Limit orchestrator access based on environments/robots/jobs

orchestrator

#1

Hi,

I would love to see more detailled permission settings based on environments or robots or jobs.

Use case 1) I want to enable a user to start jobs. There are multiple jobs available in his tenant/organization but he should only be able to start one specific job

Use case 2) There is one orchestrator with one tenant which has a staging environment and a production environment. The developers should only be able to do deployments to the staging environment and not to the production environment.

Use case 3) There are multiple robots within a specific HR environment. The user from use case 1 has to start a job in this environment but I only want him to start a job on a specific robot, since the other robots have to run on a important schedule. (if there were access rights based on environments I would also be fine with splitting these robots in two environments)

Thanks,
Thorsten


#2

I suggest access based on Robot Objects (i.e. all Reports, Logs, Jobs, Schedules, Assets related to given robots). With this, we can extend Orchestrator access to Business team to let them see status, reports, logs of their Robot execution. If passwords are being managed in assets, Business team can change password themselves or manage other assets.


#3

Thorsten,

Got an answer for the above use cases? I do have the same scenario if you could share it will be very useful.


#4

Nope


#5

Thorsten,

Try to create Organsation units which ensure the separation of Orchestrator components within tenants for assigned users.