- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- Tenants and services
- About tenants
- Managing tenants
- Configuring VPN for cloud robots
- Managing services
- Managing tenant and service visibility
- Managing tags
- Accounts and roles
- AI Trust Layer
- External applications
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud™
Automation Cloud Admin Guide
Managing tenant and service visibility
You can control the visibility of the services and tenants that are available to your users, based on their permissions.
You can manage tenant and service visibility for the following services:
-
Orchestrator
-
Actions (via Orchestrator)
-
Integration Service (via Orchestrator)
-
Processes (via Orchestrator)
-
Data Service
-
Document Understanding
-
Apps
-
Automation Ops
-
Task Mining
-
Test Manager
-
Insights
The tenant and service visibility feature is not available for the following services:
-
Automation Hub
-
Process Mining
-
Communications Mining
-
AI Center
If an unavailable service is visible to a user in the left rail and they try to access that service without having permission, an error screen occurs that prohibits the user from accessing the service.
We recommend you navigate to the UI Customization settings at organization level to hide services from the left rail for users. In this case, the tenant is not visible to the user anymore, but the services are still available for admins to view.
As an example, consider a scenario where you have the Production tenant that displays the following services: Orchestrator, Document Understanding, Data Service, AI Center, and Automation Hub. In this scenario, there is a user who is not meant to see the Production tenant, as they do not have access to any of the listed services. However, because AI Center and Automation Hub are enabled on the Production tenant, the user can still see the tenant. To resolve this issue, you can use the Hiding unused services feature, allowing you to remove AI Center and Automation Hub from the user's left rail. Consequently, the Production tenant is no longer visible to that user.
Feature not visible as a UI item
Managing tenant and service visibility is not displayed as a UI item that can be toggled on or off. The feature can be triggered in the existing services menu by changing a user's permission in Orchestrator, or based on settings you make in the existing Automation CloudTM by navigating to Enabling or disabling services.
The screenshots in the Setting up tenant and service visibility testing and the Main user scenarios sections serve as a guidance setup.
Managing visibility for Integration Service, Actions and Processes is done via Orchestrator permissions
You can control Integration Service, Actions and Processes visibility via Orchestrator permissions. If a user has any permission in Orchestrator, they can see and use Integration Service, Actions, or Processes.
The Orchestrator level does not offer granular permission that determines user access to the Integration Service, Actions, or Processes.
The workaround for this issue is to use the Advanced settings from the tenant level to hide the service for non admin users.
The following steps serve as a setup example.
If you have an existing tenant and permissions for available services, you can skip to Checking the setup for tenant and service visibility.
-
Create two tenants named Production and Testing.
-
Create a group named UAT Users.
-
In the Production tenant, ensure that the UAT Users group does not have permissions in any service.
As an example, for Document Understanding, navigate to Manage Access and check that the UAT Users group does not have a role assigned.
-
In the Testing tenant, associate the UAT Users group with permissions for the services you want the users to test on (Orchestrator, Document Understanding, Insights, etc.).
For example, for Document Understanding, navigate to Manage Access and assign a role to the UAT Users group.
The following steps and scenarios serve as examples on how to check the setup for tenant and service visibility.
If you have an existing setup, you can check tenant and service visibility using your own group and tenant(s).
-
Log in as a user from the UAT Users group.
-
Check what the user sees in the left rail for Testing and Production tenants.
-
Check what the user sees in the tenant picker.
The following scenario describes how service visibility in the left rail operates based on user permissions.
-
Follow the Setup to test tenant and service trimming steps.
-
Log in as a user from the UAT Users group.
-
Check what the user sees in the left rail for the Testing and Production tenants.
On the homepage, the user only sees the Testing tenant, not the Production tenant, because the users from the UAT Users group only have access to services from the Testing tenant. When the Testing tenant is selected, the user sees the services they have access to in the left rail.
If the user has permissions to view only one tenant, then that specific tenant name does not show up on the homepage.
The following scenario describes how tenant visibility at service level operates based on service permissions.
-
Follow the Setup to test tenant and service trimming steps.
-
Log in as a user from the UAT Users group and select one of the enabled services from the left rail. For example, Document Understanding.
-
Check what the user sees in the tenant picker.
The user does not see the tenant picker anymore because they only have permissions to view enabled services in the Testing tenant, and not the Production tenant.
The following scenario describes how tenant visibility at service level operates based on service availability.
-
Follow the Setup to test tenant and service trimming steps.
-
Log in as an organization admin with full rights.
-
Log in as a user from the UAT Users group.
Notice that you can only see the enabled services in the left rail or for which you have permissions in that particular tenant.
-
Check what the user sees in the tenant picker.
Q: How long will it take for the tenant visibility to take effect after the role assignment changes in the service?
A: It can take up to 10 mins for direct role assignment changes and up to 1 hour for group membership, based permissions changes.
Q: Will this feature work also with UiPath Assistant?
A: Yes, but only if you have installed version 2023.4 or higher of UiPath Assistant.
Q: Where can I see this feature in the user interface?
A: The enhanced access control for tenants and services is not visible as a UI item that can be toggled on or off. The feature is triggered based on settings you make in the existing Automation CloudTM (enabling / disabling services) or in the existing services menu (changing a user's permission in Orchestrator).
Q: Would this feature affect my data?
A: The feature works with the visibility of the data and features of the users. It does not affect or can cause any data loss.
- Overview
- Available services
- Unavailable services
- Known limitations
- Setting up tenant and service visibility testing
- Checking the setup for tenant and service visibility
- Scenario 1: Service visibility in the left navigation based on permissions
- Scenario 2: Tenant visibility at service level based on service permissions
- Scenario 3: Tenant visibility at service level based on service availability
- FAQs