- Getting Started
- Before You Begin
- How To
- Notifications
- Using VB Expressions
- Designing your App
- Events and Rules
- Rule: If-Then-Else
- Rule: Open a Page
- Rule: Open URL
- Rule: Close Pop-Over/Bottom Sheet
- Rule: Show Message
- Rule: Show/Hide Spinner
- Rule: Set Value
- Rule: Start Process
- Rule: Reset Values
- Rule: Upload File to Storage Bucket
- Rule: Download File From Storage Bucket
- Rule: Create Entity Record
- Rule: Update Entity Record
- Rule: Delete Entity Record
- Rule: Add to Queue
- Rule: Trigger workflow
- Leveraging RPA in your App
- Leveraging Entities in Your App
- Leveraging Queues in Your App
- Leveraging Media in your app
- Leveraging Actions in your app
- Application Lifecycle Management (ALM)
- Basic Troubleshooting Guide
Orchestrator Permissions
In order to create apps and trigger robots at app runtime, users are required to have a minimum set of permissions to access processes from Orchestrator. This page describes the minimum permissions required for common personas and scenarios. For specific setup instructions, check out Orchestrator's documentation on Managing Roles.
Common Approaches to managing Orchestrator Permissions for UiPath® Apps:
- Grant "Admin" Rights - Assigning admin rights to everyone in your Automation Suite account is a quick and easy way for all users to experiment with the full capabilities of Automation Suite, but it is not recommended for production deployment.
- Modify Orchestrator's Default Roles - The simplest way to provide the correct permissions to App Authors and App Users is to assign additional permissions to the roles that are provided out-of-the box.
- Create New Roles - Create Tenant and Folder level Roles for App Authors and App Users. This allows the most control, but requires more orchestration overhead.
This section contains the minimum permissions required to author apps.
Define a user's access to resources at the tenant level.
Machines:View
- (Recommended) Used to get the machine key for setting up the robot. You also needMachines: Create
if you have to create a new machineRobots:Create
- (Recommended) Used to create a robot ( In case of Classic folders). For modern folders, this is not requiredFolders:Edit
- (Recommended) Used to add app users to respective folders so that the app users can run the processesUsers:View
- (Recommended) Used to identify whether the relevant permissions are available for the respective users to whom we are sharing the app in OrchestratorWebhooks: View, Create
: Used by App to start and retrieve results in case of unattended process run during preview
In order to import a process from Orchestrator in App Studio, the user must have the following folder-level permissions on any folders that contain processes to be used by Apps.
Jobs:View
- Used to get the properties of complex objects (.Net objects/data table) by looking at last successful job runJobs:Create
- Used to run processes during previewProcesses:View
- Used to access the processes in a folder
Processes:View
- The app runtime user should have access to the processes in the corresponding folder used in App.Jobs:Create
- Used to run processes during preview- The user must also have a licensed Robot (with the JavaScript Robot Add-On enabled) on their desktop.
In order for users to trigger unattended automation at app runtime, a minimum of the following permissions are required:
Define a user's access to resources at the tenant level.
Webhooks: View, Create
: Used by App to start and retrieve results from the process run
Define the user's access and ability within each folder they are assigned to.
-
Jobs: Create
- Used to start unattended jobs from Apps
Webhook:Create
permissions at the tenant level, unattended jobs will not start at app runtime.