Rovo agent permissions and governance

Manage who can create agents in Studio

Rovo Studio and the ability to create agents is open by default to everyone in your organization. But if you don’t have governance practices in place, this can lead to crowded agent directories.

If needed, organization admins can restrict who creates agents by managing Studio settings.

• All users is the default, allowing anyone in your organization to create agents.

• Selected groups limits agent creation to up to 10 user groups.

• No users limits creation to you and other organization admins.

To manage Studio settings:

1. Navigate to the Rovo Studio app via the app switcher.

2. Select Settings from the left-hand navigation.

3. Select your preferred setting:

   1. All users

   2. Selected groups

   3. No users

To manage Selected groups:

1. Select Selected groups.

2. Select Add groups to open a modal.

3. Use the dropdown to search for and select up to 10 user groups.

4. Select Add.

Set edit permissions for your agent

If you’re the owner of an agent, you can add individuals as editors or managers to grant them certain permissions.

This allows complex team agents to be managed by multiple people:

• Editors can

  • Edit the agent

• Managers can

  • Edit the agent

  • Add other editors

  • Delete the agent

To add editors and managers to an agent:

1. Select Users and permissions

2. Select Add user

3. Search for the user by name, then add them to the agent with desired role.

Control who can see and use your agent

When you create an agent, it becomes available for everyone to see and use by default.

It’s worth noting that from a privacy standpoint, agents can only access information that the person using it has permission to view or edit. But if you’d like to limit access to the agent itself, you can.

Agents with restricted access are only visible by the people you add. Others won't see them in browsing directories or as options for automation.

To restrict your agent for your personal use:

1. Open your agent

2. Select Users and permissions from the left-hand navigation

3. Find the User access section

   1. Toggle Open to all users to the Off position

   2. If you have not added users, the agent is now only accessible to you

To limit your agent’s access to specific people:

1. Select the Add user button to open a modal

2. Type or select the name of someone

3. Select a role for them (Editor or Manager)

4. Select Add

At the moment, you must give users a role when you add them, either editor or manager:

• Editors can

  • Edit the agent

• Managers can

  • Edit the agent

  • Add other editors

  • Delete the agent

Change an agent’s attribution in the agent directory

When people browse the directory of available agents, each agent is listed by name along with “By <person’s name>”.

An agent is attributed to the person who created it (the owner) by default. But when an agent is managed by a team or you want to highlight its quality by associating a particular team, you can change the attribution to reflect this.

To change the author display name to a specific team:

1. Open an agent you have edit permissions for

2. Select Users and permissions from the left-hand navigation

3. Expand Author display name

4. Type or select the name of one of your Atlassian teams

What can users access when interacting with an agent?

When someone interacts with an agent, the agent is acting on that person’s behalf. It therefore can only return or interact with spaces, pages, work items, and other information that the user has permission to access. For example:

• If the user doesn’t have access to view a page, the agent can’t respond with anything about that page.

• If the user can’t comment, the agent can’t comment.

• If the user can’t delete a Confluence page, the agent can’t delete the Confluence page.

You can also explicitly limit what an agent can or can’t do in the instructions or by changing what skills it is configured with.