- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read Only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Host administration
- Identity Server
- Authentication
- Organization administration
- Other Configurations
- Integrations
- Troubleshooting
Configuring access for accounts
As an administrator, you can configure fine-grained tenant or folder permissions for objects that already exist at the organization level (i.e. groups, users, robot accounts, external apps), via Orchestrator, by assigning them to tenants or folders in Orchestrator. An object gets the permissions required to perform particular operations in a tenant or folder through one or more roles.
You can use groups to simplify access control, as groups allow you to manage objects with similar needs together.
As an administrator, you can configure fine-grained tenant or folder permissions for accounts that already exist at the organization level, via Orchestrator, by assigning them to folders or tenants in Orchestrator. An account gets the permissions required to perform particular operations in a folder or tenant through one or more roles.
You can use groups to simplify account management, as groups allow you to manage accounts with similar needs together.
To give tenant access to accounts or groups, follow these steps:
- Go to Tenant > Manage Access. The Manage Access page is displayed.
- Click Assign roles > User/Robot Account/Group to add a new account in the tenant. The Assign roles window is displayed.
- In the Search for user/robot account/group drop-down, search for the object you want to add.
- Under Roles, select the role(s) for this object.
- Click Assign. The selected object can access tenant resources according to its role.
To give folder access to accounts or groups, follow these steps:
- Go to Tenant > Folders. The Folders page is displayed.
- From the Folders page, in the Manage Folders pane, click the folder you want to manage. The folder and its contents are displayed on the right-hand dashboard.
- Click Assign Accounts/Group to add a new account or group in the folder. The Assign Account/Group window is displayed.
- In the Account, group, or external app drop-down, search for the object you want to add.
- Under The Roles for the account/group selected above, select the role(s) for this object.
- Click Assign. The selected object is now in the folder and can access it according to its role.
To remove tenant access for accounts or groups, follow these steps:
- Go to Tenant > Manage Access. The Manage Access page is displayed.
- Click More Actions > Unassign for the account you want to remove from the tenant. A confirmation window is displayed.
- Click Yes to confirm. The removed account or group is removed and loses access to the tenant.## Removing folder access
