订阅

UiPath Automation Cloud™

UiPath Automation Cloud™ 指南

有关 Automation Cloud 和我们的云服务当前状态的信息,请参阅“状态”页面。

管理访问权限

角色


角色是权限的集合,是管理用户访问时更细化的一层,遵循通过组维护访问的更广泛的选项。您可以将角色添加到任一组中,以便所有成员帐户都继承这些角色,也可以添加到个人帐户中。

角色可以在组织级别或服务级别包含多个权限,因此有:

  • organization-level roles: these roles control the permissions that accounts have on organization-wide options; they are available in the Automation Cloud portal by default and you cannot change them, nor can you add new ones;
  • service-level roles: these roles control the access rights and actions that accounts can perform in each UiPath service you own; they are managed from within each service and can include default roles which you cannot change, as well as custom roles that you create and manage in the service.

帐户和组通常具有组织级别的角色和一个或多个服务级别的角色。

组和角色

在下表中,您可以看到将帐户添加到组时分配给这些帐户的角色。例如,将帐户添加到 Administrators 默认组后,系统将向其授予组织的 Organization Administrator 角色和服务中的 Administrator 角色。因此,此用户可以通过“管理”>“帐户和组”管理组织级别的角色,也可以管理服务级别的角色。

Group MembershipOrganization-level RoleService-level Roles for Orchestrator
AdministratorsOrganization AdministratorAdministrator
Automation UsersUserAutomation User at folder level 1
Allow to be Automation User at tenant level
Automation DevelopersUserAutomation User at folder level 1
Folder Administrator at folder level 1
Allow to be Automation User at tenant level
Allow to be Folder Administrator at tenant level
EveryoneUserNo roles.
Automation ExpressUserAllow to be Automation User at tenant level
[Custom group]UserNo roles by default, but you can add roles to the group as needed.

1 The roles are assigned for the Shared modern folder, if it exists.

For information about roles across UiPath services, see Role management.

组织级别的角色

帐户只能有一个组织级别的角色。此角色可控制帐户对 Automation Cloud 门户区域内选项的访问权限,例如其在“管理员”页面上看到的选项卡或在“主页”和“管理员”页面上可用的选项。

在组织级别,可以使用“Organization Administrator”和“User”角色。
您无法在组织级别更改这些角色或添加新角色。

组织管理员

此角色授予对组织内每个组织级别和服务级别功能的访问权限。拥有此角色的帐户可以为组织执行所有管理操作,例如创建或更新租户、管理帐户、查看组织审核日志等。可以有多个帐户具有此角色。

📘

这是唯一允许访问 Automation Cloud 中“管理员”页面的角色。

创建组织后,系统会为给定组织指定第一位 Organization Administrator。
To grant this role to others, the organization administrator can add user accounts to the Administrators group, which is one of the default groups.

Organization Administrator 角色包含以下组织级别的权限,这些权限无法更改:

ViewEditCreateDelete
Usage charts and graphs
Tenants
Accounts and groups
Security settings
External applications
Licenses
API keys
Resource center (Help)
Audit logs
Organization settings

 

用户

This is the basic level of access within the UiPath ecosystem. Local user accounts automatically become members of the Everyone group, which grants them the User role.

系统将向默认组“Everyone”、“Automation Users”和“Automation Developer”中的所有帐户授予此角色。

如可用,此角色提供对某些 Automation Cloud 页面,例如“主页”、“资源中心”,的只读访问权限。
他们可以查看并访问为当前租户配置的服务。但是,他们可以看到的内容以及他们可以在每项服务中执行的操作取决于分配给其帐户的服务级别角色。

服务级别的角色

服务级别角色控制每个 UiPath 服务(例如 Orchestrator 服务、Data Service 或 AI Center)中的访问权限和允许的操作。每个服务的权限都在服务本身内进行管理,而不是通过 Automation Cloud“管理员”页面进行管理。

要将服务的权限授予帐户,您可以:

  • assign service-level roles to a group to grant those roles to all member accounts - you do this in the service;
  • 向已拥有所需服务级别角色的组添加帐户;您可通过“管理员”>“帐户和组”执行此操作;
  • assign roles to an account - you do this in the service.

 

角色管理


您可以从每个服务中管理和分配服务级别角色,并且您需要服务中的相应权限。
例如,在 Orchestrator 中具有 Administrator 角色的用户可以创建、编辑并向现有帐户分配角色。

为帐户分配角色有以下两种方式:

  • Direct provisioning implies manually assigning roles to an existing account from within Automation Cloud. You can do this by adding the account to a group, by assigning service-level roles to the account directly, or a combination of both.
  • Auto-provisioning is only applicable if your Automation Cloud organization is integrated with a third-party identity provider (IdP), such as Azure AD ( Authentication options). In this case, to fully hand off identity and access management to the external provider, you can set up Automation Cloud so that any directory account can receive the appropriate roles without the need for any actions in Automation Cloud. The IdP administrator then has control over a user's access and rights in Automation Cloud by creating and configuring the account in the external provider alone.

直接配置

分配组织级别的角色

组织级角色是预定义的,无法更改。

组织管理员可以通过将帐户添加到默认或自定义组,从而通过“管理员”>“帐户和组”将组织级别的角色分配给各个帐户。
See Groups and roles for more information about the organization-level roles tied to each type of group.

📘

将组织级别的角色分配给目录组

如果您已将 Automation Cloud 组织链接到目录,例如 Azure Active Directory (Azure AD),则也可以通过将组织级别角色添加到组来将其分配到目录组中,就像使用帐户一样。这不适用于本地组。
组类型

管理服务级别的角色

您可以从服务中管理和分配服务级别的角色。您可以将角色分配给组(推荐),也可以分配给已经在 Automation Cloud 中添加的帐户。

有关信息和说明,请参阅适用的文档:

ServiceDetails
Orchestrator Managed from Orchestrator.

For more information and instructions, see About Roles in the Orchestrator documentation.
Actions Managed from Orchestrator.

For the list of permissions required, see Roles and Permissions in the Action Center documentation.
For instructions on assigning roles, see About Roles in the Cloud Orchestrator documentation.
Processes Managed from Orchestrator.

For the list of permissions required, see Roles and Permissions in the Action Center documentation.
For instructions on assigning roles, see About Roles in the Cloud Orchestrator documentation.
Automation Hub Managed from Automation Hub.

For more information about which roles are required and instructions for assigning them, see Role Description and Matrix in the Automation Hub documentation.
Automation Store Managed from Automation Hub.

For more information about which roles are required and instructions for assigning them, see Role Description and Matrix in the Automation Hub documentation.
AI Center Managed from Orchestrator.

For information about the roles required to use AI Center, see Permissions in the AI Center documentation.
Data Service Managed from Data Service.

For more information and instructions, see User Management in the Data Service documentation.
For instructions on assigning roles, see About Roles in the Orchestrator documentation.
Task Mining Managed using Automation Cloud organization-level roles.

For information about the rights that organization-level roles grant in Task Mining, see Setting Up the Users in the Task Mining documentation.
For instructions on how to assign organization-level roles, see Managing Users in the Automation Cloud documentation.
Test Manager Managed from Test Manager.

For information and instructions, see User and Group Access Management in the Test Manager documentation.

向帐户分配角色

If you want to granularly control the access a certain account has in a service, but you don't want to add new roles to an entire group, you can explicitly add the account to the service and assign one or more service-level roles to it directly. For example, you can add an account to the Orchestrator service.

有关可用角色和说明的信息,请参阅上述目标服务文档。

自动配置

Through auto-provisioning, any directory account can be set up with access and rights for using Automation Cloud directly from the external identity provider (IdP).

在您启用与第三方 IdP 的集成后,需要一次性设置自动配置。如需了解有关说明,请参阅:

Updated 6 days ago


管理访问权限


建议的编辑仅限用于 API 参考页面

您只能建议对 Markdown 正文内容进行编辑,而不能建议对 API 规范进行编辑。