Restrict orchestrator API calls per user

Is there a way to restrict orchestrator api calls per user? I think its something really useful in terms of security and governance.

For now what I understood based on documentation is that the users can make api calls based on theirs access in orchestrator.



If you are using orchestrator http request activity then depending on the robot access it has they would be able to get all the details

If using api from external provider then while providing scope in external provider you can provider different scopes as needed and provide the details to end user based on what ypu want them to access

Hope this helps


1 Like

Hi @Camila_Caldas

To restrict API calls per user in Orchestrator:

1.Define roles with specific permissions that align with the desired level of API access for each user. You can assign these roles to users or groups in Orchestrator.

2.Set up Role-Based Access Control in Orchestrator. RBAC allows you to control what users or roles can do within Orchestrator, including API access.

  1. Assign the appropriate roles to each user based on their responsibilities and required level of API access. Users will have access to API calls permitted by their assigned roles.

  2. Test the API calls with different user accounts to ensure that they can only access the allowed APIs based on their assigned roles.



This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.