订阅

UiPath Orchestrator

UiPath Orchestrator 指南

2022.4

发行日期:2022 年 5 月 23 日

Automation Suite 2022.4.0 现在可用。

 

Release date: 9 May 2022

What’s new


使用标签组织资源

我们知道,对资源进行分类十分繁琐,并且我们认识到让公司中的每个人都能轻松了解这些资源之间的依赖关系,并知道如何一起使用它们的重要性。例如,更改资产或删除队列可能会影响正在运行的流程,并且可能在您不知情的情况下,导致它们崩溃。

随着机器人团队的增长,要消耗和管理的资源数量也会增加。这可能会使您的企业遇到一些重大挑战,其中包括:

  • 弄清楚各种对象如何相互配合时遇到的困难;
  • 增加了手动工作量:您需要提出繁琐的解决方法来对对象之间的依赖项进行分类和跟踪,例如 Excel 电子表格;
  • 无法了解您的操作将如何影响其他资源,例如正在运行的流程;
  • 无法了解升级自动化所针对的应用程序可能带来的停机时间,因为没有简单的方法来查看哪些流程正在使用该应用程序。
12681268

标签可以在许多方面为您提供帮助:

  • 提高开发者生产力:帮助开发者识别与他们相关的资源。他们能够专注于增加价值,而不是花费无限的精力来寻找可能会影响的流程。
  • 提高管理员的工作效率:通过在整个组织中使用一致的标签结构,您可以开始创建统一的分类法,这将帮助每个人更快地找到资源。

Tagging is currently available for several Orchestrator resources and Action Center actions. See the list of taggable objects.

📘

注意

此功能适用于 Studio 2022.4+。

已知问题

  • 设置资产设置凭据活动版本 2021.4 或更低版本从资产中删除标签。

Installation & upgrade considerations

此功能可通过以下两种内部部署交付方法作为资源目录的一部分使用:Automation Suite 和独立交付。

对于 Automation Suite,无需担心此新服务的安装和配置,因为这一切都在后台进行。

As for standalone Orchestrator, if you opt for an Azure App Service installation, there are a couple of additional steps you need to take to make sure you benefit from the goodies brought about by Resource Catalog. We have introduced two new scripts to help you with that: Publish-ResourceCatalog.ps1 and MigrateTo-ResourceCatalog.ps1. For more details, see Azure App Service Installation.

 

全局租户搜索

我们添加了全局搜索功能,可用于搜索租户中的资源。它在该租户中同时查找文件夹范围内的资源和租户范围内的资源。目前,搜索适用于队列、资产、存储桶、计算机对象、流程、触发器和操作目录。

要访问它,请选择任何页面右上角的“搜索”图标。

14691469

已知问题

  • 从全局“搜索”页面编辑对象错误地需要文件夹的“查看”权限或子文件夹的“查看”权限。

 

OAuth 2.0-based framework for robot authentication

In this release, we ship a new robot authentication mechanism that uses the OAuth 2.0 framework as the basis for its authentication protocol, meaning unattended robots can connect to Orchestrator using a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection and provides the robot with access to Orchestrator resources.

客户端凭据允许 UiPath 机器人使用其自己的凭据(而不是模拟用户)访问资源。当机器人从 Orchestrator 请求资源时,由于没有用户参与身份验证,Orchestrator 会强制机器人本身具有执行操作的权限。

More on robot authentication.
Instructions for administrators on how to manage client credentials (create new credentials, revoke access).
Instructions for RPA developers and attended users on how to connect their robots to Orchestrator.

 

PW 模板的计算机密钥不再可见

个人工作区计算机模板的计算机密钥不再可见,无论是通过 API 还是在 Orchestrator 用户界面中。对您而言,这意味着您必须登录才能将机器人连接到 Orchestrator。

 

删除断开连接且无响应的无人值守会话

从现在开始,您可以通过删除断开连接或无响应的无人值守会话来保持 Orchestrator 的整洁。此操作允许清理未使用的会话,并通过仅显示已连接的会话来帮助向管理员提供相关见解。

要逐个删除无人值守会话,请导航到“租户”>“机器人”>“无人值守会话”,对于想要删除的已断开连接的会话,请单击“更多操作”>“删除”。要同时删除多个会话,请选择会话,然后单击“删除”图标。

To delete all unattended sessions older than 60 days from your Sessions table, you can use the database maintenance scripts provided in the official documentation.

More about how to delete disconnected or unresponsive unattended sessions.

 

提供新的凭据存储

You can now choose from a wider selection of plugins to store your Orchestrator credentials. Three new credential stores are now integrated with Orchestrator: HashiCorp Vault, BeyondTrust, and Azure Key Vault (read-only).

 

S3 Compatible Storage

Plug and play your S3 compatible storage with Orchestrator and take advantage of all its unique benefits: scale, cost, and reliability.

10201020

Learn how to enable S3 compatible providers for creating storage buckets in Orchestrator.
Learn how to create and configure storage buckets.

 

Custom AIMWebserviceName

从现在开始,您可以为中央凭据提供程序网页服务指定一个自定义名称。这可以借助新的“网页服务名称”字段实现,该字段可在配置 CyberArk CCP 凭据存储时使用。将此字段留空意味着使用默认名称:AIMWebService

 

适用于 SQL Server 的 Azure AD

We once again come bearing gifts for those of you who have installed Orchestrator on an Azure VM or Azure App Service: we now offer support for Azure AD. You can use this authentication method to connect Orchestrator to SQL Server. For details, see our documentation.

组织级别的 SAML 集成

该集成允许您将 Automation Suite 连接到支持 SAML 2.0 标准的任何第三方身份提供程序 (IdP),例如 Okta 或 PingOne 等。
该集成已在主机级别可用,但现在您也可以在组织级别启用它。

About the SAML authentication model | Configuring the SAML integration (for organizations)

:warning: Erratum 22 June 2022: A new parameter, -NoAzureAuthentication, has been added to the Orchestrator script, the Identity Server scripts, the Webhooks scripts, and the Resource Catalog scripts. It allows you to publish to the Azure App Service under your own identity, without having to create a service principal.

 

改进


监控

Monitoring folder resources from a centralized location

从现在开始,您可以从租户级别的集中位置监控所有文件夹中资源的运行状况和状态。新的“监控”页面允许您通过根据特定维度(例如计算机)分组的仪表板集合将系统中的数据可视化。

您应该会非常熟悉新功能;其外观和行为基于其文件夹范围内的对应项。这并非巧合,因为租户监控仪表板会显示您有权访问的所有文件夹和个人工作区的汇总数据。

要将所有监控功能集中到一个地方,我们还需要对 Orchestrator 用户界面进行一些重组,因此,以下是已重新定位到新租户监控页面的内容列表:

  • “无人值守会话”和“用户会话”页面(最初位于“租户”>“机器人”上);
  • “机器人使用情况”微件(最初位于“租户”>“许可证”上)。

New filtering options when monitoring processes

现在,在监控流程时,您可以按更长的时间间隔筛选数据:1 个月(过去 30 天)或 1 周(过去 7 天)。以前,您只能按过去一小时或过去一天进行筛选。

Persisting filters

以前,Orchestrator 不会在“监控”仪表板上保留选定的筛选器。事实证明,这可能会造成浪费,因为每次切换选项卡时都必须重做配置。现在,您可以离开仪表板,找到返回时应用的相同筛选器配置。

 

自动化

  • Prevent pending jobs from piling up in Orchestrator and set a strategy to automatically stop or kill their job execution.
    The option to schedule when a job execution ends is now available on the Start job and Queue trigger pages, in addition to the Time trigger page.
    Learn more about the Schedule ending of job execution option in our documentation about managing jobs and queue triggers.

  • You can now filter queue transactions by the robot (that is, user or robot account) that processed them. The dropdown menu of the Robot filter displays the robots present in the corresponding modern folder. To see the available robots, you need View permissions on Users.

触发器的主机名映射

最近在触发器中引入了帐户-计算机-主机名映射,允许您从模板中选择特定计算机以计划作业执行。为什么需要选择主机名?因为该特定主机名(即工作站)具有作业顺利执行所需的资源 - 许可证、软件、用户配置、权限。您可以为触发器选择一个主机名作为触发器执行目标的一部分,并在有效的帐户-计算机映射中动态分配或手动映射,就像为作业选择主机名一样。
但是,为触发器选择主机名时有一些变化:

  • 您可以选择模板的任何可用主机名,而在作业中,您只能选择已连接的计算机。
  • 您可以复制现有触发器并向其添加主机名,这会使排队等待执行的作业数量增加一倍。

 

完成流程创建流程

到目前为止,要执行新创建的流程,您需要转到“作业”或“流程”页面;要为同一流程计划触发器,请转到“触发器”页面。
无需前往“自动化”页面,因为现在您可以选择在单个流程中完成流程创建:创建流程后,您可以一键启动作业或创建触发器。

 

加密方式

为了持续保护您的数据安全,从此版本开始,我们默认对所有类型的新创建资产进行加密。此外,您现在可以选择加密链接到新创建的操作目录的新创建的队列和操作。但是,加密不可追溯。

相应的数据库表格中的以下列已加密:

Database table

Encrypted columns

Encryption method

QueueItems

Specific Data
Output

Optional via UI
Creating a queue

AssetValues

Value

By default

Tasks
(i.e., actions)

Data
(i.e., action catalogs)

Optional via UI
Adding a new Action Catalog

 

角色和权限

我们在 Orchestrator 中提供了几个默认角色,以便轻松分配主要用例的访问权限,并为任何刚开始使用该环境的新客户提供功能基础。熟悉生态系统并了解特定的自动化用例后,您可以编辑这些角色,或创建新角色以满足您的需求。

但基础知识永远适用。因此,我们希望确保您能够按照预期使用这些角色 - 这是一项标准。
因此,我们对角色和权限进行了一些改进,尤其是与新式文件夹的默认角色相关的改进。

默认角色可用...默认情况下

您不再需要从 Orchestrator 设置中将默认角色添加到租户。现在,默认情况下,所有新租户或迄今为止未手动添加的租户均可使用这些字段。
已删除用于从租户级别的“设置”页面(“常规”选项卡)添加这些角色的选项。

默认角色现在是只读的

您无法再编辑默认角色。您可以查看其包含的权限,但无法再更改权限。
如果您需要自定义版本,则必须创建具有所需权限的新角色。

角色名称更改

较长的角色名称

我们已将角色名称允许的最大字符数从 32 个字符增加到 64 个字符。

将默认角色的自定义版本重命名为“自定义”

If you have customized any of the default roles by changing their permissions, do not worry, they're safe. We have renamed all your customized roles as Role name - Custom, so that you know which are the default ones and which are your customized ones.
例如,如果您自定义了 Automation User 默认角色的权限,则现在您具有以下角色:

Role

Origin

Can edit?

Can assign?

Permissions

Automation User

System

N

Y

Standard

Automation User - Custom

User defined

Y

Y

Custom

 

Tenant Administrator 现在更名为 Orchestrator Administrator

To better describe the scope of rights included with this default role, we have renamed the Tenant Administrator role to Orchestrator Administrator. Orchestrator Administrator default role

此角色还受自定义默认角色重命名的影响:

  • Orchestrator Administrator:以前称为 Tenant Administrator 的只读默认角色。
  • Orchestrator Administrator - 自定义:Tenant Administrator 的自定义版本(如果您以任何方式更改了默认角色的基本权限)。

如果您有一个名为 Orchestrator Administrator 的自定义角色,则该角色也将重命名为 Orchestrator Administrator - 自定义。

对您当前设置的影响

  • 现有的角色分配不受影响。尽管您的自定义角色现在具有新名称,但与受影响的角色关联的任何帐户或组现在都分配有重命名的版本。因此,此更改后您无需执行任何操作。一切照旧。

  • API requests that use role names need to be updated. Details...

复制和自定义角色

我们为角色添加了一个新选项,允许您复制和自定义其中一个现有角色。此选项可用于默认角色和自定义角色,但不适用于混合角色。
随着默认角色变为只读,如果您喜欢默认角色,但想要进行一些调整,这将是自定义角色的新方法。

要使用此选项,请转到“租户”>“管理访问权限”>“角色”,单击行右侧的“更多选项”,然后选择“复制和自定义”。

角色导出和导入

现在,您可以将任何现有角色导出为 CSV 格式,并以该格式将其导入回 Orchestrator。这使您可以跨组织和跨租户重用精心设计的角色集。
导出角色 | 导入角色

无效的权限现已取消选中并显示为灰色

编辑角色时,您无法再选择或取消选择未授予任何能力的权限,例如日志 - 编辑。这些无效的权限现在默认取消选择,并在界面中显示为灰色。
Permissions without effect.

API:用于分配角色的新端点

Orchestrator API 现在提供了一个新的端点,用于分配角色或覆盖现有帐户的分配角色:
POST /odata/Users({key})/UiPath.Server.Configuration.OData.AssignRoles

与我们现有的用户端点相比,此端点得到了改进,因为它根据角色 ID 而非角色名称分配角色,从而使其更可靠。

You can find the new endpoint in the Swagger of the Orchestrator API, available at <OrchestratorURL>/swagger
API Guide: Assigning roles

操作和操作目录权限

操作操作目录的所有权限都配置为个人工作区管理员角色的默认权限。现在,您可以从个人工作区文件夹中执行长时间运行的工作流(即编排流程)。

 

API

  • 出于审核目的,我们已向多个资源 DTO 添加了必要的属性,从而添加到以下端点的响应正文中:

    • /odata/Users
       "LastModificationTime": "2021-10-12T07:29:25.914Z",  
       "LastModifierUserId": 0,  
       "CreatorUserId": 0  
    
    • odata/Robots
       "LastModificationTime": "2021-10-12T07:32:24.940Z",  
       "LastModifierUserId": 0,  
       "CreationTime": "2021-10-12T07:32:24.940Z",  
       "CreatorUserId": 0  
    
    • odata/Releases
      "LastModificationTime": "2021-10-12T07:29:25.914Z",  
       "LastModifierUserId": 0,  
       "CreatorUserId": 0  
    
    • odata/Assets
       "LastModificationTime": "2021-10-12T07:57:15.145Z",  
       "LastModifierUserId": 0,  
       "CreationTime": "2021-10-12T07:57:15.145Z",  
       "CreatorUserId": 0  
    
    • odata/Libraries
       "Created": "2021-10-12T07:59:04.182Z",  
        "LastUpdated": "2021-10-12T07:59:04.182Z", 
        "Owners": "string",  
        "IconUrl": "string",  
        "Summary": "string",  
        "PackageSize": 0,  
        "IsPrerelease": true,
        "LicenseUrl": "string", 
        "ProjectUrl": "string"
    
  • Prevent queue items data tracing by deleting the value of the SpecificContent key via API. Use the PUT /odata/QueueItem({Id}) endpoint with the type of payload described in our documentation.

端点弃用

  • 随着假期的临近,我们的 API 集合变得越来越杂乱。我们有几个已弃用的端点,但不用担心,因为我们提供了替代方案。请检查 Swagger 说明以查看替换内容,并确保也替换了客户端中已弃用的端点,以防止出现故障。以下是已弃用的 API 及其替代方案的列表:

日志

Deprecated

Replaced with

POST /api/Logs

POST /api/Logs.SubmitLogs

Assets

Deprecated

Replaced with

GET /odata/Assets/UiPath.Server.Configuration.OData.GetRobotAsset(robotId='{robotId}',assetName='{assetName}')

/odata/Assets/GetRobotAssetByNameForRobotKey

OrganizationUnits

Deprecated

Replaced with

GET /odata/OrganizationUnits

GET /odata/Folders

POST /odata/OrganizationUnits

POST /odata/Folders

GET /odata/OrganizationUnits({key})

GET /odata/Folders({key})

PUT `/odata/OrganizationUnits({key})

PUT /odata/Folders({key})

DELETE /odata/OrganizationUnits({key})

Replace with: DELETE /odata/Folders({key})

POST /odata/OrganizationUnits({key})/UiPath.Server.Configuration.OData.SetUsers

POST /odata/Folders.AssignUsers

GET /odata/OrganizationUnits/UiPath.Server.Configuration.OData.GetUsersForUnit(key={key})

ET /odata/Folders.GetUsersForFolder

设置

Deprecated

Replaced with

GET /odata/Settings/UiPath.Server.Configuration.OData.GetCalendar

GET /odata/Calendars

POST /odata/Settings/UiPath.Server.Configuration.OData.SetCalendar

POST /odata/Calendars

Studio Web

Deprecated

Replaced with

GET /api/StudioWeb/TryEnableFirstRun

POST /api/StudioWeb/TryEnableFirstRun

 

Setup

  • 改进 Identity Server - Orchestrator 集成已替换和删除 UiPath.Orchestrator.dll.config 中的几个参数。

    • we replaced WindowsAuth.GroupMembershipCacheExpireHours with IdentityServer.GroupMembershipCacheExpireHours. Upon upgrading to 2022.4+, WindowsAuth.GroupMembershipCacheExpireHours is removed. To specify the Identity Server group membership cache, use IdentityServer.GroupMembershipCacheExpireHours
    • we removed the following parameters: ExternalAuth.AzureAD.Enabled, ExternalAuth.AzureAD.ApplicationId, ExternalAuth.AzureAD.RedirectUri, ExternalAuth.Saml2.Enabled, ExternalAuth.UserMappingStrategy, ExternalAuth.UserIdentifierClaim , ExternalAuth.Google.Enabled, ExternalAuth.Google.ClientId, ExternalAuth.Google.ClientSecret, WindowsAuth.Enabled, and WindowsAuth.Domain. You can now configure external identity providers for the host only after installation, from the host Management portal.
    • we also removed the WINDOWS_AUTHENTICATION and DOMAIN command line parameters. You can now enable Active Directory only after installation, from the host Management portal.
  • The Platform Configuration Tool no longer verifies the certificate host name when upgrading from a version prior to 2020.4. This change is due to the check not being applicable in this upgrade scenario.

  • The UiPathOrchestrator.msi installer now works with ASP.NET Hosting Bundle 6.0.x. ASP.NET Hosting Bundle 5.0.x is no longer supported.

  • We no longer validate the SAN certificate against the machine hostname, as we now use the public load balancer DNS for this purpose. As a result, when running the UiPathOrchestrator.msi installer, you no longer have to specify the Host name in the Orchestrator IIS Settings screen. In addition to that, we have deprecated the WEBSITE_HOST command line parameter.

  • You can now disable public access to newly created Amazon S3 storage buckets by tweaking the UiPath.Orchestrator.dll.config file. To do that, set the BlockPublicAccess property to true in the Amazon S3 storage connection string. Note that this has no impact on existing buckets.
    In addition to that, if you opt for Amazon S3 as the storage provider for Orchestrator, you can now use the machine’s IAM role for authentication, instead of AccessKey and SecretKey
    For more details, see the Storage.Location parameter.

  • When upgrading Orchestrator, you are now prompted with a warning if an Insights version older than 2021.10 is enabled. This message is meant to remind you that Insights hardware requirements changed significantly starting with version 2021.10. Before an Orchestrator upgrade, you must ensure you meet the new Insights requirements.

  • For consolidation purposes, we have deprecated the following UiPath.Orchestrator.dll.config parameters:

    • ExternalAuth.System.OpenIdConnect.Enabled
    • ExternalAuth.System.OpenIdConnect.Authority
    • IdentityServer.S2SIntegration.Enabled
    • IdentityServer.OAuth.Enabled
  • In addition to that, following a cleanup operation we did for the UiPath.Orchestrator.dll.config file, the following parameters have been removed as well:

    • ActiveDirectory.SearchInputMinimumLength
    • ActiveDirectory.SearchResultsSizeLimit
    • ActiveDirectory.SearchResultsTimeLimitSeconds
    • ActiveDirectory.UseNativeDomainResolver
    • WindowsAuth.Enabled
    • WindowsAuth.Domain
    • WindowsAuth.AutoLogin.Enabled
    • WindowsAuth.ApiAutoLogin.Enabled
    • WindowsAuth.GroupMembershipFetchStrategy
    • WindowsAuth.ConvertUsersAtLogin
  • We no longer require setting the Database.EnableAutomaticMigrations parameter to true for cron jobs changes to take effect.
    Instead, to apply changes related to the schedules of internal jobs, you must follow the instructions in Updating schedules of internal jobs.

  • To prevent unexpected behavior when updating certificates using the Platform Configuration Tool, we have introduced the -KeepOldCertificate parameter.

  • When configuring SMTP for system email notifications, the SMTP Host field failed validation if using a hostname instead of an FQDN.

  • We have deprecated the UseRedis flag in the Identity Server's AppSettings.json configuration file. To turn on Redis for load-balanced scenarios, fill in the RedisConnectionString setting under the LoadBalancerSettings section .
    If you have enabled Redis for a load-balanced scenario, you have the option of using Redis for caching to reduce stress on the SQL database. A new section called RedisSettings controls which caches are enabled. We have moved the UseRedisStoreCache under this section. In addition to that, the section contains a new parameter, UseRedisStoreClientCache. For details, see Redis Settings.
    Azure App Service installations are seeing some similar changes as well. The AppSettings__LoadBalancerSettings__UseRedis setting is no longer used with the Publish-IdentityServer.ps1 script, and AppSettings__UseRedisStoreCache has been renamed to AppSettings__RedisSettings__UseRedisStoreCache. On the other hand, we have introduced a new parameter to enable client caching in Redis, namely AppSettings__RedisSettings__UseRedisStoreClientCache. For details, see Identity Server Scripts.

 

自动更新

The auto update functionality now supports Robot and Assistant on macOS platforms. Also, you can now schedule the update to start at a specific time and date so that you can match other maintenance windows in your company.

 

其他改进

  • 在文件夹上下文的“自动化”>“日志”页面上,您现在可以按与当前文件夹关联的计算机筛选日志。以前,“计算机”筛选器会显示租户中所有可用的计算机。
  • 从“新建”菜单创建新对象后,您将被重定向回之前所在的页面。以前,您会被重定向到该对象的列表页面。
  • 现在可以从“组件”下拉列表中的“审核”页面上选择无人值守会话。

 

Deprecation timeline


🚧

重要

已弃用的特性或功能完全受支持,并且可以继续使用,直到我们将其有效移除为止。

  • Standard machines will be deprecated starting with 2022.10. We recommend using machine templates.
  • Classic folders will be deprecated starting with 2022.10. We recommend migrating to modern folders.
  • API:从 2022 年 10 月开始,将在 Orchestrator API 中弃用“角色名称”属性。我们建议您更新请求,使其依赖于角色 ID 而不是角色名称。
  • API: Several API endpoints have been deprecated in this release. We recommend using the replacement endpoints listed here.

More about upcoming deprecations and removals.

 

Breaking Changes


API:令牌端点

The /connect/token endpoint no longer accepts the multipart/form-data content type.
After upgrading to version 2022.4, you must update any affected API requests to this endpoint to use the application/x-www-form-urlencoded content type instead.

API:包含角色名称的请求

通过对角色的改进(包括重命名某些角色),引用已重命名的角色名称的任何 API 调用都需要更新,以使用新名称。

这将影响:

  • API calls related to a customized version of a default role, which is now renamed as Role name - Custom
    These calls continue to work without making any changes, but the result is not as expected. Namely, the call now assigns the default role instead of the customized version of the role.
  • 与旧的 Tenant Administrator 角色(现在称为 Orchestrator Administrator)相关的 API 调用。
    由于无法找到具有指定名称的角色,这些调用失败并显示错误。

Affected endpoints
以下请求可以根据角色名称分配角色:

  • POST /odata/Users
  • PUT /odata/Users({key})
  • PATCH /odata/Users({key})
  • POST /odata/Users({key})/UiPath.Server.Configuration.OData.ToggleRole

修复

To address this issue, you can use the new endpoint to assign roles based on the role ID instead of the role name.

您可以通过两种方式更新受此更改影响的集成,使其按预期运行:

A. Add a second API call (recommended)
您可以保留现有的 API 请求,但在每个分配角色的调用后,都会调用新端点,以使用更正的角色覆盖已分配的角色。

For example, if you have a POST request to /odata/Users to create a tenant administrator account - that is, as part of the account creation, the request attempts to assign the Tenant Administrator role, which has been renamed to Orchestrator Administrator - then you should follow it with a new POST request to /odata/Users({key})/UiPath.Server.Configuration.OData.AssignRoles which passes the role ID for the Orchestrator Administrator role so that it is correctly assigned.

对于此修复方法:您需要识别集成中受影响的请求,然后针对每个已识别的请求

  1. 记下受影响的请求要分配的用户 ID 和角色名称。
  2. Make a GET request to /odata/Roles to retrieve the current list of roles.
  3. 记下您之前记下的角色名称的 ID。
  4. (可选,但建议)在集成中,更新受影响的请求以删除角色名称属性。
    进行此更改后,请求将不再分配角色,下一步中的请求将处理角色分配。
    您可以选择不从此请求中删除角色属性,因为下一步中的请求将覆盖任何已分配的角色。
  5. Immediately after the impacted request, add a POST request to /odata/Users({key})/UiPath.Server.Configuration.OData.AssignRoles, including the role IDs in the body of the request.
    The {key} value should be the user ID from the impacted request.

这可确保您已识别的受影响请求分配的任何角色立即被正确的角色覆盖。

B. Update role names
一种更简单但效率较低的修复方法是使用新角色名称更新受影响的请求。
While this method is easier, we recommend that you consider using the previous method instead because it hardens your integration against any subsequent changes to role names.

对于此修复方法,您需要识别集成中受影响的请求,然后针对每个已识别的请求

  1. Make a GET request to /odata/Roles to retrieve the current list of roles.
  2. 记下受影响的请求分配的角色名称的当前名称。
  3. 在集成中,使用更新后的角色名称更新受影响的请求中的角色名称属性值。

 

已知问题


  • 无法在“资产”页面中按“名称”对资产进行排序。
  • 从 2020.4 升级到 2020.10 及更高版本后,您无法使用“流程查看”权限在 Orchestrator 更新机器人角色。您必须手动添加权限。
  • 推迟成功的队列事务将删除事务输出数据。要修复此行为,请创建一个新的队列项目来存储当前事务的输出。毕竟,事务已成功完成,您为何要推迟它?
  • The response body of the GET /odata/Releases endpoint may wrongly return IsLatestVersion as False. To make sure the returned value of the IsLatestVersion key is correct, use $expand$select query parameters, as follows:
    • /odata/Releases/$expand=CurrentVersion
    • /odata/Releases/$select=IsLatestVersion
  • 作为主机,尝试通过 Swagger 用户界面结束维护窗口可能会失败。发生这种情况是因为 Swagger 用户界面使用 Cookie 进行身份验证,当您关闭浏览器时,Cookie 会丢失。
    要通过 API 结束维护模式,请使用以下的其中一种解决方法:
    • Do not close the browser, and make the POST request to /api/Maintenance/End from the Swagger UI.
    • 使用 API 测试应用程序(例如 Postman)来执行以下操作:
      retrieve an access token by exchanging your credentials to the /api.Account/Authenticate endpoint, and then
      make a POST request to the /api/Maintenance/End endpoint using the Authorization: Bearer {access_token} header.
  • The names of our user licenses have changed over time. However, the robotType parameter of the GET /odata/LicensesNamedUser endpoint still references the old names, together with the new ones. That's why you see "Development" as an option, which was renamed to RPA Developer, and you see the "RpaDeveloper" option too.
    To better identify our robot licenses, check the naming progress below:

Year or Orchestrator version

2018

2019

2020

2021.4

2021.10

Attended

Attended

Attended

Attended

Attended

Development

Studio

Studio

RPA Developer

Automation Developer

  • StudioX

StudioX

Citizen Developer

Citizen Developer

  • StudioPro

RPA Developer Pro

Automation Developer

Unattended

Unattended

Unattended

Unattended

Unattended

NonProduction

NonProduction

NonProduction

NonProduction

NonProduction

+Testing

Testing

Testing

 

Bug fixes


  • An issue was fixed that would allow an attacker with privileged access to a robot to retrieve the LicenseKey (MachineKey) of other robots within the same tenant by brute forcing API calls to Orchestrator. This would theoretically allow the attacker to access resources restricted only to that robot. Read the security advisory for UiPath - Robot Account Takeover.
  • 如果在导航到租户级别之前,选择的最后一个文件夹是传统文件夹,则无法将机器人帐户分配给文件夹。主要症状是,在查找要分配的机器人帐户时,即使机器人帐户存在,也不会显示该机器人帐户。
  • 我们添加了机器人的“查看”权限,作为在新式文件夹中启动或创建作业的要求。因此,在您分配所需的权限(这些权限显示在按钮工具提示中)之前,“启动”作业按钮处于非活动状态。以前,当您在新式文件夹中启动或创建作业时,系统会显示“您无权!(#0)”错误消息。
  • Upon changing the mechanism behind GenerateReportsJob (the background job computing stats on the Queues page) from incremental to partition swapping, you ran into following error: "The 'LastQueueItemEventProcessed' property on 'UiQueueProcessingRecordBase' could not be set to a 'null' value". The issue no longer occurs.
  • 将执行目标从“动态分配”更改为“所有机器人”后,“编辑触发器”窗口上的“更新”按钮没有启用。这种情况仅发生在传统文件夹中。现在,在传统文件夹中更改触发器的执行目标后,您可以通过单击“更新”来保存更改。
  • 审核详细信息中未显示手动上传的包的名称。此问题会影响单独和批量上传的包。现在,所有上传的包的名称都已成功记录在审核详细信息中。
  • Orchestrator 引发“无效的身份验证令牌”错误(错误代码 - 1431),从而在会话不活动超时后导致浏览器无限循环。将不再出现此问题。
  • 我们在“将角色分配给机器人帐户”窗口中犯了一个拼写错误。该字段显示“搜索机器人帐户”,而不是“搜索机器人帐户”。该字段名称现在已拼写正确。
  • Orchestrator did not correctly render time formats on the Logs page when the Orchestrator language was set to Chinese, Japanese, or Korean. 0 characters got rendered as slashed zeros and prevented the glyph following the 0 from being displayed. For example, what should have been displayed as 11時20分03秒 was rendered as 11時2Ø03秒
  • When opting for Latin1-based SQL collation, the same behavior occurred if Turkish (tr-tr) culture was used on the application server. To fix this issue, switch to en-us culture and re-attempt the installation.
  • Deadlocks would occur where queue item processing took less than a second per queue item. Processes would throw multiple "An error has occurred. Error code: 0" errors before crashing. The issue has been fixed and you are now able to process queue items without running into deadlocks.
  • When the Orchestrator and Identity databases used Turkish-specific collation, upgrades from version 2020.10 to 2021.10 failed.
  • Credential asset retrieval failed for CyberArk credential store when setting Plugins.SecureStores.CyberArk.UsePowerShellCLI to true in Orchestrator's UiPath.Orchestrator.dll.config file.
  • Upon upgrading to 2021.10.1 or later, Orchestrator failed to send email alerts when the Use default credentials option was enabled. Email alerts are now successfully sent.
  • An issue was preventing users from enabling the encryption key per tenant feature on the default tenant after a clean installation.

 

活动包版本

单击以查看活动包版本

Orchestrator 附带以下活动包和版本:

Activity Pack

Version

UiPath.UIAutomation.Activities

v22.4.4

UiPath.System.Activities

v22.4.1

UiPath.Mail.Activities

v1.15.1

UiPath.Excel.Activities

v2.12.3

UiPath.Testing.Activities

v22.4.2

UiPath.MobileAutomation.Activities

v22.4.4

UiPath.Word.Activities

v1.10.1

UiPath.ComplexScenarios.Activities

v1.1.6

UiPath.PDF.Activities

v3.6.0

UiPath.Terminal.Activities

v2.4.0

UiPath.Web.Activities

v1.11.1

UiPath.Persistence.Activities

v1.3.4

UiPath.Form.Activities

v1.9.4


 


What do the labels mean?

Click to learn more...

This version of Orchestrator is available in two deployment models:

  • 独立版 Orchestrator
  • 作为 Automation Suite 一部分的 Orchestrator 服务

The product is similar enough across deployment types to share the same documentation.
But differences do exist. When certain information applies to only one of the deployments, we use the following labels:

  • - 仅适用于独立 Orchestrator,不适用于 Automation Suite Orchestrator。
  • - 仅适用于 Automation Suite Orchestrator,不适用于独立 Orchestrator。

每当没有标签时,信息都适用于这两种部署类型。

Updated 22 days ago


2022.4


建议的编辑仅限用于 API 参考页面

您只能建议对 Markdown 正文内容进行编辑,而不能建议对 API 规范进行编辑。