角色
角色是权限的集合,是管理用户访问时更细化的一层,遵循通过组维护访问的更广泛的选项。您可以将角色添加到任一组中,以便所有成员帐户都继承这些角色,也可以添加到个人帐户中。
角色可以在组织级别或服务级别包含多个权限,因此有:
- organization-level roles: these roles control the permissions that accounts have on organization-wide options; they are available in the Automation Suite portal by default and you cannot change them, nor can you add new ones;
- service-level roles: these roles control the access rights and actions that accounts can perform in each UiPath service you own; they are managed from within each service and can include default roles which you cannot change, as well as custom roles that you create and manage in the service.
帐户和组通常具有组织级别的角色和一个或多个服务级别的角色。
组和角色
在下表中,您可以查看将帐户添加到组时分配给帐户的角色。 例如,将帐户添加到管理员默认组时,会向他们授予组织的组织管理员角色和 Orchestrator 服务中的管理员角色。 因此,此用户可以管理“帐户”和“组”中的组织级别角色,也可以管理 Orchestrator 中的服务级别角色。
| Group Membership | Organization-level Role | Service-level Roles for Orchestrator |
|---|---|---|
| Administrators | Organization Administrator | Administrator |
| Automation Users | User | Automation User at folder level 1Allow to be Automation User at tenant level |
| Automation Developers | User | Automation User at folder level 1Folder Administrator at folder level 1Allow to be Automation User at tenant level Allow to be Folder Administrator at tenant level |
| Everyone | User | No roles. |
| [Custom group] | User | No roles by default, but you can add roles to the group as needed. |
1已为共享新式文件夹(如果存在)分配角色。
For information about roles across UiPath services, see Role management.
组织级别的角色
帐户只能有一个组织级别的角色。此角色可控制帐户对 Automation Cloud 门户区域内选项的访问权限,例如其在“管理员”页面上看到的选项卡或在“主页”和“管理员”页面上可用的选项。
在组织级别,可以使用“Organization Administrator”和“User”角色。
您无法在组织级别更改这些角色或添加新角色。
组织管理员
此角色授予对组织内每个组织级别和服务级别功能的访问权限。拥有此角色的帐户可以为组织执行所有管理操作,例如创建或更新租户、管理帐户、查看组织审核日志等。可以有多个帐户具有此角色。
创建组织后,系统会为给定组织指定第一位 Organization Administrator。
To grant this role to others, the organization administrator can add user accounts to the Administrators group, which is one of the default groups.
Organization Administrator 角色包含以下组织级别的权限,这些权限无法更改:
| View | Edit | Create | Delete | |
|---|---|---|---|---|
| Admin option in left rail | ||||
| Usage charts and graphs | ||||
| Tenants | ||||
| Accounts and groups | ||||
| Authentication settings | ||||
| External applications | ||||
| Licenses | ||||
| API keys | ||||
| Resource center (Help) | ||||
| Audit logs | ||||
| Organization settings |
用户
这是 UiPath 生态系统中的基本访问权限级别,允许用户登录并访问主页。
Local user accounts automatically become members of the Everyone group, which grants them the User role. This role is also granted to all accounts that are in the default groups Automation Users and Automation Developers.
对于目录帐户,您必须手动将其添加到Everyone 、 Automation Users或Automation Developers组,以分配此角色并向其授予访问权限。
您还可以将目录组添加到这些默认组之一,以向该组的所有成员授予用户角色(以及为默认组定义的任何服务级别角色)。
服务级别的角色
服务级别角色控制每个 UiPath 服务(例如 Orchestrator 服务、Data Service 或 AI Center)中的访问权限和允许的操作。每个服务的权限都在服务本身内进行管理,而不是通过 Automation Cloud“管理员”页面进行管理。
要将服务的权限授予帐户,您可以:
- assign service-level roles to a group to grant those roles to all member accounts - you do this in the service;
- 向已拥有所需服务级别角色的组添加帐户;您可通过“管理员”>“帐户和组”执行此操作;
- assign roles to an account - you do this in the service.
角色管理
您可以从每个服务中管理和分配服务级别角色,并且您需要服务中的相应权限。例如,在 Orchestrator 中具有 Administrator 角色的用户可以创建、编辑和分配角色。
分配组织级别的角色
组织级角色是预定义的,无法更改。
组织管理员可以通过将帐户添加到默认或自定义组,从而通过“管理员”>“帐户和组”将组织级别的角色分配给各个帐户。
See Groups and roles for more information about the organization-level roles tied to each type of group.
将组织级别的角色分配给目录组
如果您已将 Automation Suite 组织链接到目录,例如 Azure Active Directory (Azure AD),则也可以通过将组织级别角色添加到组来将其分配到目录组中,就像使用帐户一样。这不适用于本地组。
组类型
管理服务级别的角色
您可以从服务中管理和分配服务级别的角色。您可以将角色分配给组(推荐),也可以分配给已经在 Automation Suite 中添加的帐户。
有关信息和说明,请参阅适用的文档:
| Service | Details |
|---|---|
| Orchestrator | Managed from Orchestrator. For more information and instructions, see About Roles in the Orchestrator documentation. |
| Actions | Managed from Orchestrator. For the list of permissions required, see Roles and Permissions in the Action Center documentation. For instructions on assigning roles, see About Roles in the Orchestrator documentation. |
| Processes | Managed from Orchestrator. For the list of permissions required, see Roles and Permissions in the Action Center documentation. For instructions on assigning roles, see About Roles in the Orchestrator documentation. |
| Automation Hub | Managed from Automation Hub. For more information about which roles are required and instructions for assigning them, see Role Description and Matrix in the Automation Hub documentation. |
| Automation Store | Managed from Automation Hub. For more information about which roles are required and instructions for assigning them, see Role Description and Matrix in the Automation Hub documentation. |
| AI Center | Managed from Orchestrator. For information about the roles required to use AI Center, see Permissions in the AI Center documentation. |
| Data Service | Managed from Data Service. For more information and instructions, see User Management in the Data Service documentation. For instructions on assigning roles, see About Roles in the Orchestrator documentation. |
| Task Mining | Managed using Automation Suite organization-level roles. For information about the rights that organization-level roles grant in Task Mining, see Set Up the Users in the Task Mining documentation. For instructions on how to assign organization-level roles, see Managing accounts and groups in the Automation Suite documentation. |
| Process Mining | Managed from Process Mining. For more information and instructions on how to enable users to work with Process Mining, see Setting up the users in the Process Mining documentation. |
向帐户分配角色
If you want to granularly control the access a certain account has in a service, but you don't want to add new roles to an entire group, you can explicitly add the account to the service and assign one or more service-level roles to it directly. For example, you can add an account to the Orchestrator service.
有关可用角色和说明的信息,请参阅上述目标服务文档。
4 个月前更新