Hello, UiPath community!
We’ve been collecting your feedback around setting up roles and permissions in Orchestrator, and are pleased to announce a few upcoming improvements in the initial setup experience, as well as some important changes to the Automation User role.
When creating a new tenant, you will notice a better separation of group roles by default. The changes to the default seeding are as follows:
- Updated group: Automation Users will no longer be able to access the Orchestrator UI and will continue to use Assistant to run automations as intended
- New group: Citizen Developers will have access only to their Personal Workspace in the Orchestrator UI and will behave like an Automation User in other folders
- New role: Automation Developers will have access to the standard interface in the Orchestrator UI and will be now assigned to Automation Developers group.
If you are an existing customer, you might notice another important change in the Automation User role. Since the primary purpose of an Automation User is to run a predefined set of automations, Automation Users will no longer have the permissions to publish automations. This is a governance best practice to ensure that personal user projects do not accidentally get published without first being reviewed. While we recommend you to make use of the new Automation Publisher role instead (see below), you can still keep the old role definition for Automation Users by downloading it from UiPath and uploading it into Orchestrator via the Role Import feature.
But if you want to fully benefit from the new separation of roles and permissions, you will have two more options for assigning roles:
- For proficient users that can self-publish automations, you can assign the additional Automation Publisher role, which contains only Publishing-required permissions
- For developers that do not need to access to potentially expensive resources (e.g. storage buckets), you can assign the new Automation Developer role
With the introduction of these new roles, we’re also looking at reducing the complexity of assigning user roles. Setting up roles for users needs to be done both at folder-level and tenant-level, so we’re implementing a one-step flow to auto-assign the corresponding tenant-level role when assigning a standard folder-level role based on the recommended level of access.
The changes above are coming to Community users on August 21, and will be available to Enterprise customers one week later, on August 28.
We hope this update will allow you to both set up user roles faster and have more fine-grained control over permissions, and are looking forward to your feedback here on the forum, along with what you’d like to see next.