Orchestrator
2022.10
false
Banner background image
Orchestrator User Guide
Last updated Apr 19, 2024

Managing Access and Automation Capabilities

The level of access and the actions that your users can perform is controlled using two elements:

  • accounts, which establish the identity of a user and are used to log in to your UiPath applications
  • roles, which are assigned to accounts in order to grant them certain permissions within the UiPath ecosystem.

Accounts are created and managed by organization administrators, as described in Accounts and groups.

Accounts must already exist to be able to assign roles to them.

This page, and the following pages, describe:

  • how to manage roles
  • how to manage automation capabilities, which are configured as part of role setup.

About Roles

Orchestrator uses an access-control mechanism based on roles and permissions. Roles are collections of permissions meaning that the permissions needed to use certain Orchestrator features are included in roles.

For example, here's a custom role where you can see some of the permissions it includes:



Permission Types and Role Types

There are two categories of permissions:

  • Tenant permissions - Define a user's access to resources at the tenant level.
  • Folder permissions - Define the user's access and ability within each folder to which they are assigned.

Based on the permissions they include, there are three types of roles:

  • Tenant roles, which include tenant permissions and are required for working at the tenant level.
  • Folder roles, which include permissions for working within a folder.

  • Mixed roles, which include both types of permissions.

    With mixed roles, for a global operation, only the user's tenant permissions are taken into consideration; for a folder-specific operation, if a custom role is defined, folder permissions are applied in favor of any tenant permissions present.

    Note: Mixed roles are no longer supported and you cannot create new ones. If you have mixed roles, we recommend replacing them with a combination of tenant and folder roles to grant the required permissions.

The following resources are available to users, depending on the type of roles they have:

Tenant Resources

Folder Resources

  • Alerts
  • Audit
  • Background tasks
  • Libraries
  • License
  • Machines
  • ML Logs
  • Packages
  • Robots
  • Roles
  • Settings
  • Folders
  • Users
  • Webhooks
  • Assets
  • Storage Files
  • Storage Buckets
  • Connections
  • Environments
  • Execution Media
  • Folder Packages
  • Jobs
  • Logs
  • Monitoring
  • Processes
  • Queues
  • Triggers
  • Subfolders
  • Action Assignment
  • Action Catalogs
  • Actions
  • Test Case Execution Artifacts
  • Test Data Queue Items
  • Test Data Queues
  • Test Set Executions
  • Test Sets
  • Test Set Schedules
  • Transactions
You have the possibility to disable permissions completely from the user interface and API using the Auth.DisabledPermissions parameter in UiPath.Orchestrator.dll.config.

Assigning the Different Types of Roles

The type of role is important because you assign roles differently based on their type, and it also depends if classic folders are enabled:

  • If Activate Classic Folders is cleared under Tenant > Settings > General:

    • You assign Tenant roles and Mixed roles from either the Assign roles tab or from the Roles tab of the Tenant > Manage Access page.
    • You assign Folder roles and Mixed roles from the Folders page or from the folder's Settings page.

  • If Activate Classic Folders is selected under Tenant > Settings > General:

    • You assign any of the three types of roles from either the Assign roles tab or from the Roles tab of the Tenant > Manage Access page.
    • You assign Folder roles and Mixed roles from the Folders page or from the folder's Settings page.

Permissions Without Effect

Typically you can select all available rights (View,Edit,Create, or Delete) for any permission, but the following rights have no effect for the listed permission, and therefore you cannot edit them:

Permission type

Permission

Unavailable rights

Tenant

Alerts
  • Delete
 

Audit
  • Edit
  • Create
  • Delete

Folder

Execution Media
  • Edit
 

Logs
  • Edit
  • Delete
 

Monitoring
  • Create
  • Delete

This is because, for example, it is not possible to edit system-generated logs.

Security Considerations

Account Lockout

By default, after 10 failed login attempts, you are locked out for 5 minutes.

System administrators can customize the Account Lockout settings from the host Management portal.

Note: Logging in with the same account on a different machine disconnects the user from the first machine.

Permissions for Managing Users

To be able to perform various operations on the Users and Roles pages, you need to be granted the corresponding permissions:

  • Users - View - Displaying the Users and Profile pages.
  • Users - Edit - Editing user details and settings on the Profile page, and activating/deactivating users on the Users page.
  • Users - View and Roles - View - Displaying user permissions in the User Permissions window.
  • Users - Edit and Roles - View - Editing role assignments on the Manage Access > Assign Roles page.
  • Users - Create and Roles - View - Creating a user.
  • Users - View and Roles - Edit - Managing roles in the Manage Users window, opened from the Manage Access > Roles page.
  • Users - Delete - Removing a user from Orchestrator.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.