Invited Guest User Permission - A specific Case Study

Hello Community,

I’m Andy Menon working under the banner of my tiny company RPA Vanguard. How are you all!

I’m preparing a little PoC to demonstrate how a small RPA Team can manage Guest Users on their Automation Cloud/Orchestrator Service. I have read the documentation and demo.

Sorry if this post is long, but I cannot pop a general question on managing users without proper context. I have made every attempt to reduce the context down to bullets.

I have a couple of quick questions/clarifications just to make sure that I haven’t missed anything crucial. The detail of the work done is below. Appreciate it if Orchestrator Admin Gurus can chime in and help me out on this.

Admin Work Done So Far:

  1. As administrator, I have Invited the Guest user to join UiPath Automation Cloud :slight_smile:
  2. Assigned Personal Workspace Admin and Robot Roles to the Guest :slight_smile:
  3. Created a Classic Folder named Guest_Classic & assigned the Guest to this folder :slight_smile:
  4. Under the Guest Folder, created a Guest Environment so that Guests can run their automations :slight_smile:
  5. Created & assigned Custom Role called Environment Manager that will allow only View/Edit Permissions so that the Guest can create an Attended Robot and Add it to the Guest Environment :slight_smile:

Work Done by the Invited Guest So Far:

  • Guest has successfully received the Invite email and logged into Orchestrator Service :+1:
  • Created a Floating Robot & successfully added it to the Environment accessible at the Folder level :+1:
  • Added a Process successfully to the Automations tab as shown below :+1:

As seen from the Screen shot, the Guest cannot delete or edit anything outside of the Guest folder :+1:
And this is where my questions come in :frowning:

Questions/Clarifications:

  1. The Guest can view the Machines in the machine tab and copy the Machine keys :frowning:
  2. When adding Processes , the guest has access to all uploaded packages at the Tenant level :frowning:
  3. Is this normal? Or, have I messed up someplace? :open_mouth:

Thanks much!

2 Likes

Hi @rpavanguard
Welcome to Uipath Community

You have done the exactly grate job, This how should be managing your users according to by secure manner

If you need to prevent to view access form the user , you need to remove following permission form users permissions (should be remove from all roles that he having)

Yes, It’s available , currently, it cannot be controlled by any methods .
I have already made a suggestion on this start of this year , may be available with new release in future , till no its cannot be control to view by process wise
(Actually can view is by Folder level , hope you mention "

is by mistaken")

You are almost done ok :sunglasses: :+1: ,
But Make sure that Robot Roles is really required to him or not
And also Personal Workspace Admin

One more thing: before providing such permissions, keep test with the same permission to add another test user and check each of when u have dought.

Hope you got the all points … :slightly_smiling_face:

Hi @Maneesha_de_silva,

Thanks for taking the time to go through my lengthy post and providing your inputs. My responses below:

I see that the built in roles “Personal Workspace Administrator” & “Robot” cannot be edited for their permissions. How do I in that case update “Machine” permissions?

I had actually assigned the User only the “Personal Workspace Admininstrator” role. But the Guest user was not able to access the Robots tab to create the Robot and add it to the Environment.
The practice we are trying to establish is to have licensed users (with restricted permissions) login and create their own Attended Robots and not do all the management ourselves.
We can always disable the Robots as Administrators if things on the user side change.

In the Community License, there are only 3 built-in roles. The third one is Administrator which obviously cannot be granted to a guest. Are you suggesting that we create a custom User role instead?

Sorry, but I might have been clear earlier. I’m talking about Packages and not Processes.
I mentioned Tenant level because the Packages tab is available only at the Tenant level. When we switch to a folder, the Packages tab is not visible regardless of Admin or non-Admin user.

But yes, Processes are visible only at the folder level and a Guest User cannot view the processes or jobs of an Admin user in the Default or any other folder that Admin has access to.

Thanks again and let me know if I have understood these right.

1 Like

For this,
Create a Separate new user role then and assign each access you need

Yes of cause, Create a new separate role for that, that would be easy to manage users

For this, As I previously said, if you gave permission to role/ folder level access
that can be visible to all attributes that create inside the folder

EG: in your default folder ==> you have created an ASSET call “A” and your guest create ASSET call “B”
when you provide permission to view the asset that your guest create,
ASSET “A” also visible, still there is no any control for it

1 Like