Cloud Platform - Admin access without Orchestrator access

Help Automation Cloud
1

Hello!

We are trying to set up access for our Service Desk Team in a way that grants them permissions only to the Admin section for creating/inviting Users and assigning them to a Group. Crucially, they should not have access to the Orchestrator Folders.

Here is the setup currently in place:

  • I created a “Service Desk” group.

  • I created “Service Desk” roles for the Organization and Tenant levels under Admin.

  • I created a “Service Desk” role under the Orchestrator service.

This configuration successfully allows the Service Desk user to access the Admin page without access to the Orchestrator Production Folder as required, however, on the Admin page, the Accounts & Local Groups tile is disabled, with only Manage Access tile enabled.

Even after I have granted all permissions to the Roles created, and assigned to the Group, the group users still have the issue above.

Thanks in advance for any assistance on this!
Ramos

2

Hi @Marco_Ramos

Accounts & Groups requires special Organization-level permissions that cannot be replaced by Tenant/Orchestrator roles.

Can you verify below roles, if these are provided it will work fine.
1. Organization Users: View/Edit/Create
Groups: View/Edit/Create
Directory Groups: View — This is optional

2. Tenant Access Management: View/Edit —

For service desk group, Remove all roles from all folder,Do not assign Robot, Admin, or custom folder roles, Do not add them to any subfolder. this will ensure they cannot access Orchestrator folders.