Orchestrator HTTP request 403 when creating or deleting queues

Help Orchestrator
,
#1

Hello all!

I need some help with the Orchestrator API/HTTP request activity

I recently started at a new company, and is rebuilding my “create a new project”-process.
Along with some other features, this process also creates Orchestrator queues for the new project.
At my old company, I created this feature using the standard HTTP request activity to authenticate and post the queue.

Now I need to recreate it i’m using the Orchestrator HTTP Reuqest activity instead of the normal one.
Asking for what queues is currently in orchestrator is working fine, but when trying to manipulate the queues i get an 403 “You are not authorized” StatusCode. This goes for both Post and Delete (with the associated changes to the input).

  1. Isn’t it the whole idea with the Orchestrator HTTP activity that it automatically authorizes me?
  2. Since I can get the queues I assume it does, but then why can’t I manipulate them?

When logging into orchestrator through the web interface, I can both Create and delete queues from the same user account that the robot uses, so i know it’s not a problem with access control for the user in orchestrator.

I could probably recreate it using the normal HTTP request activity, but I want to know why this isn’t working, since it would be a lot easier not needing to authendicate whenever i need to use the API :slight_smile:

  1. Is it correct that the API guide have not been updated since 2016.2?

Any help will be appriciated! :slight_smile:

#2

if you are using the activity then the robot role will need permissions like this:

#3

Hello @bcorrea
What role does the robot need, that i don’t need when accessing the interface on the same user?

#4

Robot is not the same as the user you use to access the orchestrator… it is a Role… for every different request will be different permissions…

#5

So you are saying that when user “abc” logs into Orchestrator, and when user “abc”'s robot uses orchestrator, they are not using the same permissions?
Can you support that with official documentation, or an example?

#6

i think i already sent you the documentation about roles and permissions… see the robot roles:

#7

Can you point out in the documentation where it says that the robot uses different permissions?
I can’t seam to find it :frowning:

#8

I have similar issues with robots getting a 403 when using the Orchestrator HTTP activity. Specifically, I am trying to create users. I’ve given the robot role view, edit, and create permission on users. But still I get the 403. Any idea beyond roles? Is there a specific permission that the API requires?

#9

please check documentation to see the list of permissions per endpoint:
https://docs.uipath.com/orchestrator/reference#permissions-per-endpoint

#10

Thanks for the link!

While my role was correct to create users, I was also doing “modern provisioning” where it automatically creates a robot for a user. So, I had to add create permissions for robots to the robots role. @Konrad could this be your issue as well?

#11

Hello @cclements

I do not know what “modern provisioning” is, and i’m pretty sure we are not using it.
I did a search and it looks to be something where you automatically create Attended Robots pr user?
If that’s the case, then no. We only use unattended.

Anyway, Thx for checking! :slight_smile:

For now i have reverted to using the regular HTTP requests, until UiPath sees this post and gives a response, or fixes the bug :slight_smile:

#12

Hi, didnt you check the permissions for your Robot role? As far as i know, there are no bugs there… Let me know if you need any more help with this.

#13

Hello, Thank you for your time bcorrea.

#14

Hi,

I am having similar issue(Getting 403 error code) while trying to enable/disable machines using the following API. I have admin privileges. Any thoughts on what could be missing or incorrect in my request?

/odata/LicensesRuntime(‘Documentation’)/UiPath.Server.Configuration.OData.ToggleEnabled

#15

what do you mean “i have admin privileges”? You need to make sure the user authenticated for that request has the correct permissions (roles), cause 403 is saying otherwise…

#16

@bcorrea

I am using my own machine to test that out in our dev environment and I have ‘Admin’, ‘Developer’ and ‘Robot_Unattended’ roles assigned.

My license type is ‘Studio’. Does this matter what type of license the robot has when trying to disable or enable the machine?

#17

Are you using the orchestrator http request activity, or have you done it “manually” with a normal HTTP request activity?

I never got UiPaths activity to work, so i would recommend trying to use the normal HTTP request.
It’s more work as you need to handle the authentication as well, but at least it works :slight_smile:

#18

@Konrad

I used ‘Orchestrator HTTP Request’ activity. Get method worked, but not POST using this activity.

Sure, I will try HTTP Request instead and try. Thank you!

#19

The permissions of your own machine doesnt matter at all for that error… What matter is the roles/permissions the Robot user has in Orchestrator.

#20

@bcorrea - Just wanted to make sure I understand it right.

So, say that my User Id is “UiPathUser1”,(this user has admin role) My Machine name is “Machine1” and my Robot Name is “Robot1”

and if “UiPathUser1” is trying to disable “Machine2”, does “Machine2” should have the ‘admin’ role aswell?

I am basically trying to disable the Machines, not Robot’s.