apps
latest
false
UiPath logo, featuring letters U and I in white

Apps User Guide

Automation CloudAutomation Cloud Public SectorAutomation Suite
Last updated Jun 17, 2024

Orchestrator Permissions

In order to create apps and trigger robots at app runtime, users are required to have a minimum set of permissions to access processes from Orchestrator. This page describes the minimum permissions required for common personas and scenarios. For specific setup instructions, check out Orchestrator's documentation on Managing Roles.

Common Approaches to managing Orchestrator Permissions for UiPath® Apps:

  1. Grant "Admin" Rights - Assigning admin rights to everyone in your Automation CloudTM Public Sector account is a quick and easy way for all users to experiment with the full capabilities of Automation CloudTM Public Sector, but it is not recommended for production deployment.
  2. Modify Orchestrator's Default Roles - The simplest way to provide the correct permissions to App Authors and App Users is to assign additional permissions to the roles that are provided out-of-the box.
  3. Create New Roles - Create Tenant and Folder level Roles for App Authors and App Users. This allows the most control, but requires more orchestration overhead.

App Studio

This section contains the minimum permissions required to author apps.

Note: These are the absolute minimum permissions required to author apps that leverage RPA. Different permissions may be required to preview or run Apps created with App Studio. Additional permissions are required for users to add processes to Orchestrator.

Tenant Level

Define a user's access to resources at the tenant level.

  • Machines:View - (Recommended) Used to get the machine key for setting up the robot. You also need Machines: Create if you have to create a new machine
  • Robots:Create - (Recommended) Used to create a robot ( In case of Classic folders). For modern folders, this is not required
  • Folders:Edit - (Recommended) Used to add app users to respective folders so that the app users can run the processes
  • Users:View - (Recommended) Used to identify whether the relevant permissions are available for the respective users to whom we are sharing the app in Orchestrator
  • Webhooks: View, Create: Used by App to start and retrieve results in case of unattended process run during preview

Folder Level

In order to import a process from Orchestrator in App Studio, the user must have the following folder-level permissions on any folders that contain processes to be used by Apps.

  • Jobs:View - Used to get the properties of complex objects (.Net objects/data table) by looking at last successful job run
  • Jobs:Create - Used to run processes during preview
  • Processes:View - Used to access the processes in a folder

App Runtime - Attended Automation

  • Processes:View - The app runtime user should have access to the processes in the corresponding folder used in App.
  • Jobs:Create - Used to run processes during preview
  • The user must also have a licensed Robot (with the JavaScript Robot Add-On enabled) on their desktop.

App Runtime - Unattended Automation

In order for users to trigger unattended automation at app runtime, a minimum of the following permissions are required:

Tenant Level

Define a user's access to resources at the tenant level.

  • Webhooks: View, Create: Used by App to start and retrieve results from the process run

Folder Level

Define the user's access and ability within each folder they are assigned to.

  • Jobs: Create - Used to start unattended jobs from Apps

Important: If a user does not have Webhook:Create permissions at the tenant level, unattended jobs will not start at app runtime.
  • App Studio
  • Tenant Level
  • Folder Level
  • App Runtime - Attended Automation
  • App Runtime - Unattended Automation
  • Tenant Level
  • Folder Level

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.