Orchestrator HTTP request 403 when creating or deleting queues

#1

Hello all!

I need some help with the Orchestrator API/HTTP request activity

I recently started at a new company, and is rebuilding my “create a new project”-process.
Along with some other features, this process also creates Orchestrator queues for the new project.
At my old company, I created this feature using the standard HTTP request activity to authenticate and post the queue.

Now I need to recreate it i’m using the Orchestrator HTTP Reuqest activity instead of the normal one.
Asking for what queues is currently in orchestrator is working fine, but when trying to manipulate the queues i get an 403 “You are not authorized” StatusCode. This goes for both Post and Delete (with the associated changes to the input).

  1. Isn’t it the whole idea with the Orchestrator HTTP activity that it automatically authorizes me?
  2. Since I can get the queues I assume it does, but then why can’t I manipulate them?

When logging into orchestrator through the web interface, I can both Create and delete queues from the same user account that the robot uses, so i know it’s not a problem with access control for the user in orchestrator.

I could probably recreate it using the normal HTTP request activity, but I want to know why this isn’t working, since it would be a lot easier not needing to authendicate whenever i need to use the API :slight_smile:

  1. Is it correct that the API guide have not been updated since 2016.2?

Any help will be appriciated! :slight_smile:

#2

if you are using the activity then the robot role will need permissions like this:

#3

Hello @bcorrea
What role does the robot need, that i don’t need when accessing the interface on the same user?

#4

Robot is not the same as the user you use to access the orchestrator… it is a Role… for every different request will be different permissions…

#5

So you are saying that when user “abc” logs into Orchestrator, and when user “abc”'s robot uses orchestrator, they are not using the same permissions?
Can you support that with official documentation, or an example?

#6

i think i already sent you the documentation about roles and permissions… see the robot roles:

#7

Can you point out in the documentation where it says that the robot uses different permissions?
I can’t seam to find it :frowning:

#8

I have similar issues with robots getting a 403 when using the Orchestrator HTTP activity. Specifically, I am trying to create users. I’ve given the robot role view, edit, and create permission on users. But still I get the 403. Any idea beyond roles? Is there a specific permission that the API requires?

#9

please check documentation to see the list of permissions per endpoint:
https://docs.uipath.com/orchestrator/reference#permissions-per-endpoint

#10

Thanks for the link!

While my role was correct to create users, I was also doing “modern provisioning” where it automatically creates a robot for a user. So, I had to add create permissions for robots to the robots role. @Konrad could this be your issue as well?

#11

Hello @cclements

I do not know what “modern provisioning” is, and i’m pretty sure we are not using it.
I did a search and it looks to be something where you automatically create Attended Robots pr user?
If that’s the case, then no. We only use unattended.

Anyway, Thx for checking! :slight_smile:

For now i have reverted to using the regular HTTP requests, until UiPath sees this post and gives a response, or fixes the bug :slight_smile:

#12

Hi, didnt you check the permissions for your Robot role? As far as i know, there are no bugs there… Let me know if you need any more help with this.

#13

Hello, Thank you for your time bcorrea.