automation-cloud

latest

false

Getting started
Data security and compliance
Organizations
Authentication and security
Licensing
Tenants and services
- About tenants
- Managing tenants
- Configuring VPN for cloud robots
- Managing services
- Managing tenant and service visibility
- Managing tags
Accounts and roles
AI Trust Layer
- About AI Trust Layer
- Managing AI Trust Layer
External applications
Notifications
Logging
- About logs
- Exporting logs
Troubleshooting
- About troubleshooting
- Frequently encountered errors
Migrating to Automation Cloud™
- About migrating to Automation Cloud™
- Migrating Orchestrator
  - Using the Automation Cloud Migration Tool
  - Manual migration

Automation Cloud Admin Guide

Last updated Oct 31, 2024

Managing tenant and service visibility

Overview

You can control the visibility of the services and tenants that are available to your users, based on their permissions.

Available services

You can manage tenant and service visibility for the following services:

Orchestrator
Actions (via Orchestrator)
Integration Service (via Orchestrator)
Processes (via Orchestrator)
Data Service
Document Understanding
Apps
Automation Ops
Task Mining
Test Manager
Insights

Unavailable services

The tenant and service visibility feature is not available for the following services:

Automation Hub
Process Mining
Communications Mining
AI Center

A tenant may become visible to users who are not meant to see it, even if the necessary permissions to use some services are not granted. This issue occurs if a tenant displays services that are not on the Available services list.

Note:

If an unavailable service is visible to a user in the left rail and they try to access that service without having permission, an error screen occurs that prohibits the user from accessing the service.

We recommend you navigate to the UI Customization settings at organization level to hide services from the left rail for users. In this case, the tenant is not visible to the user anymore, but the services are still available for admins to view.

As an example, consider a scenario where you have the Production tenant that displays the following services: Orchestrator, Document Understanding, Data Service, AI Center, and Automation Hub. In this scenario, there is a user who is not meant to see the Production tenant, as they do not have access to any of the listed services. However, because AI Center and Automation Hub are enabled on the Production tenant, the user can still see the tenant. To resolve this issue, you can use the Hiding unused services feature, allowing you to remove AI Center and Automation Hub from the user's left rail. Consequently, the Production tenant is no longer visible to that user.

Known limitations

Feature not visible as a UI item

Managing tenant and service visibility is not displayed as a UI item that can be toggled on or off. The feature can be triggered in the existing services menu by changing a user's permission in Orchestrator, or based on settings you make in the existing Automation Cloud^TM by navigating to Enabling or disabling services.

Note:

The screenshots in the Setting up tenant and service visibility testing and the Main user scenarios sections serve as a guidance setup.

Managing visibility for Integration Service, Actions and Processes is done via Orchestrator permissions

You can control Integration Service, Actions and Processes visibility via Orchestrator permissions. If a user has any permission in Orchestrator, they can see and use Integration Service, Actions, or Processes.

Note:

The Orchestrator level does not offer granular permission that determines user access to the Integration Service, Actions, or Processes.

The workaround for this issue is to use the Advanced settings from the tenant level to hide the service for non admin users.

Setting up tenant and service visibility testing

Note:

The following steps serve as a setup example.

If you have an existing tenant and permissions for available services, you can skip to Checking the setup for tenant and service visibility.

Create two tenants named Production and Testing.
Create a group named UAT Users.
In the Production tenant, ensure that the UAT Users group does not have permissions in any service.

As an example, for Document Understanding, navigate to Manage Access and check that the UAT Users group does not have a role assigned.
In the Testing tenant, associate the UAT Users group with permissions for the services you want the users to test on (Orchestrator, Document Understanding, Insights, etc.).

For example, for Document Understanding, navigate to Manage Access and assign a role to the UAT Users group.

Checking the setup for tenant and service visibility

Note:

The following steps and scenarios serve as examples on how to check the setup for tenant and service visibility.

If you have an existing setup, you can check tenant and service visibility using your own group and tenant(s).

Log in as a user from the UAT Users group.
Check what the user sees in the left rail for Testing and Production tenants.
Check what the user sees in the tenant picker.

Scenario 1: Service visibility in the left navigation based on permissions

The following scenario describes how service visibility in the left rail operates based on user permissions.

Follow the Setup to test tenant and service trimming steps.
Log in as a user from the UAT Users group.
Check what the user sees in the left rail for the Testing and Production tenants.

Note:

On the homepage, the user only sees the Testing tenant, not the Production tenant, because the users from the UAT Users group only have access to services from the Testing tenant. When the Testing tenant is selected, the user sees the services they have access to in the left rail.

Note:

If the user has permissions to view only one tenant, then that specific tenant name does not show up on the homepage.

Scenario 2: Tenant visibility at service level based on service permissions

The following scenario describes how tenant visibility at service level operates based on service permissions.

Follow the Setup to test tenant and service trimming steps.
Log in as a user from the UAT Users group and select one of the enabled services from the left rail. For example, Document Understanding.
Check what the user sees in the tenant picker.

The user does not see the tenant picker anymore because they only have permissions to view enabled services in the Testing tenant, and not the Production tenant.

Scenario 3: Tenant visibility at service level based on service availability

The following scenario describes how tenant visibility at service level operates based on service availability.

Follow the Setup to test tenant and service trimming steps.
Log in as an organization admin with full rights.
Disable or enable the service.
Log in as a user from the UAT Users group.

Notice that you can only see the enabled services in the left rail or for which you have permissions in that particular tenant.
Check what the user sees in the tenant picker.

FAQs

Q: How long will it take for the tenant visibility to take effect after the role assignment changes in the service?

A: It can take up to 10 mins for direct role assignment changes and up to 1 hour for group membership, based permissions changes.

Q: Will this feature work also with UiPath Assistant?

A: Yes, but only if you have installed version 2023.4 or higher of UiPath Assistant.

Q: Where can I see this feature in the user interface?

A: The enhanced access control for tenants and services is not visible as a UI item that can be toggled on or off. The feature is triggered based on settings you make in the existing Automation Cloud^TM (enabling / disabling services) or in the existing services menu (changing a user's permission in Orchestrator).

Q: Would this feature affect my data?

A: The feature works with the visibility of the data and features of the users. It does not affect or can cause any data loss.

On this page