- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Audit
- Settings - Tenant Level
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- Organization administration
- Troubleshooting
Orchestrator User Guide
Assigning Roles
The Assign roles tab of the Manage access page lets you search for users and groups that already exist at the organization level and configure permissions for them in Orchestrator.
Group configuration (roles, web login, robot settings) is passed on to any user that belongs to that group and is later added or auto-provisioned.
-
Go to Tenant > Manage access.
-
Above the table, on the right, click Assign roles and select User, Robot account, or Group.
The Assign roles window opens.
-
Follow the applicable instructions, available below:
a. Assigning roles to a group
b. Assigning roles to a user
c. Assigning roles to a robot account
When you assign a folder-level role, we check if you also have the corresponding tenant-level role. If you do not, you are automatically prompted to assign that as well. You can choose to assign the required role on the spot or to postpone the action for later.
Important:
-
This works for all entities that can be assigned roles.
-
It only applies to folder roles that are explicitly assigned, not inherited.
Known issue:
This option does not work for Active Directory users or groups.
If you assign roles to a group, these are inherited by all users and robot accounts that are part of that group.
Groups are created and maintained by organization administrators from the Admin > Accounts and Groups page.
1) General Details
Permissions for Personal Workspace
- When configuring an attended robot, you also have the option to create a personal workspaces for it. to set it to off (left position) if you do not want each user to have a Personal Workspace.
- Click Assign.
The group is now visible on the Assign roles tab of the Manage access page and the members of the group benefit from the changes as soon as they log in or within the hour if they are already logged in.
We recommend that you manage user access by assigning roles to groups and then adequately assigning users to the right groups to grant them the necessary roles.
However, if you need to perform a one-time role assignment for a particular user, you can directly assign roles to the user, as follows:
1) General Details
2a) Attended Robot
2b) Unattended Robot
3) Robot Settings
- Go to Tenant > Manage access > Assign roles tab.
-
Select the user you want to remove the access for, click More Actions , and select Activate or Deactivate.
The user entity is updated on the Users page.
Removing a user or group from Orchestrator does not delete the account from your organization.
The user or group is removed from Orchestrator and all roles are revoked.
Alternatively, select one or multiple users, and click the Remove button.
- You cannot remove a user having the Administrator role.
- You cannot remove or unassign users part of mappings that are employed in triggers from the folder the trigger resides in. Make sure the user is not set as an execution target in a trigger so you can delete them.
- Removing a directory group does not remove the license of an associated directory user, even if the group removal unassigns the user from any folder. The only way to release the license is to close UiPath Assistant.
Not found (#1002)
error is displayed.
In this case, the account in fact no longer exists and no longer has access to the UiPath products.