- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Managing Machines
- Assigning Machine Objects to Folders
- Configuring Account-machine Mappings
- EDR Protection Status
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- Organization administration
- Troubleshooting
Assigning Machine Objects to Folders
Assigning a machine object to a folder enables execution of the processes contained in that folder for all unattended workstations that are employing that machine object to connect to Orchestrator.
Assigning the machine object alone to a folder is not enough for unattended execution; assigning the user account under whom the execution takes place is required as well. This is needed so that the user's robot has access to the automation resources contained in the folder.
Machines are tenant resources, meaning global resources that are created at the tenant level and are available across folders.
Administrators can perform machine assignments from a centralized location of all folders at the tenant level (Tenant > Folders), or they can do it in the context of each folder (folder context > Settings > Machines).
-
Tenant context
-
Folder context
Direct machine assignment allows administrators to assign one machine object to a folder at a time, explicitly. Direct assignment implies that an administrator performs the assignment on a per-folder basis.
A machine object that has been directly assigned to a folder alone is marked in the Machine Assignment column using Direct.
A machine object that has been directly assigned to that folder and propagated to all subfolders under that folder is marked in the Machine Assignment column using Direct followed by an arrow.
This is a step-by-step procedure on how to assign machines to a folder at the tenant level. Folder level assignment is similar.
Administrators can push a machine object residing in a folder to all child subfolders, allowing assignment of the machine to all child subfolders in one go, thus removing the need for per-folder assignments.
A machine object with an inherited assignment is marked in the Machine Assignment column using Inherited.
A machine object that has been directly assigned and propagated to all subfolders under that folder is marked in the Machine Assignment column using Direct followed by an arrow.
Propagated machine assignments are not compatible with custom account-machine mappings:
- you cannot push a machine object with custom account-machine mappings to child folders - remove any specific mappings before proceeding;
- inherited machine assignments take precedence over direct assignments of the same machine; i.e. pushing a machine to child folders switches its direct assignment model to an inherited assignment model and as such removes all custom, folder-level mappings that could have previously been specified in a direct assignment model;
- inherited machine assignments prevent you from creating any new custom account-machine mappings.
This is a step-by-step procedure on how to assign machines to a folder at the tenant level. Folder level assignment is similar.
This is a step-by-step procedure on how to assign machines to a folder at the tenant level. Folder level unassignment is similar.
- From the Folders page, in the Manage Folders pane, click the folder you want to remove a machine from.
- In the right-hand pane displaying the folder context, select the Machine tab. A list is displayed showing all the machine objects in that folder.
- Click More Actions > Remove from subfolders next to the machine you want to remove from child folders.
-
Click Remove to confirm the action.
Note: An admin cannot remove an inherited machine assignment from a child folder individually, you need to remove it from the parent folder. This also removes the other existing assignments between that machine object and the remaining child folders it has been pushed to.
Upon moving a folder to a new folder structure, machine assignments that have been inherited from the initial parent folder are lost. A moved folder inherits machine assignments from the new hierarchy, provided there are assignments that get propagated there.
Direct machine assignments and custom account-machine mappings, if any, are kept upon moving a folder unless those very same machines are propagated from upper folder levels in the target folder structure. In that case, direct assignments are replaced by inherited assignments, and custom mappings are replaced by tenant mappings.
For the mappings to be functional in the new place, make sure the account tied to the machine in your mappings has access to the target folder structure as well.
Here are two folder structures and their initial configurations.
Upon moving the Travel Loans folder under the Relocation Expenses folder the following window is displayed, informing you about the effects of your change.
Once you confirm the movement, this is how the moved folder looks like in the new folder hierarchy.
Conclusions
- Direct machine assignments and associated account-machine mappings are kept upon moving folders unless there is a conflicting state for the same machine between the original folder and the target folder, i.e. a machine that's directly assigned in the parent folder, but it's pushed by virtue of inheritance in the target folder will lose the direct assignment model and all account-machine mappings that come with it when moved.
- Initial inherited machine assignments are not kept when moving folders.
