- Release notes
Orchestrator Release Notes
August 2023
You will have likely wondered why your job was stuck in a Pending status, with no idea how to get it to run. We are coming to your aid with a section in the Job Details windows that is solely dedicated to the reasons why your job has not yet started. What is more, if available, you get actionable advice for each reason - this can either be a link that directs you to the section in Orchestrator where you can fix the problem, or a specific action to take for your particular scenario. In case you do not have permissions to fix the problem, you may need to ask for help from an administrator.
Non-consecutive dots are now allowed in Amazon S3 storage bucket names.
Roles help thoroughly control access to Orchestrator features and objects, allowing you to reliably separate users based on their permissions. In an effort to make this task as easy and effective as possible, we are making several changes to our default roles.
Permission changes
The Automation User folder role and the Allow to be Automation User tenant role no longer have permission to publish processes. This gives the role the minimum folder level permissions needed to execute processes. This way, we ensure that personal user packages do not accidentally get published without first being reviewed.
New roles
Two new sets of roles are available, allowing you to combine several roles so as to achieve the desired results while still maintaining granularity:
-
Automation Publisher and Allow to be Automation Publisher - only contains the permissions needed for publishing processes to Orchestrator, and can be combined with any existing role.
-
Automation Developer and Allow to be Automation Developer - can create automations.
New roles are added as read-only.
In the unlikely event that an organization already contains a custom role with the same name as one of the new roles mentioned above, we will rename it to "Role name - custom". This way, both roles can be used.
Assignment changes
When you assign a default folder role, you are automatically prompted to also assign its tenant counterpart. This is how we ensure that you are not missing any permissions needed for your automations.
Known issue: This option does not work for Active Directory users or groups.
Removal checks
When the Orchestrator Administrator role is unassigned from a user, we check that they are not the last user with that role. The same check applies when deleting a user or a group if there are no other users or groups with the Administrator or the Orchestrator Administrator role.
Unattended automation is one of the core functionalities of Orchestrator, allowing you to set up tasks that can then be carried out on their own, with no human involvement whatsoever. Its seemingly simple output is, however, built on top of a complex foundation, which involves piecing together just the right components.
Clicking Get started allows you to start selecting the necessary Orchestrator objects for your future unattended automation: machine template, robot account, folder, and connection settings. Each step comes with detailed instructions and helpful tips, as well as links to sections where you can create any required objects.
The Personal Workspaces option Enable Cloud Robot - Serverless automatically was renamed to Automatically configure Serverless machines in Personal Workspace for Studio Web users.
This clears the confusion around what selecting or clearing the option does. In short, if you leave this option enabled, when you use Studio Web, a Serverless machine is automatically provisioned in your personal workspace. Clearing the option stops the automatic provisioning of Serverless machines, but it does not deallocate those already provisioned. To remove existing Serverless machine templates from your personal workspace, you must deallocate them manually.
When you convert an inactive personal workspace to a folder, it now becomes available only to the administrator who initiated the conversion. As such, no other users will have access to it.
The OpenLDAP store is now available as a secrets engine for HashiCorp Vault.
To optimize performance and align with industry standards, we've adjusted the allowed storage limits for output arguments to 30 MB for Enterprise customers. After a 3-month transition period, beginning November 2023, the storage limit will be further reduced to 1 MB.
Starting from May 2023, the 1 MB storage limit has already been enforced for Free and Community customers.
We have made some changes that are sure to bring more clarity into how you edit the roles assigned to accounts, groups, robots, and external applications, either at the tenant level, from the Folders page, or at the folder level, from the Settings page.
If you want to edit the roles assigned to a particular entity, you now have two contextual menu options:
-
Edit role in this folder - allows you to change the roles assigned to the entity at the folder level.
-
Edit tenant role & robot (optional) - allows you to change the roles assigned to the entity at the tenant level.
When you enable the option, you are given the choice to either wait for running jobs to finish, or to kill all running jobs before going into maintenance mode. Pending jobs, however, keep their status until they are picked up.
Reports containing exported data from queue transactions, audit, logs, and jobs pages included instances of duplicate information which are now cleaned up. Specifically, exports now only contain absolute time columns, which are expressed in the tenant's timezone.
Due to a lack of synchronization, changes made to robot accounts and external applications at the organization level were not reflected in Orchestrator. Now, when you delete or rename an external application or when you delete a robot account at the organization level, the same thing happens to these entities in the Orchestrator folders where they were added.
Now you can set alert subscriptions for groups. This way you can control what alert types a group receives, based on the common denominator of the group members.
Subsequent alert emails are then sent to users that are part of those groups, provided those users have View permission on Alerts at group level.
Known issues:
-
Alert emails sent to groups may be written in English, regardless of the language preference of individual group members.
-
Local users part of local and mail-enabled AD/AAD groups may receive duplicate emails for alerts that have been generated for both groups.
The date when a change is first announced in the release notes is the date when it first becomes available.
If you don't see the change yet, you can expect to see it soon, after we roll out changes to all the regions.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.
- 23 August 2023
- Troubleshooting pending jobs
- Dots in storage bucket names
- Roles and permissions changes
- Unattended robot setup
- Automatically provisioning Serverless machines in personal workspaces
- Conversion of inactive personal workspaces
- New HashiCorp Vault secrets engine
- Bug fixes
- 16 August 2023
- Minutes in SLA predictions
- 10 August 2023
- Updated storage limit for output arguments
- 8 August 2023
- Role assignment improvements
- Introducing machine maintenance mode
- Time columns consolidation in exports
- Bug fixes
- 3 August 2023
- Group Alerts
- When can I see these changes?
- Deprecation timeline