- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- Organization administration
- Troubleshooting
Default Roles
This page displays the permissions included for each default role in Orchestrator.
You can view and edit the permissions for each role from the Roles page by clicking the 
More Actions icon on the right end of a row.
If a role cannot be edited, you have the option to duplicate and customize it as a new role instead (not available for mixed roles).
A role that has all tenant- and folder-level permissions.
This is a mixed role and includes both tenant and folder permissions.With mixed roles, for a global operation, only the user's tenant permissions are taken into consideration; for a folder-specific operation, if a custom role is defined, folder permissions are applied in favor of any tenant permissions present.
It includes the following permissions, which cannot be changed.
All permissions required to execute processes in classic folders.
This is a mixed role and includes both tenant and folder permissions.With mixed roles, for a global operation, only the user's tenant permissions are taken into consideration; for a folder-specific operation, if a custom role is defined, folder permissions are applied in favor of any tenant permissions present.
By default, the role has the following permissions, which can be changed.
This is a folder role and it includes the following permissions by default, which cannot be edited.
The following roles are pre-configured with the permissions for the tenant level or the folder level that are required to work in modern folders.
These roles cannot be changed, but you can duplicate and customize them as a new role if needed.
Below you can see the permissions granted for each standard role.
This role is granted all tenant-level permissions, and should be assigned at the tenant level to any users in charge with the management of all tenant entities.
We recommend this role over Administrator, which is not relevant in a modern folder infrastructure.
This is a tenant role and includes the following permissions by default, which cannot be changed.
A role with the minimum tenant-level permissions needed to manage their own folders and subfolders.
This is a tenant role and includes the following permissions by default, which cannot be changed.
A user with the minimum folder-level permissions needed to manage their own folders and subfolders.
This is a folder role and includes the following permissions by default, which cannot be changed.
A user with the minimum folder level permissions needed to execute processes from Assistant, as well as unattended automations.
This is a tenant role and includes the following permissions by default, which cannot be changed.
A user with the minimum folder level permissions needed to execute processes from Assistant, as well as unattended automations.
This is a folder role and includes the following permissions by default, which cannot be changed.
