orchestrator
2020.10
false
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Orchestrator User Guide

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 12, 2023

Roles

Overview

Orchestrator uses an access-control mechanism based on roles and permissions. Roles are collections of permissions meaning that the permissions needed to use certain Orchestrator entities are assigned to roles.

Role-permissions and user-roles relationships allow for a certain level of access to Orchestrator. A user gets the permissions required to perform particular operations through one or multiple roles. Since users are not assigned permissions directly, but only acquire them through roles, management of access rights involves assigning appropriate roles to the user. See Modifying the Roles of a User.

Note: Users without a role cannot access any resource.


There are two categories of permissions when defining roles:

  • Tenant Permissions - Define a user's access to resources at the tenant level.
  • Folder Permissions - Define the user's access and ability within each folder they are assigned to.

    Note: For a global operation, only the user's permissions set at tenant level are taken into consideration. For a folder specific operation, if a custom role is defined those permissions are applied in favor of any tenant level permissions present.

    Tenant Resources

    Folder Resources

    • Alerts
    • Audit
    • Background tasks
    • Libraries
    • License
    • Robots
    • Machines
    • ML Logs
    • Packages
    • Roles
    • Settings
    • Folders
    • Users
    • Webhooks
    • Assets
    • Storage Files
    • Storage Buckets
    • Environments
    • Execution Media
    • Folder Packages
    • Jobs
    • Logs
    • Monitoring
    • Processes
    • Queues
    • Triggers
    • Subfolders
    • Action Assignment
    • Action Catalogs
    • Actions
    • Tasks Assignment
    • Test Case Execution Artifacts
    • Test Data Queue Items
    • Test Data Queues
    • Test Set Executions
    • Test Sets
    • Test Set Schedules
    • Transactions
You have the possibility to disable permissions completely from the user interface and API using the Auth.DisabledPermissions parameter in UiPath.Orchestrator.dll.config.

Permissions Without Effect

The Orchestrator interface enables the selection of all applicable rights (View, Edit, Create, Delete) for all listed permissions, but please note that not all rights are applicable to each listed permission:

Permissions

Category

Edit

  • Audit
  • Execution Media
  • Logs

Create

  • Audit
  • License
  • Settings
  • Monitoring

Delete

  • Alerts
  • Audit
  • Settings
  • Logs
  • Monitoring

Default Roles

By default, the following roles exist in Orchestrator:

Role

Description

Administrator

A user with all tenant level permissions granted. This is the default role granted to the admin user of each tenant and cannot be edited.

Robot

All permission required for the execution of processes in Classic folders.

See the Default Roles page for the permissions specific to each role.

Default Roles for Folders

For all users, Orchestrator automatically creates the following roles:

Role

Description

Tenant Administrator

The equivalent of the Administrator role, a user with tenant level permissions granted.

Assign at the tenant level to those users, if any, that are delegated the management of all tenant entities.

Allow to be Folder Administrator

A user with the minimum tenant level permissions needed to manage their own folders and subfolders.

Assign at the tenant level in conjunction with the Folder Administrator role, below, at folder level to enable folder management for that user.

Folder Administrator

A user with the minimum folder level permissions needed to manage their own folders and subfolders.

Assign at the folder level in conjunction with the Allow to be Folder Administrator role, above, at tenant level to enable folder management for that user.

Allow to be Automation User

A user with the minimum tenant level permissions needed to execute processes.

Assign at the tenant level in conjunction with the Automation User role, below, at folder level.

Automation User

A user with the minimum folder level permissions needed to execute processes.

Assign at the folder level in conjunction with the Allow to be Automation User role, above, at tenant level.

Note that the associated permissions for these roles may change between versions as new features and integrations are added. When this occurs, the affected role(s) appear red in your Tenant Settings page. Click on the affected role(s) to display a prompt enabling you to add the missing permissions for this role.

  • Overview
  • Permissions Without Effect
  • Default Roles
  • Default Roles for Folders

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.