- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Setup Samples
- Storing Robot Credentials in CyberArk
- Setting up Attended Robots
- Setting up Unattended Robots
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Assigning Roles
- Managing Roles
- Default Roles
- FAQ
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Integrations
- Classic Robots
- Troubleshooting
Managing Roles
Orchestrator uses an access-control mechanism based on roles and permissions. Roles are collections of permissions meaning that the permissions needed to use certain Orchestrator features are included in roles.
For example, here's a custom role where you can see some of the permissions it includes:
When creating a role, you can start from scratch and create a custom role, or you have the option to import a role.
The role is now available and you can add one or multiple users who need the set of permissions that this role provides by following the instructions below.
You can base a new role on a role you already have, even if the base role is in a different organization or tenant. If you export the base role, you can import it to any tenant and, if needed, customize it.
The new role is now available on the Roles page and you can assign it to accounts or groups as needed.
These instructions are for assigning tenant roles.
If you need to assign a folder role, you can:
- go to Tenant > Folders and then select the folder where you want to assign the role
- select the folder in the left pane to switch to folder context and then go to the Settings page for that folder.
Changes to roles apply immediately when a user logs in, or automatically within one hour.
Changes to roles apply immediately when a user logs in, or within one hour if the user is already logged in.
You cannot remove any of the default roles, you can only remove custom roles.
- Go to Tenant > Manage access and select the Roles tab.
- Click More Actions at the right end of the row and select Manage Users.
- Review the users who has this role assigned and make sure you reassign them to a different or similar role if needed before deleting the role.
- Click More Actions at the right end of the row and select Remove.
If you want to recreate a particular role in a different organization or tenant, you can export the role as a CSV file and then import it in the target Orchestrator tenant.
To export a role as a CSV file:
You can now use this file to import the role into any Orchestrator tenant.
The CSV file is intended to be used strictly for importing back into Orchestrator in the form in which it was exported. Editing the file in any way can result in import errors.
If you need to make changes to the exported role, you have the option to do so during the import process.