Access Controls

There are many aspects of access which need to be considered in any RPA deployment. The primary purpose of this page is to discuss access controls for Blue Prism itself, however, it is also worth noting the other access requirements needed in any Digital Worker implementation:

Target System Access Model​ 

  • Defines how Blue Prism Digital Workers and Developers will access target systems​ 
  • Access may be via Single Sign-On so influenced by Windows Access Model​ 
  • Requirement for digital worker credentials management policy​ 

Windows Access Model​ 

  • Defines how the digital worker will access Windows​ 
  • Who will manage the Windows credentials – Operations Team or Digital Workers?​ 
  • Infrastructure considerations if Login Agent is required ​ 

Environment Access Model​ 

  • Defines how the production VDI's will be accessed​ 
  • Access requires console software with audit trail​ 
  • Access to be controlled and limited to specific users and specific VDI’s​ 

The Logical Access Model 

The creation and maintenance of a Logical Access Model (LAM) for Blue Prism access in an organisation is imperative due to the following reasons:  

  • Promotes the segregation of duties and prevents an “everybody admin” scenario, while defining clear responsibilities within Blue Prism across all environments 
  • The LAM is a documented record of the users or teams that have access to Blue Prism functionality  
  • The LAM can be used to check that the permissions or access rights applied within Blue Prism match what is defined in the LAM 
  • The LAM is a documented record of user or team access in Blue Prism that can be reviewed by the Governance Board  
  • Provides an offline overview of the permissions or access rights to Blue Prism, without the need to manually access each Blue Prism environment one by one  
  • Offers the opportunity to align the Blue Prism LAM  to the security policies and standards in your organisation and to enforce the security requirements  
  • Provides a documented reference useful for audit purposes and incident management 

Creating/Updating the Logical Access Model

Blue Prism recommends each organization creates and implements their own Logical Access Model immediately after a Blue Prism environment is created. This should be included as part of any Blue Prism environment set-up.  

The default user roles defined within the product should be replaced with user roles defined by the organization’s own Logical Access Model (LAM), derived from the Robotic Operating Model (ROM). This action should be carried out for each Blue Prism environment, with the differences in permission requirements i.e. Development, UAT and Production, being considered.  

Note: Runtime Resource and System Administrator user roles cannot be changed.  

The process of creating or updating the LAM should involve all stakeholders, including the Head of RPA, the RPA Governance Board and IT team, while considering the segregation of duties in the organization. This process at a high level will look something like this: 


Your Blue Prism LAM should be approved by the Governance Board and should comply to the organization’s security and standards. As the RPA organization grows, the LAM will need to be reviewed and updated before applying any access changes to the environments, by using either the suggested process or by using the chosen internal standard change management methodology. This will ensure the LAM definition reflect the environments setup.

In the case of a Blue Prism upgrade from a previous version, an appropriate review and update of the LAM is also recommended as part of the upgrade project, due to the potential impact of permission/access right changes in newer versions of Blue Prism. Your LAM should document all user accounts and roles defined across all environments.

The following steps are recommended:

Digital Exchange

We created the Digital Exchange (DX) to help businesses find and consume best-of-breed AI, cognitive and disruptive technologies quickly and easily. By making it simple to get connected to the world’s most forward-thinking companies, we’re “democratizing AI”— and showcasing the art of the possible.

Whether you’re looking to explore your options with a Digital Workforce, upskill your existing Digital Workforce, or share your own cutting-edge technology, the DX is for you.