Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

About Roles

The Roles page enables you to manage user permissions in Orchestrator. A user’s view of Orchestrator is dependent on the role(s) assigned to them. A role enables you to manage View, Edit, Create and Delete permissions on all Orchestrator pages and components.

To open this page, click the Roles tab in the Users page.

For a user to gain the permissions granted by a role, you have to assign them to the role. Multiple roles can be assigned to a specific user. For more information, see the Modifying the Roles of a User section.

📘

Important!

Users without a role assigned to them cannot access any resource.

Orchestrator Permissions

If Modern folders are enabled, there are two categories of permissions when defining roles, Tenant and Folder. Tenant permissions define a user's access to resources at the tenant level, while Folder permissions define the user's access and ability within each folder they are assigned to.

If Modern folders are not enabled there is no bifurcation of the available permissions and all settings are applied at tenant level.

📘

Note:

For a global operation, only the user's permissions set at tenant level are taken into consideration. For a folder specific operation, if a custom role is defined those permissions are applied in favor of any tenant level permissions present.

Tenant PermissionsFolder Permissions
Alerts
Audit
Libraries
License
Machines
ML Logs
Packages
Roles
Settings
Folders
Users
Webhooks
Assets
Environments
Execution Media
Jobs
Logs
Monitoring
Processes
Queues
Robots
Triggers
Subfolders
Tasks Assignment
Task Catalogs
Tasks
Transactions

You have the possibility to disable permissions completely from the user interface and API using the Auth.DisabledPermissions parameter in web.config. More details here.

Permissions Without Effect

The Orchestrator interface enables the selection of all applicable rights (View, Edit, Create, Delete) for all listed permissions, but please note that not all rights are applicable to each listed permission:

RightUnaffected Permissions
Edit Audit
Execution Media
Logs
Create Audit
License
Settings
Monitoring
Delete Alerts
Audit
Settings
Logs
Monitoring

Default Roles

By default, the following roles exist in Orchestrator:

RoleDescription
AdministratorA user with all tenant level permissions granted. This is the default role granted to the admin user of each tenant and cannot be edited.
RobotAll permission required for the execution of processes in Classic folders.

See the Default Roles page for the permissions specific to each role.

Roles for Modern Folders

When modern folders are enabled, you have the ability to automatically create the following roles:

RoleDescription
Tenant AdministratorThe equivalent of the Administrator role, a user with tenant level permissions granted.
Assign at the tenant level to those users, if any, that are delegated the management of all tenant entities.
Enable Folder AdministrationA user with the minimum tenant level permissions needed to manage their own folders and subfolders.
Assign at the tenant level in conjunction with the Folder Administrator role, below, at folder level to enable folder management for that user.
Folder AdministratorA user with the minimum folder level permissions needed to manage their own folders and subfolders.
Assign at the folder level in conjunction with the Enable Folder Administration role, above, at tenant level to enable folder management for that user.
Enable Running AutomationsA user with the minimum tenant level permissions needed to execute processes.
Assign at the tenant level in conjunction with the Automation User role, below, at folder level.
Automation UserA user with the minimum folder level permissions needed to execute processes.
Assign at the folder level in conjunction with the Enable Running Automations role, above, at tenant level.

Updated 11 months ago



About Roles


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.