- Release notes
- Before you begin
- Getting started
- Introduction
- Roles and Permissions
- Access Control
- Actions
- Processes
- Troubleshooting
Roles and Permissions
Actions roles and permissions are set from Orchestrator.
In order for the Robot to generate an Action, upload, download, and delete data from a storage bucket, it needs the appropriate permissions. Make sure the Robot role has been granted the following:
To create an action:
- View,Edit,Create on Actions
To assign an action:
- Create on Actions Assignments
To upload document data:
- View,Edit,Create on Storage Files
- View on Storage Buckets
To delete document data after downloading:
- View,Edit,Delete on Storage Files
- View on Storage Buckets
To generate actions in the context of a personal workspace folder and have them displayed in the Action Center inbox, the following permissions have been added as default:
- Create,View,Edit,Delete on Actions.
- Create,View,Edit,Delete on Action Catalogs.
We recommend defining the following roles for handling actions:
As a validation admin, you see all the generated Document Validation Actions and assign them to users in the Manage Actions view.
The following permissions are required:
- View,Edit on Actions.
- View,Edit,Create,Delete on Storage Files.
- View on Storage Buckets.
- View,Edit,Create on Action Assignments.
-
View,Edit,Create on Action Catalogs.
As a validation user, you see all the form and Document Validation Actions assigned to you, and validate them in the My Actions view.
The following permissions are required:
- View,Edit on Actions.
- View,Edit,Create on Storage Files.
- View on Storage Buckets.
-
View,Edit on Action Assignments.
As a classification admin, you see all the generated Document Classification Actions and assign them to users in the Manage Actions view.
The following permissions are required:
- View,Edit on Actions.
- View,Edit,Create,Delete on Storage Files.
- View on Storage Buckets.
- View,Edit,Create on Action Assignments.
-
View,Edit,Create on Action Catalogs.
As a classification user, you see all the form and Document Classification Actions assigned to you, and edit them in the My Actions view.
The following permissions are required:
- View,Edit on Actions.
- View,Edit,Create on Storage Files.
- View on Storage Buckets.
-
View,Edit on Action Assignments.
As an action admin, you see all the generated Form Actions and assign them to users in the Manage Actions view.
The following permissions are required:
- View,Create on Action Assignment.
- View,Edit,Create on Action Catalogs.
-
View,Edit,Create,Delete on Actions.
To manage action labels, the following permissions are required:
- View,Create,Delete on Tags.
As an action user, you see all the Form Actions assigned to you, and edit them in the My Actions view.
The following permissions are required:
-
View,Edit,Create on Actions.
To manage action labels, the following permissions are required:
- View,Create,Delete on Tags.
We recommend defining the following roles for handling processes:
As a queue process user, you can generate forms to provide inputs to a queue.
The following permissions are required:
- View on Queues
-
View,Edit,Delete on Transactions
As a job process user, you can generate forms to provide inputs to a job.
The following permissions are required:
- View on Processes
-
View,Edit,Delete on Jobs
Note:To trigger a process through file upload, you need the following permissions:
- View,Edit, Create on Storage Files
- When the Azure AD integration is enabled,
you cannot assign tasks to users in Action Center if they haven't signed in using
their AD account. The same behavior occurs for local user groups , when the
users haven't signed in using their local user account.
Workaround: Consider asking your users to sign in after their accounts have been created, using either their AD or local user account. Alternatively, you can continue to assign tasks to the user's UiPath account. But then organization administrators should delay the task of discontinuing UiPath account use until the issue is resolved.
- In the case of folders that have permissions set for DirectoryGroup, all Azure AD users appear in the Assign To User drop-down list, even if they don't have permissions for the specified folder. Even if users without the appropriate permissions show up in the Assign To User drop-down list, you can't assign Actions to them. This behavior is a user interface issue only, caused by an API that returns all Azure AD users, regardless of their folder permissions.