Tenant / folder roles question

adext01 · January 12, 2026, 12:10pm

Hello

I have a question on the difference between tenant and folder roles

When we add a user to a new organization and want them to have acess to a specific folder only, be able to run an automation, do we HAVE to give them a tenant role as well? or we can just give them the necessary folder ole?

It seems to me that the user gets an error when I only grant them a folder role without a tenant but I’m not sure

arjun.shiroya · January 12, 2026, 12:14pm

hi, @adext01

You must assign both roles:

Tenant level: Minimum “Viewer” role (for login/basic Orchestrator access)
Folder level: “Automation Run” or “Automation User” for the specific folder

Folder-only roles fail because tenant access is required for job execution/navigation. The error occurs without the tenant role.

Exact steps:

Tenant > Manage access > Assign “Viewer”
Folder > Permissions > Assign “Automation Run”

ashokkarale · January 12, 2026, 12:15pm

@adext01

Tenant Roles: These apply at the organization (tenant) level and control access to global resources like managing users, viewing licenses, creating folders, etc. Examples: Administrator, Automation User, Automation Developer.
Folder Roles: These apply within a specific folder and control what the user can do inside that folder (e.g., run jobs, view processes, manage queues). Examples: Folder Administrator, Folder Contributor, Folder Viewer.

Yes , in most cases. Even if you only want the user to access a specific folder, they still need basic tenant-level permissions to log in and interact with Orchestrator.

The minimum is usually the Automation User tenant role, which allows them to sign in and use resources assigned to them.

Because folder roles alone do not grant the ability to access the tenant or Orchestrator UI. The system expects at least one tenant-level role for basic access.
Folder roles only define what they can do inside the folder, not whether they can log in.

Prem_Brat · January 12, 2026, 12:20pm

@adext01
A user must have at least one Tenant-level role or view role, even if they only need access to a single folder and only to run automations and folder role alone is not sufficient for a user to function correctly in Orchestrator.

prashant1603765 · January 12, 2026, 12:35pm

Hi @adext01

Assign the user a minimal tenant role like:
Automation User (or Automation Developer, depending on needs)
Assign the necessary folder role (e.g., Folder Administrator, Folder Contributor, or custom role) for the specific folder.

If helpful, mark as solution. Happy automation with UiPath

Monali_Vekariya · January 13, 2026, 3:48am

Hello @adext01

Yes, the user still needs at least one tenant-level role. Tenant roles control access to Orchestrator itself (login and basic permissions), while folder roles control what they can do inside a specific folder.

So even if the user only needs access to one folder and to run jobs, you must assign a minimal tenant role (like Tenant User), and then give the required folder role for that folder.

Without a tenant role, the user will get access errors even if a folder role is assigned.

Topic		Replies	Views
Help needed trying to undestand orchestrator roles Orchestrator orchestrator , question	4	200	June 13, 2024
Tenants vs Folder Help orchestrator , question	12	8005	October 20, 2020
Role assignment model for UiPath orchestrator folder Orchestrator question	3	891	December 30, 2021
Under Manage Access tab in orchestrator , after adding folder roles am not able to assign that role to the user . It’s not even displayed in the dropdown when I try that assign that folder role Studio studio	2	169	March 20, 2024
Difference between the rules Allow To Be Automation Developer and Automation Developer Orchestrator orchestrator	3	125	January 9, 2025

Tenant / folder roles question

Related topics