new asset and configure it as follows:
   • Asset name - uipath.studio.governancesource.
   • Type - Text.
   • Global Value - Select this option and enter the full path to the uipath.policies.config file in the text box.
     Optionally, you can apply different policies to different users by adding per-user values with paths to different files.
     Note: Enforcing policies per user currently works only if Studio is connected to Automation Cloud Orchestrator.

Using an Orchestrator Asset

1. In Orchestrator, select Tenant > Folders and add a new folder named uipath.settings.config.
2. Assign the users for which to enforce the governance policy to the folder.
3. In the uipath.settings.config folder, create a new asset and configure it as follows:
   • Asset name - uipath.studio.governancepolicy.
   • Type - Text.
   • Global Value - Select this option and paste the entire contents of the uipath.policies.config file in the text box.
     Optionally, you can apply different policies to different users by adding per-user values and pasting different parameters.
     Note: Enforcing policies per user currently works only if Studio is connected to Automation Cloud Orchestrator.

📘

Note:

Enforcing a governance policy using an Orchestrator asset that references the file path or holds the contents of the file requires Orchestrator v2020.10 or later.

Applying and Precedence

When a policy is defined, it is applied after Studio is restarted.

A message appears in the Workflow Analyzer settings window, Send Feedback window, in the Settings tab in Backstage View,, and in the Manage Packages window.

Studio applies the governance policy using the following order of precedence: Automation Ops > uipath.studio.governancepolicy > uipath.studio.governancesource > Registry key > local file.

If the governance policy is removed for the user, settings that were enforced through the governance file are persisted as defaults. However, now the user has the option to modify settings that were restricted when the governance policy was in place.