Difference between permission scopes in for orchestrator cloud permissions

Hi all,

I’m currently setting up an API call from an external application to our UiPath Cloud Orchestrator. While trying to narrow down the required permissions, I encountered something confusing.

When I remove the OR.Administration permission—but keep both OR.Administration.Read and OR.Administration.Write—the API call fails with the following error:

Failed to retrieve token: 
{"error":"invalid_scope"}

I had assumed that OR.Administration was simply a combination of the Read and Write permissions. However, this behavior suggests otherwise.

Could someone kindly explain the differences between these three permissions and why the full OR.Administration scope might be required for the token request to succeed?

Thanks in advance!

I assumed OR.Administration was a combination of both Read and Write permissions.

Would someone be so kind to walk me through the different among these three permission

Hi @Giraldo_Juan_P

• OR.Administration: Grants full administrative control, including authentication and token management.
• OR.Administration.Read: Allows viewing administrative settings but does not permit modifications or authentication-related actions.
• OR.Administration.Write: Enables modifying administrative settings but does not grant access to authentication functions.

Happy Automation.
I generated this response with the help of an LLM

@Giraldo_Juan_P

may I know what did you provide in the scope when you requested for token ?

cheers

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.