Rovo agent permissions and governance
By default, everyone in your organization has permission to create Rovo agents, because we believe that just like creating a page to share an idea or thought, teams should be able to uncover insights, brainstorm, move work forward, or save time by creating an agent to assist with something.
However, if there is any reason that you need to restrict who can make agents in your organization, there are ways to manage permission and access.
Manage Rovo create permissions in your organization
You must be an organization admin to manage Rovo create permissions. To configure Rovo agent create permissions:
Navigate to the Studio app via the app switcher in the top navigation bar.
Select Studio settings
Choose how you’d like to provide access to users in your organization. You can:
Leave the default setting and allow all individuals in your organization to create agents.
Allow up to 10 groups of individuals to create agents.
Not allow users in your organization to create agents, just admins.
Manage collaborator and admin access for a specific Rovo agent
If you’re the owner of an agent, you can add individuals as “collaborators” or “admins” on your agent to grant them certain access. This allows complex team agents to be managed by multiple people.
Admins can invite colaborators, edit, or delete the agent
Collaborators can edit the agent
To add collaborators and admins to an agent you’re editing:
Select Users and permissions
Select Add user
Search for the user by name, then add them to the agent with desired role.
Permissions and access when using agents in your organization
Rovo agents can only do what the user can do, not the creator. Using an agent never gives anyone more permissions.
So the creator can create an agent, but the agent always respects the user's permissions:
If the user doesn’t have access to view a page, the agent can’t respond with anything about that page.
If the user can’t comment, the agent can’t comment.
If the user can’t delete a Confluence page, the agent can’t delete the Confluence page.
An agent also can’t access information for a user that they wouldn’t already have access to. For example, a user can’t access someone else’s private Confluence page through an agent, even if they created the agent.
Agents working autonomously
For agents to work autonomously, they must be managed through your existing Confluence space or Jira Project administrators via an automation rule.
Without automations and setup from an admin, agents can’t work autonomously.
More on agents and automations
Ethical filtering and the acceptable use policy
Ethical filtering setup is across all our AI to protect your teammates from anything inappropriate. This applies to Chat, agents, and all our other generative AI. Additionally, organization admins, are able to monitor and view violations of the acceptable use policy.
Monitoring agents in your organization
Agent audit logs are available for every agent through their profile. In Chat, agents can only do things the current user has access to and in automation, agents can only do whatever your space or project admin determines in the automation rule.
If you’re concerned about an agent doing things outside of its intended purpose, try including those things in the agent’s instructions or adjusting the list of actions that an agent has access to. For example, if you no longer want your agent to create Confluence pages, you, or the agent’s creator, can remove that action by editing the agent. More on editing your agent.
Troubleshooting
Copy a group ID to provide them with Rovo create permission
If you’re unable to search for the group you’d like to provide access to, you can copy the group ID and paste it into the group name field. To get a group ID:
Visit admin.atlassian.com
Depending on your user management experience, navigate to the Groups page
Select the required Group
Copy the groupId from the URL, which comes after
/groups/
For example: https://admin.atlassian.com/o/<org_id>/groups/<group_id>
Copy it to your clip board by right clicking and selecting Copy or by using the copy shortcut.
Was this helpful?