Changes to Orchestrator roles and permissions

Hello, UiPath community!

Over the next few weeks you will see an improvement in how Orchestrator treats creating and editing roles and permissions. More specifically, we will be enforcing what we previously recommended when assigning permissions that allow regular users to perform operations that require elevation and admin privileges. When adding such permissions right now, you are seeing the following message:


With this change, we will be adding an additional layer of enforcement to our previous recommendation. Only users with Roles.Edit and Roles.Create (typically admins) will be able to elevate another user’s existing privileges beyond their own set of permissions. That means you should review the way you’re assigning and editing user roles and permissions to make sure this change doesn’t break your workflow.

If you’re using the Orchestrator API to manage roles and permissions, you might see the following error message:

Action forbidden: You selected at least one role that grants more than your set of permissions. Please remove the following role(s): <role-list> to continue

. If that happens to you, you might want to:

  • Make sure you’re not attempting to grant another user more permissions than the current user account has
  • Change your workflow so that the permissions you’re trying to grant are being added from a user account with the right permissions

We’ll keep you informed about when this change will go into effect.

Thank you!