- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Configuring automation capabilities
- Solutions
- Audit
- Settings
- Cloud robots
- Folders Context
- Automations
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Resource Catalog Service
- Integrations
- Troubleshooting
Default roles
This page displays the permissions included for each default role in Orchestrator.
You can view and edit the permissions for each role from the Roles page by clicking the 
More Actions icon on the right end of a row.
If a role cannot be edited, you have the option to duplicate and customize it as a new role instead (not available for mixed roles).
A role that has all tenant- and folder-level permissions.
This is a mixed role and includes both tenant and folder permissions. With mixed roles, for a global operation, only the user's tenant permissions are taken into consideration; for a folder-specific operation, if a custom role is defined, folder permissions are applied in favor of any tenant permissions present.
It includes the following permissions, which cannot be changed.
This role is no longer available for new tenants. To replicate its permissions, use the following role combination:
-
Allow to be Automation User at the tenant level
-
Automation User at the folder level
The Robot role can still be used in any existing tenants.
All permissions required to execute processes.
This is a mixed role and includes both tenant and folder permissions. With mixed roles, for a global operation, only the user's tenant permissions are taken into consideration; for a folder-specific operation, if a custom role is defined, folder permissions are applied in favor of any tenant permissions present.
By default, the role has the following permissions, which can be changed.
This is a folder role and it includes the following permissions by default, which cannot be edited.
The following roles are pre-configured with the permissions for the tenant level or the folder level that are required to work in folders.
These roles cannot be changed, but you can duplicate and customize them as a new role if needed.
Below you can see the permissions granted for each standard role.
This role is granted all tenant-level permissions, and should be assigned at the tenant level to any users in charge with the management of all tenant entities.
We recommend this role over Administrator, which is not relevant in a modern folder infrastructure.
This is a tenant role and includes the following permissions by default, which cannot be changed.
A role with the minimum tenant-level permissions needed to manage their own folders and subfolders.
Accounts that have the Allow to be Folder Administrator tenant role should also have the Folder Administrator folder role assigned to them at the folder level.
This is a tenant role and includes the following permissions by default, which cannot be changed.
A user with the minimum folder-level permissions needed to manage their own folders and subfolders.
Accounts that have the Folder Administrator folder role should also have the Allow to be Folder Administrator tenant role assigned to them at the tenant level.
This is a folder role and includes the following permissions by default, which cannot be changed.
A user with the minimum folder level permissions needed to execute processes from Assistant, as well as unattended automations.
Accounts that have the Allow to be Automation User tenant role should also have the Automation User folder role assigned to them at the folder level.
This is a tenant role and includes the following permissions by default, which cannot be changed.
A user with the minimum folder level permissions needed to execute processes from Assistant, as well as unattended automations.
We recommend that accounts that have the Automation User folder role also have the Allow to be Automation User tenant role assigned to them at the tenant level.
This is a folder role and includes the following permissions by default, which cannot be changed.
A user who can publish processes to Orchestrator.
This role can be assigned on top of Allow to be Automation User to allow a user to both publish and execute a process.
Accounts that have the Allow to be Automation Publisher tenant role should also have the Automation Publisher folder role assigned to them at the folder level.
A user who can publish processes to Orchestrator.
This role can be assigned on top of Automation User to allow a user to both publish and execute a process.
Accounts that have the Automation Publisher folder role should also have Allow to be Automation Publisher tenant role assigned to them at the tenant level.
A user who creates automation projects, but does not have direct access to complex and expensive resources, such as storage buckets.
Accounts that have the Allow to be Automation Developer tenant role should also have the Automation Developer folder role assigned to them at the folder level.
A user who creates automation projects, but does not have direct access to complex and expensive resources, such as storage buckets.
Accounts that have the Automation Developer folder role should also have the Allow to be Automation Developer tenant role assigned to them at the tenant level.
A user who can create, edit, and delete solution packages and manage solution deployments.
A user who can view, edit, and create solution packages and package versions.
The
roles described in this section are exclusive to users pertaining to SAP organizations,
and cannot be modified in any way.
For details on SAP Build Process Automation, Foundation add-on by UiPath, check out the SAP Build Process Automation, Foundation add-on by UiPath guide.
Tenant-level roles
SAP Build Orchestrator Administrator
This role is granted all tenant-level permissions, and should only be assigned to users in charge with the management of all tenant entities.
It is automatically assigned to the ProcessAutomationAdmin group.
SAP Build Allow to be Folder Administrator
This role is granted the minimum tenant-level permissions needed for a user to manage their own folders and subfolders.
It is automatically assigned to the ProcessAutomationDeveloper group.
SAP Build AutomaticPublisher
This role is granted the necessary permissions to publish priojects to the tenant feed.
Folder-level roles
SAP Build ProcessAutomationDeveloper Monitor
This role includes all the necessary permissions for monitoring automations.
SAP Build ProcessAutomationDeveloper View Logs
This role includes all the necessary permissions for checking the logs associated to automation executions.
SAP Build ProcessAutomationDeveloper Deploy
This role includes all the necessary permissions for deploying automations.
SAP Build ProcessAutomationDeveloper Execute
This role includes all the necessary permissions for executing automations.
SAP Build ProcessAutomationDeveloper Administrate
This role is granted all folder-level permissions, and should only be assigned to users in charge with the management of all folder entities.
- ProcessAutomationAdmin
- ProcessAutomationDeveloper
SAP Build ProcessAutomationParticipant
This role is automatically granted at tenant creation time, and is applied to all SAP users participating in an automation.
It is automatically assigned to the ProcessAutomationParticipant group.
- Administrator role
- Tenant permissions
- Folder permissions
- Robot role
- Tenant pemissions
- Folder permissions
- Personal Workspace Administrator role
- Standard roles
- Orchestrator Administrator
- Allow to be Folder Administrator
- Folder Administrator
- Allow to be Automation User
- Automation User
- Allow to be Automation Publisher
- Automation Publisher
- Allow to be Automation Developer
- Automation Developer
- Solutions Administrator
- Solutions Contributor
- SAP-specific roles
