Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

Configuring fine-grained access for external apps

Overview


App scopes defined in Automation Cloud are organization-wide, meaning they give access to the corresponding scope resources across all tenants and folders in the organizaton.

As an administrator, you can configure fine-grained tenant or folder permissions for confidential apps, by assigning them to folders or tenants in Orchestrator. An external app gets the permissions required to perform particular operations in a folder or tenant through one or more roles.

An app gets the union of all scopes defined for it in Automation Cloud and Orchestrator.

For example, Finance and HR are the two tenants in your organization. Your external app has the OR.Machines.Read scope in defined Automation Cloud, and View permissions on Folders in the Finance tenant, and nothing defined for the HR tenant in Orchestrator. Here's an overview of your app's scope and what it can access:

TenantScope
HROR.Machines.Read
FinanceOR.Machines.Read OR.Folders.Read

Deleting either of these scopes leaves the app with access levels according to the remaining scope.

You can use groups to simplify external app management, as groups allow you to manage objects with similar needs together.

Adding external apps to a tenant


To grant access to a tenant for an external app or a group of external apps, follow these steps:

  1. Go to Tenant > Manage Access. The Manage Access page is displayed.
  2. Click Assign roles > External app. The Assign roles to an external app window is displayed.
12021202
  1. In the Search for an external app drop-down, search for the object you want to add.
  2. Under Roles, select the role(s) for this object.
  3. Click Assign. The selected object is now in the folder, and can access it according to its role.

Assigning external apps to a folder


To grant access to a folder for an external app or a group of external apps, follow these steps:

  1. Go to Tenant > Folders. The Folders page is displayed.
  2. From the Folders page, in the Manage Folders pane, click the folder you want to manage. The folder and its contents are displayed on the right-hand dashboard.
  3. Click Assign Accounts/Group. The Assign Account/Group window is displayed.
11811181
  1. In the Account, group, or external app drop-down, search for the object you want to add.
  2. Under The Roles for the account/group selected above, select the role(s) for this object.
  3. Click Assign. The selected object is now in the folder and can access it according to its role.

Removing assignments


Removing external apps from a tenant

To remove tenant access for an external app or a group of external apps, follow these steps:

  1. Go to Tenant > Manage Access. The Manage Access page is displayed.
  2. Click More Actions > Remove for the object you want to remove from the tenant and any other folders where it's been explicitly assigned. A confirmation window is displayed.
11831183
  1. Click Yes to confirm. The removed app is removed from the tenant.

Unassigning external apps from a folder

To remove folder access for an external app or a group of external apps, follow these steps:

  1. Go to Tenant > Folders. The Folders page is displayed.
  2. From the Folders page, in the Manage Folders pane, click the folder you want to manage. The folder and its external apps are displayed on the right-hand dashboard.
12111211
  1. Click More Actions > Unassign for the object you want to remove from the folder. A confirmation window is displayed.
  2. Click Yes to confirm. The object is unassigned from the folder.

Checking external apps assignments


To see all the assignments of an external app or external app group in a tenant, follow these steps:

  1. Go to Tenant > Manage Access in the tenant where you want to check the app assignments. The Manage Access page is displayed.
  2. Click More Actions > Check roles and permissions for the object you want to check assignments for. The Check Roles window is displayed showing a list of all the folders and roles for the object, and whether the object has been granted any access to the tenant.
646646

Updated 23 days ago


Configuring fine-grained access for external apps


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.