- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- Tenants and services
- Accounts and roles
- AI Trust Layer
- External applications
- Managing external OAuth applications
- Configuring fine-grained access for confidential apps
- App registrations
- Personal Access Tokens
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud™
Automation Cloud Admin Guide
Configuring fine-grained access for confidential apps
As an administrator, you can configure fine-grained tenant or folder permissions for confidential apps, by assigning them to folders or tenants in Orchestrator. An external app gets the permissions required to perform particular operations in a folder or tenant through one or more roles.
An app gets the union of all organization and tenant scopes defined for it.
OR.Machines.Read
scope at the organization level, and View permissions on Folders in the Finance tenant, and nothing defined for the HR tenant in Orchestrator. Here's an overview of
your app's scope and what it can access:
Tenant |
Scope |
---|---|
HR |
OR.Machines.Read
|
Finance |
OR.Machines.Read
OR.Folders.Read
|
External apps need to be assigned directly to a specific tenant and folder, instead of using group assignments.
To grant access to a tenant for an external app or a group of external apps, follow these steps in Orchestrator:
To grant access to a folder for an external app or a group of external apps, follow these steps in Orchestrator:
To remove tenant access for an external app or a group of external apps, follow these steps in Orchestrator: