Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

Deployment and configuration considerations

User and Robot Permissions


There are two potential threats to guard against when configuring the user and robot permissions in Orchestrator: a malicious user or a malicious developer.

The authentication between Orchestrator and Robots is based on a shared key accessible only by the Administrator on the robot machine. If the machine user has administrative rights and can access that key, they would then be able to impersonate other robots when making calls to Orchestrator.

To mitigate the risks and potential impact from a malicious user, follow these guidelines:

  • On machines configured for attended automation, ensure that the users on that machine do not have administrative rights.
  • Limit robot permissions to the minimum required to execute the particular automation(s). See here to learn about setting permissions.
  • In modern folders, disable robot creation for those users with administrator or other high-privilege roles in Orchestrator.

A malicious developer could deploy a process that, when executed by a user with high-level permissions in Orchestrator, grants that developer unwanted access or steals data.

To mitigate the risks and potential impact from a malicious developer, follow these guidelines:

  • Maintain control and validation over any packages being deployed in Orchestrator.
  • Audit automations prior to deployment to production (i.e., code review, virus scan, etc.).
  • Limit robot permissions to the minimum required to execute the particular automation(s). See here to learn about setting permissions.
  • In modern folders, disable robot creation for those users with administrator or other high-privilege roles in Orchestrator.

Disabling the Auto-complete Feature in Your Browser


The auto-complete feature available in most web browsers is not completely safe. To ensure that nobody can discover your Orchestrator login password, we recommend that you disable the aforementioned functionality in your preferred browser.

Not Selecting the Remember Me Checkbox


When you first log in to Orchestrator, do not select the Remember Me password. This helps you log out of the current session every time.

Updated 2 months ago


Deployment and configuration considerations


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.