Group Membership "Everyone" is not limited enough (Automation Cloud Enterprise)

Feedback Orchestrator
, ,
1

Currently all new users are automatically added to “Everyone” and you cannot uncheck it:
image
This group has the following access:

image
image866×311 5.4 KB

I miss the ability to prevent a user from seeing “licenses”, “users” and “API Keys” etc.
It isn’t very sensitive data but it would be great if we could limit these things as well, business users don’t need access to that information, especially not API key.

To compare it to On-Prem: This feels a bit like giving all users access to the Host tenant.

Why is it not possible to invite a user without giving any access upfront, and then just give him/her the access needed?
For example: we invite a business user, adds him to a modern folder with a role that gives him access to view queues, jobs and logs. He then automatically gets access to that service/tenant, but not able to see other services, licenses, users, and API keys, etc.

If there aren’t any technical reasons behind this, then I don’t understand why the minimum is set by UiPath.

2

@Geoff, @badita - Do any of you know if we today can change the basic access or if there is a plan to implement/enable it?

3

Hi @Obsev

Thank you for your feedback, I’ll try to find some answers :slight_smile:

6

An update. Although it is not possible to modify the Everyone permission today, our team is looking into ways to improve it in the future.

1 Like
7

Hi @loginerror

Any updates?

8

The improvement has been recognized by our Cloud team and is placed on the roadmap for future releases.

11

Did something happend yet?
In my opinion the permission management in the Automation Cloud is not quite comfortable at all…

Some points I have tried to restrict user access are impracticable for me:

  1. There is the possibility to deny the Orchestrator UI Access for the Everyone group (on tenant level):
    image
    That is a nice thing but why is there no ability going with this restriction to avoid the user seeing the tenant at all?

  2. If you add an user afterwards to a group (e.g. a self created group with the permission to Access the Orchestrator UI and a role assigned to that group) why does the user settings and roles not getting updated? Should not be the Everyone group the one with the lowest priority, so that any other group membership would have to overwrite the users permissions?

  3. You can remove the Everyone group from a specific tenant. However the user still have the group membership on organization-level, therefore the organization-level role User is also assigned. With that role the user is able to log into a tenant and will be listed under the Manage Access tab with the same permissions (no roles but allowed UI access) like it would happend without the removal the group. Then what would be the use of removing this group? Mentions in the docs for Managing Access the organization-level role User should be “the basic level of access within the UiPath ecosystem”! I can not see how this behavior should match with that statement when you provide Multitenancy (which should give you the ability to grants business users only and just ONLY the permissions they need on tenant level).

One more thing a bit off this topic - why is it not possible to allocate the alert settings to groups? In a well user management concept, the approach to assign users directly should actually only be necessary in rarest situations (for the sake of overview alone).

Perhaps I am a bit to demanding how the Automation Cloud should be presented to an general employed or I just did not find the correct setting yet but that is the only post I find on this subject.

I would be glad if a few could feedback on this and UiPath might announce future adjustments for that? :slight_smile:

12

I just saw this announcement, so the question about group allocation for alerts is obsolete.