UiPath Orchestrator

About Roles

The Roles page enables you to manage user permissions in Orchestrator. A user’s view of Orchestrator is dependent on the role(s) assigned to them. A role enables you to manage View, Edit, Create and Delete permissions on all Orchestrator pages and components.

To open this page, click the Roles tab in the Users page.

For a user to gain the permissions granted by a role, you have to assign them to the role. Multiple roles can be assigned to a specific user. For more information, see the Modifying the Roles of a User section.


Users without a role assigned to them cannot access any resource.

Orchestrator Permissions

If Modern folders are enabled, there are two categories of permissions when defining roles, Global and Folder. Global permissions define a user's access to resources at the tenant level, while Folder permissions define the user's access and ability within each folder they are assigned to.

If Modern folders are not enabled there is no bifurcation of the available permissions and all settings are global in effect.


For a global operation, only the user's permissions set at tenant level are taken into consideration. For a folder specific operation, if a custom role is defined those permissions are applied in favor of any tenant level permissions present.

Global Permissions
Folder Permissions
  • Alerts
  • Audit
  • Libraries
  • License
  • Machines
  • ML Logs
  • Packages
  • Roles
  • Settings
  • Folders
  • Users
  • Webhooks
  • Assets
  • Environments
  • Execution Media
  • Jobs
  • Logs
  • Monitoring
  • Processes
  • Queues
  • Robots
  • Triggers
  • Subfolders
  • Tasks Assignment
  • Task Catalogs
  • Tasks
  • Transactions

You have the possibility to disable permissions completely from the user interface and API using the Auth.DisabledPermissions parameter in web.config. More details here.

Default Roles

By default, the following roles exist in Orchestrator:



A user with all global permissions granted. This is the default role granted to the admin user of each tenant and cannot be edited.


All permission required for the execution of processes in Classic folders.

See the Default Roles page for the permissions specific to each role.

Updated about a month ago

About Roles

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.