Subscribe

UiPath Data Service

The UiPath Data Service Guide

Managing Access

Overview


The Manage Access module enables you to manage user roles for an entity service tenant. This extensive and granular permissions model allows you to integrate all your employees using the service based on their level of expertise and your business requirements. Furthermore, you can select users or groups from your cloud account and assign standard roles to them.

📘

Default permissions

Data Service is configured such that Automation Cloud users can read data by default.
To limit data access, remove the Everyone group, add users or groups that need access and assign the desired roles.

The following steps enable you to manage your users and groups:

  1. In the Data Service page click the More options menu in the upper right corner.
  2. Select Manage Access. The Manage Access page is displayed.

The following tabs are available:

TabDescription
Assign RolesContains a list of all the users and groups that are defined for the Data Service tenant and the Roles they have been assigned.
RolesA list of all the Roles defined for the Data Service. For each Role you can see how many Users/Groups are assigned.

 

Standard roles


Standard Roles have a predefined set of permissions. The following standard Roles can be assigned to users created in Data Service:

  • Administrator
  • Data Reader
  • Data Writer
  • Designer

📘

Removal

You cannot remove standard roles.

Standard role permissions

Each standard role has a different permissions set, including at least one administrative permission and a data access permission.

Administrative Permissions

Below is a description of the Administrative Permissions of a standard role.

PermissionRoles with this permission...
Manage Permissions can create new roles, edit and delete existing roles, and assign one or more roles to users or groups.
View All Schema can view the schema of all entities and choice set definitions, but cannot modify them.
Customize Schema can view, create, edit, or delete the schema of all entities and choice set definition.

Data Access Permissions

Below is a description of the Data Access Permissions of a standard role.

PermissionRoles with this permission...
No access do not have access to any entity data. Users or groups with this permission are not allowed to create, read, edit, or delete data records of an entity.
Read access for all Entities can view the data records of an entity.
Complete read and write access for all Entities can create, view, edit, and delete data records of an entity.

Overview of standard Role Permissions

The following table summarizes the default permissions of each standard role:

Standard roleAdministrative PermissionsData Access Permissions
AdministratorManage Permissions
Data ReaderView SchemaRead access for all Entities
Data WriterView SchemaComplete read and write access for all Entities
DesignerView Schema
Customize Schema

 

Custom Roles


Custom roles enable you to create custom sets of permissions that can be assigned to users or groups.
To create new custom roles, you need to have the Manage Permissions permission assigned.

Custom Role permissions

For custom roles you can decide which permissions you want to assign to the role.
At creation, assign at least one Administrative Permissions to the new role. Consequently, you may assign Data Access Permissions to the role, which grants Create, Read, Edit, or Delete permissions on the specified entities.

Administrative Permissions

Below is a description of the Administrative Permissions that can be assigned to a custom role.

PermissionRoles with this permission...
Manage Roles can create new roles, edit and delete existing roles, and assign one or more roles to Users/Groups.
View Schema can view the schema of all entities and choice set definitions, but cannot modify them.
Customize Schema can view, create, edit, or delete the schema of all entities and choice set definition.

Data Access Permissions

When defining a custom role, you can assign different data access permissions for the selected entities in the tenant.
You can select whether the custom role can Create, Read, Edit, or Delete the entity records. Moreover, if an entity has Role base field access enabled fields, you can assign data access permissions to each entity field.

Below is a description of the Data Access Permissions for an entity that can be assigned to a Custom Role.

PermissionRoles with this permission...
Createcan create entity records.
Readcan view entity records.
Editcan view and modify entity records.
Deletecan view and delete entity records.

Create Custom roles

Follow the steps below to create a new role.

  1. In the Roles tab click on Create New Role.
  2. In the Create Role panel enter a name for the new role in the Role Name field.
  3. Select the Administrative Permissions that you want assign to the role.
  4. To add Data Access Permissions to the role, select the targeted entity:
    • Click + Add Entity to display the available entities.
    • Select the entity for which you want to define the permissions.
    • Select the desired permissions. By default, the Read permissions is enabled.
  5. Click Save to create the new custom role. The role is displayed in the Roles tab, of TypeCustom.

Setting permissions for specific fields

When creating entities it is possible to enable Role base field access for user-created fields. When defining a custom role, you may assign data access permissions to these fields.

📘

Note

Only custom roles can be updated to grant permissions to access the data in the fields.

Follow the steps below to set role based field permissions.

  1. Create a new role, or edit an existing custom role.
  2. If the entity has Role base field access enabled fields, a message indicating to add data access permissions is displayed: Certain fields require data access permissions. Click Add them.
  3. From the drop-down list, select the fields for which you want to set data access permissions.
  4. Set the desired permissions: Create, Read, Edit, or Delete.
  5. Click Save.

See also Customizing an Entity.

Editing custom roles


You may change your mind about specific permissions for a custom role. You can edit custom roles by clicking the corresponding Edit button.

Removing custom roles


If you decide you no longer need a custom role, you can remove it by clicking the corresponding Delete button.

📘

Standard roles

You cannot remove standard roles.

 

Adding users or groups


All calls in the Data Service are based on user authorization. The decision to grant or deny an operation is always based on the effective permissions for the user based on their individual or group membership permission grants. Studio, Assistant, and Robot also inherit permissions based on their configured users.

Data Service supports all users and groups defined in the account and doesn’t maintain a separate user list. To add users that are part of your organization, follow the below steps:

  1. In the Manage Access page, click Assign Roles. The Assign Roles panel opens.
  2. In the Assign Roles field, type in the name of the users or groups you want to add.
  3. Select the Roles you want to assign to the users or groups.
  4. Click Save.

📘

Note

If you cannot find a user it means they don't have an account within the Automation Cloud organization.

The newly added users and the assigned roles are displayed in the User/Group list of the Assign Roles tab.

 

Defining roles for a user or group


A group is a collection of user accounts. Data Service supports all groups defined in the account and does not maintain a separate list of groups. A permission granted to a group propagates to all users and groups. To define the roles for a user or group follow the below steps:

  1. In the Assign Roles tab hover over the user or group you want to assign roles to.
  2. Click the Edit icon available on the right-hand side. The Edit Roles panel opens.
  3. Select the desired Roles for the user or group.
  4. Click Save.

📘

Note

You can assign multiple roles to a user or group. In this case, union of the permissions applies.

 

Default group mapping


Groups are user containers with specific permission sets in services within Automation Cloud. Permissions for groups can be configured inside each service by selecting the group and associating the desired permissions. Users get the union of all permissions assigned to the groups they are members in.

When you assign users to a group in Automation Cloud, you grant them access to all the services which have permissions configured for that specific user group. The level of access to the service is determined by the roles assigned to that group at the service level.

Cloud Portal Group MembershipOrganization Level RoleData Service Roles
AdministratorsOrganization AdministratorAdministrator, Designer and Data Writer
Automation DevelopersUserDesigner and Data Writer
Automation UsersUserData Writer
EveryoneUserData Reader

Removing users or groups


Removing users or groups from the Assign Roles tab implies the inability to access Data Service. That is, every deleted user and users part of the deleted group cannot access Data Service anymore.
To allow access once again, add Automation Cloud users or groups individually, and assign them Data Service roles.

To remove a user or a group from Data Service, click the corresponding Remove user/group button.

Updated 9 months ago

Managing Access


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.