- Getting started
- Best practices
- Organization Modeling in Orchestrator
- Managing Large Deployments
- Automation Best Practices
- Optimizing Unattended Infrastructure Using Machine Templates
- Organizing Resources With Tags
- Orchestrator Read-only Replica
- Exporting grids in the background
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read Only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Resource Catalog Service
- Folders Context
- Bulk Uploading Queue Items Using a CSV File
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Review Requests
- Storage Buckets
- Test Suite - Orchestrator
- Test Automation
- Testing Data Retention Policy
- Host administration
- Host Administration Portals
- Configuring System Email Notifications
- Managing System Administrators
- Configuring Host Security
- Host Audit Logs
- Customizing the Login Page
- Maintenance Mode
- Identity Server
- Organization administration
- Managing tags
- Audit Logs
- Overriding System Email Settings
- Other Configurations
1. What happens access-wise to a user that belongs to multiple groups?
The user receives the union of access rights associated to each group he belongs to.
Example: John Smith belongs to the HR and Finance groups which have been added to Orchestrator. HR group has the Management role and access to the HR folder, Finance has the Executor role, and access to the Finance folder. Being part of both groups, John has the Management and Executor roles and access to both the HR and Finance folders.
2. What happens access-wise when a user is also added separately alongside a group it belongs to?
The user receives the union of access rights associated to the group he belongs to and the ones explicitly set. Keep in mind that inherited access rights are dependent on group settings, and that explicitly set access rights are independent of group settings.
Example: John Smith has been individually added from AD and explicitly given the Executor role, and access to the Finance folder. The HR group (of which John is a member) has been also added to Orchestrator, and given the Management role and access to the HR folder. John has the Executor and Management roles, and access to both the HR and Finance folders. If he is removed from the HR group at AD level, he loses the Management role and access to the HR folder, but keeps the ones set explicitly.
3. My user belongs to two groups, the first one allows automatic Robot creation, the second doesn't. Does a Robot get created for my user or not?
Since a user receives the union of rights associated to all the groups he belongs to, a Robot gets created for your user based on the configuration made for the first group.
4. I deleted/deactivated a directory group. Will the associated directory users still be able to log in?
No, if you did not set access-rights explicitly for them. Yes, if you granted them access-rights individually in Orchestrator. Inherited access-rights are are only kept for the duration of the active user session. Only explicitly set access rights persist between sessions. Deleting or deactivating a directory group deletes inherited rights, but does nothing to those which have been explicitly set.
5. When do changes made to an AD group take effect in Orchestrator?