Notas de versão do Orchestrator

We added support for Delinea Secret Server (read only) as a credential store in Orchestrator.

This new integration is the successor to the existing Thycotic Secret Server store and is suitable for organizations that have migrated to the latest Delinea platform version. Both integrations share the same underlying SDK and the same rule-based onboarding mechanism, making it easy to migrate existing Thycotic credential stores to the new Delinea store.

We highly encourage you to migrate existing Thycotic credential stores to the new Delinea integration.

For more information, check the Delinea Secret Server integration section from the Integrating credential stores page in the Orchestrator user guide.

The AddQueueItem and BulkAddQueueItem endpoints now return the underlying JSON schema validation details when an item is rejected due to a schema mismatch.

Previously, these endpoints returned a generic error, which made it harder to identify which field violated the queue's schema. The detailed response now includes the specific validation output, helping you correct invalid payloads faster.

When a user or machine is deleted from a tenant, the references to that user or machine are now automatically removed from the tenant-level Default Execution Identity configuration.

Previously, deleted users or machines remained as dangling entries in the configuration. The references were skipped at apply time, but they produced repeated warning logs and made the configuration harder to inspect. With this change, the configuration stays in sync with the actual users and machines in the tenant.

The Personal Workspace Administrator built-in folder role now includes Create, Edit, and Delete permissions for Subfolders.

Previously, this role only granted View on subfolders, which meant users could not delete subfolders inside their Personal Workspace, including the automatically generated Debug folder, unless a tenant administrator explicitly granted the Subfolders Delete permission at the tenant level.

For more information about default folder roles, check the Personal Workspace Administrator role section from the Orchestrator user guide.

Binding overwrites now properly support tenant-level resources, which are handled separately from folder-level resources.

Previously, all resources involved in a binding overwrite were treated as folder-level. As a result, a tenant-level entity could be displayed as Unknown in the Orchestrator UI even when the entity existed, and updating a tenant-level entity with another tenant-level resource returned a Folders not found (#2829) error. With tenant-level resources now handled accordingly, these scenarios work as expected.