I miss the ability to prevent a user from seeing “licenses”, “users” and “API Keys” etc.
It isn’t very sensitive data but it would be great if we could limit these things as well, business users don’t need access to that information, especially not API key.
To compare it to On-Prem: This feels a bit like giving all users access to the Host tenant.
Why is it not possible to invite a user without giving any access upfront, and then just give him/her the access needed?
For example: we invite a business user, adds him to a modern folder with a role that gives him access to view queues, jobs and logs. He then automatically gets access to that service/tenant, but not able to see other services, licenses, users, and API keys, etc.
If there aren’t any technical reasons behind this, then I don’t understand why the minimum is set by UiPath.
Did something happend yet?
In my opinion the permission management in the Automation Cloud is not quite comfortable at all…
Some points I have tried to restrict user access are impracticable for me:
There is the possibility to deny the Orchestrator UI Access for the Everyone group (on tenant level):
That is a nice thing but why is there no ability going with this restriction to avoid the user seeing the tenant at all?
If you add an user afterwards to a group (e.g. a self created group with the permission to Access the Orchestrator UI and a role assigned to that group) why does the user settings and roles not getting updated? Should not be the Everyone group the one with the lowest priority, so that any other group membership would have to overwrite the users permissions?
You can remove the Everyone group from a specific tenant. However the user still have the group membership on organization-level, therefore the organization-level role User is also assigned. With that role the user is able to log into a tenant and will be listed under the Manage Access tab with the same permissions (no roles but allowed UI access) like it would happend without the removal the group. Then what would be the use of removing this group? Mentions in the docs for Managing Access the organization-level role User should be “the basic level of access within the UiPath ecosystem”! I can not see how this behavior should match with that statement when you provide Multitenancy (which should give you the ability to grants business users only and just ONLY the permissions they need on tenant level).
One more thing a bit off this topic - why is it not possible to allocate the alert settings to groups? In a well user management concept, the approach to assign users directly should actually only be necessary in rarest situations (for the sake of overview alone).
Perhaps I am a bit to demanding how the Automation Cloud should be presented to an general employed or I just did not find the correct setting yet but that is the only post I find on this subject.
I would be glad if a few could feedback on this and UiPath might announce future adjustments for that?