Same user with different roles on different classic folders

Hi,

We’re studying how to partition our Orchestrator between different teams into a single tenant using unattended bots. We were thinking to use classic folders, roles and AD groups. Here’s what I did as a test.

I created a 1st role that we can call VIEWERS allowing to view machines, robots, environments, processes, jobs and logs. I assigned this role to the AD Group TEAM1_VIEWERS on the classic folder TEAM1.

I created a 2nd role called DESIGNERS giving the same permissions than VIEWERS plus the creation of processes and jobs. I assigned this role to the AD Group TEAM2_DESIGNERS on the classic folder TEAM2.

Then I add people into these AD groups:

  • John into TEAM1_VIEWERS
  • Bill into TEAM2_DESIGNERS
  • Bob into TEAM1_VIEWERS and TEAM2_DESIGNERS

Everything is OK for John who can only view elements in TEAM1 folder. He can’t view TEAM2 folder.
Same thing for Bill who can create processes and launch them in TEAM2 folder. As expected he can’t view TEAM1 folder.

For Bob, there’s a problem : I expected he would have only view permissions in TEAM1 folder. But he can there create processes and jobs.

So by this test I understood that with classic folders, if you have access to a folder, you will have there the sum of all permissions that you have from the different AD groups you’re belonging to. Is that correct?

Is there a way to distinguish the partitions per folder in a tenant?

Thanks,
Nicolas

Classic Folders are essentially what was Organizational Units in previous versions and the permissions granted are at the tenant level. If you want that more granular approach will want to look at enabling Modern Folders in which you can have Tenant and Folder Permissions, but recommended you don’t use both at the same time on a single role.

You can read more about the differences in the folders types here.

Note* Until the 2020.3 beta Unattended Robots could only be used with Classic Folders and Modern Folders was only usable with Attended/Studio Robots. (Cloud Community is currently running 2020.4)

2 Likes

Thanks for your very clear answer.

Do you know when the Modern folders for Unattended robots will be available on a stable version?

FTS releases are targeted for April while LTS is October. While the month releases outside of these months will be previews or patches depending on the time of year.

Please see the following links describing UiPath’s release strategy.

Thanks! I’ll wait for the release notes to see if it’s included in the next FTS release.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.