- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Audit
- Cloud robots
- Folders Context
- Automations
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Resource Catalog Service
- Authentication
- Integrations
- Classic Robots
- Troubleshooting
Assigning Roles
The Assign roles tab of the Manage access page lets you search for users and groups that already exist at the organization level and configure permissions for them in Orchestrator.
Group configuration (roles, web login, robot settings) is passed on to any user that belongs to that group and is later added or auto-provisioned.
-
Go to Tenant > Manage access.
-
Above the table, on the right, click Assign roles and select User, Robot account, or Group.
The Assign roles window opens.
-
Follow the applicable instructions, available below:
a. Assigning roles to a group
b. Assigning roles to a user
c. Assigning roles to a robot account
When you assign a folder-level role, we check if you also have the corresponding tenant-level role. If you do not, you are automatically prompted to assign that as well. You can choose to assign the required role on the spot or to postpone the action for later.
Important:
-
This works for all entities that can be assigned roles.
-
It only applies to folder roles that are explicitly assigned, not inherited.
Known issue:
This option does not work for Active Directory users or groups.
If you assign roles to a group, these are inherited by all users and robot accounts that are part of that group.
Groups are created and maintained by organization administrators from the Admin > Accounts and Groups page.
Assigning groups to a tenant
In a tenant, when assigning groups and adding roles to it, note that these are inherited by all users and robot accounts that are part of that group.
Groups are created and maintained by organization administrators from the Admin > Accounts and Groups page.
Permissions for Personal Workspace
- When configuring an attended robot, you also have the option to create a personal workspaces for it. to set it to off (left position) if you do not want each user to have a Personal Workspace.
- Click Assign.
The group is now visible on the Assign roles tab of the Manage access page and the members of the group benefit from the changes as soon as they log in or within the hour if they are already logged in.
We recommend that you manage user access by assigning roles to groups and then adequately assigning users to the right groups to grant them the necessary roles.
However, if you need to perform a one-time role assignment for a particular user, you can directly assign roles to the user, as follows:
Assigning accounts to a tenant
We recommend that you manage user access by assigning roles to groups and then adequately assigning users to the right groups to grant them the necessary roles.
However, if you need to perform a one-time role assignment for a particular user, you can directly provide access to the user, as follows:
2a) Attended Robot
2b) Unattended Robot
3) Robot Settings
- Manage access > Assign roles tab > select the object from the list > More Actions > Check roles & permissions
- Manage access > Assign roles > three-dots icon > Check roles & permissions
- Robots > select the account from the list > More Actions > Check roles & permissions
- Monitoring > User sessions > select the account from the list > Check roles & permissionsicon
-
The roles pane - includes the name of the role and its type (i.e. explicitly assigned or inherited).
-
The permissions pane - lists the permissions included in the selected roles.
- All roles in this tenant - the permissions pane displays all permissions corresponding to all roles granted to the selected entity at the tenant level.
- Specific role - the permissions pane only displays permissions corresponding to the selected role, as granted to the selected entity at the tenant level.
This section displays the roles and permissions granted at the folder level.
You can use the selection box to choose the particular folder for which to display the roles and their permissions. The list only contains folders where the selected entity is assigned.
- All roles in this tenant - the permissions pane displays all permissions corresponding to all roles granted to the selected entity at the folder level.
- Specific role - the permissions pane only displays permissions corresponding to the selected role, as granted to the selected entity at the folder level.
If you want to edit the roles assigned to a particular account, group, robot, or external application, you can do so from these places:
-
Tenant context > Manage access > Assign roles > Edit in the contextual menu of the desired entity
-
Tenant context > Folders page
-
Folder context > Settings page
For the last two options, in the contextual menu of the entity whose roles you want to change, you can click one of these two options:
-
Edit role in this folder - allows you to change the roles assigned to the entity at the folder level.
-
Edit tenant role & robot (optional) - allows you to change the roles assigned to the entity at the tenant level.
Removing a user or group from Orchestrator does not delete the account from your organization.
The user or group is removed from Orchestrator and all roles are revoked.
Alternatively, select one or multiple users, and click the Remove button.
- You cannot remove a user having the Administrator role.
- You cannot remove or unassign users part of mappings that are employed in triggers from the folder the trigger resides in. Make sure the user is not set as an execution target in a trigger so you can delete them.
- Removing a directory group does not remove the license of an associated directory user, even if the group removal unassigns the user from any folder. The only way to release the license is to close UiPath Assistant.
Group |
Has access to the Orchestrator interface |
Has access to all folders/personal workspace only |
Has API access |
Tenant role |
Folder role |
---|---|---|---|---|---|
Automation Users |
No |
Personal workspace Important:
If a user is assigned to other folders via API, they also have access to those in addition to the personal workspace. |
Yes |
Allow to be Automation User | Automation User |
Automation Developers |
Yes |
All folders |
Yes | Allow to be Automation Developer | Automation Developer |
Administrators |
Yes |
All folders |
Yes |
Orchestrator Administrator |
Folder Administrator |
Automation Express |
Yes |
All folders |
Yes |
Allow to be Automation User | Automation User |
Not found (#1002)
error is displayed.
In this case, the account in fact no longer exists and no longer has access to the UiPath products.
- Overview
- To assign roles
- Automatic assignment suggestion
- Assigning groups to a tenant
- Assigning accounts to a tenant
- Assigning multiple accounts
- Checking assigned roles
- Tenant access
- Folder access
- Editing role assignment
- Removing a user or group
- Recommended role-to-group mapping
- Troubleshooting
- The Not Found error