Roles in Orchestrator - Creating an input login for clients

Help Orchestrator
,
1

Hi everyone and good afternoon. I am working with a client who has credentials for a portal we use stored in orchestrator. I was discussing with my lead that role permissions change Orchestrator and I’m wondering if there is a role specific to just allowing them to go in and update these credentials and NOTHING else.

Or should we create some sort of automation?
The credentials expire every 90 days.

I have not found anything clear or concise in a situation like this.

Thanks in regards,
Alicia

2

Dear Alicia,

I am not sure what you mean with “stored in orchestrator” but I strongly guess you mean the credentials for the portal are provided via an asset.

Please mention that the role feature is not this deep specific that you can’t only allow your customer to edit one asset. The lowest auhtority which you can configure is to allow to edit all assets in a folder. In your scenario I would do the following:

  • create a new folder only for this specific process
  • deploy/migrate the specific process and configuration to this folder
  • create an orchestrator account for customer
  • create a new folder role with the right to view and edit assets
  • assign this role to the customer account

Hope this helps.

Best Regards
Chris

1 Like
3

@ajeffers It’s not mentioned if you are talking about Asset Credentials or User/Robot Credentials.

If Asset Credentials, @christian.schauer solution is good, but could simplify it if needed and only create a Modern Folder for the needed Assets as a Modern Process can work with entities in other Folders. Your other entities (Processes, Triggers, etc.) can continue to live in their Folder assuming they are already in a Modern Folder.

Another approach that can be applied to both User/Robot Credentials and Asset Credentials is to move your credentials into another Provider, if you are already using one for other systems. For example Azure or CyberArk, these could be setup with isolated Safes owned/managed by you or your clients as well as handle the credential rotation if that is what you want.

I know previously you could create your own Credential Provider Plug-ins for Credential Managers that were not supported out of box. GitHub - UiPath/Orchestrator-CredentialStorePlugins: Credential Store Plugins as examples on how to create third party plugins to use on the Orchestrator.

It’s still documented in the 2020.4, but the section has been removed from newer release documents.

1 Like
4

Thanks everyone! We are going to test these two and let you know what works. :slight_smile: