# Bot Governance

### **Overview**

As part of the **Security Architecture Review (SAR)** recommendations, organizations need to strengthen governance and observability for bots within the Interaction Experience (iX) ecosystem. This ensures that bot creation, deployment, and usage adhere to security, compliance, and operational standards.

### **Why Observability Matters**

* **Clear Visibility:** Know exactly which bots are being created, where they’re running, and whether they’re accessible to the public.
* **Managing Risks:** Stop unauthorized or insecure bots before they cause problems like data leaks or compliance breaches.
* **Strong Governance:** Make sure every bot follows your organization’s policies and security standards throughout its lifecycle.

### User Roles and Permissions

The **Bot Governance Dashboard** is designed with role-based access to ensure security and proper oversight. Below are the key roles and their respective permissions:

1. **Organization Admins**
   1. **Primary Audience**: The dashboard is mainly intended for organization admins.
   2. **Access Level**: Full visibility into all bots across the organization.
2. **Platform Admins**
   1. **Secondary Audience**: Platform admins also have access to the dashboard.
   2. **Access Level**: Similar visibility as org admins but primarily for operational support.

### How to access the Observability Report

1. This dashboard provides **visibility and governance** over all bots (or apps) created within the organization. It helps administrators track bot configurations, security posture, and compliance status.
2. Navigate to Administration-> Org Configuration-> Governance

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FNEfKA9PThodHAASekkev%2Fimage.png?alt=media&#x26;token=52e05920-f395-41cb-ba9c-ff17080f3253" alt=""><figcaption></figcaption></figure>

3. The main section lists all bots created within the organization.
4. Columns include

| Settings        | Value                                                                           |
| --------------- | ------------------------------------------------------------------------------- |
| Name            | The bot/application name                                                        |
| IsPublicAccess  | Indicates whether the bot is publicly accessible (`true` or `false`)            |
| EnableAPIAccess | Shows if API access is enabled for the bot                                      |
| PIIEnabled      | Specifies whether Personally Identifiable Information (PII) handling is enabled |
| Created On      | Timestamp of when the bot was created.                                          |
| Action          | Provides options for further actions (e.g., view details, manage settings)      |

5. If the Governance team wants to understand more about the each of the apps, click on three dots and click on View App Details:

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FIG2L5RjgVZhVD0s2btOU%2Fimage.png?alt=media&#x26;token=6ef7bee6-17c0-4e0f-98fd-34419d9952d3" alt=""><figcaption></figcaption></figure>

6. **App Details** view for a specific bot within the governance platform. This page provides comprehensive information about the selected bot, including its configuration, usage metrics, and associated components.
7. Summary Metrics

| Settings            | Value                                                                                               |
| ------------------- | --------------------------------------------------------------------------------------------------- |
| No of Publishing    | Total number of publishing instances for this bot (e.g., `3`)                                       |
| AI Contents Used    | Indicates the count of AI-generated content utilized (`0` here).                                    |
| Integrations in Use | Lists active integrations (e.g., `msgx4js.genAIs`).                                                 |
| Methods in Use      | Shows methods currently implemented (e.g., `getSpendDataList`, `chatcompletion`, `getPromoDetails`) |

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FsKTqWpRvvGJqvLRfjzzP%2Fimage.png?alt=media&#x26;token=0d1bfe5b-3cf8-4a30-8b9d-5732a257cbbe" alt=""><figcaption></figcaption></figure>

When clicked on "Go to App" you will be redirected to the Custom App Publishing screen of the app "Acme Digital Assistant", which shows the Total number of publishing instances for this bot.

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FopP4UuODk7VsE2Kbh6tE%2Fimage.png?alt=media&#x26;token=78d7b9e6-a37b-4bd7-9a31-cde69696c035" alt=""><figcaption></figcaption></figure>

### Enhance Bot Observability Dashboard on User Management

1. Governance Page can be accessed through User Management menu.
2. Navigate to User Management-> Manage User-> Org and User Management
3. Click the "View Details" button next to the organization "Concentrix".

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FnH96GBIxsfSQekrfdtrF%2Fimage.png?alt=media&#x26;token=f49c9584-b28a-4674-8dd1-a83781041ef3" alt=""><figcaption></figcaption></figure>

4. Selecting "View Details" lets users see a list of individuals associated with "Concentrix" and the apps they have created.

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FKK0vezpKXOywJ23MvZu4%2Fimage.png?alt=media&#x26;token=0d86dc7a-0ede-41ac-9470-00ee2007d066" alt=""><figcaption></figcaption></figure>

5. If the Governance team wants to understand more about the each of the apps, click on three dots and click on View App Details:

*Note: If you find apps with identical names, you can identify the correct one by checking the creator's username.*

6. Governance team members can access app details as described above:

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FnBCOrJwm7n2OYg42iLJM%2Fimage.png?alt=media&#x26;token=f6cc3081-4d86-40d4-9a7b-2d7990331514" alt=""><figcaption></figcaption></figure>

7. When clicked on "Go to App" you will be redirected to the Custom App Publishing screen of the app "Acme Digital Assistant", which shows the Total number of publishing instances for this bot.

<figure><img src="https://1107164708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8XHvUsfyTUFLvToHqD%2Fuploads%2FQJ4aMFF5wYLSzeIRx5EV%2Fimage.png?alt=media&#x26;token=e347c50f-767e-45b1-bae3-cec4f357e5a7" alt=""><figcaption></figcaption></figure>

This section explains how bot governance works, providing insights into bot creation, management, and processes. If necessary, governance can contact the bot creator to request modifications or removal. Currently, we have developed a report to offer more control and observability over bots.