Management ConsoleAdminUsers & groupsManagement Console user roles

Management Console user roles

In Management Console, access is controlled through roles. A set of user roles is provided, and permissions are applied based on the roles that are assigned through security groups. User membership in those groups determines the scope of actions available.

The following roles are provided:

  • API (A service role): Gives rights to use the repository API to read from and write to the repository and run robots using RQL.

  • DAS Client User (A service role): A user with this role is created for remote Desktop Automation Service (DAS) clients, and can only access the DAS API. The DAS client user has a right to announce a DAS to Management Console and retrieve DAS configurations.

  • Developer: This role gives rights to create, edit, and delete schedules, run robots, and view run logs and clusters. Has a right to upload, download, and view all resource types in the repository.

  • Kapplet Administrator: Grants a read/write access to projects in Management Console from Kapplets. In Kapplets, users with this role can manage Kapplets and create and manage Kapplet templates for the projects that contain the robots required for these templates. A user with this role cannot access Management Console if this user has no other rights.

    For more information, see Kapplets user management and Users and User Groups.

  • Kapplet User: Grants a read-only access to projects in Management Console from Kapplets. In Kapplets, users with this role can only view and run Kapplets for robots belonging to the projects for which they have access. A user with this role cannot access Management Console if this user has no other rights.

  • Process Discovery Client (A service role): This role allows Process Discovery components to interact with Management Console.

  • Project Administrator: Administrates one or multiple projects and has a right to assign a role to a group for these projects. This user has rights to view RoboServer and cluster settings without changing them.

  • RoboServer (A service role): Can only read from the repository. This role is used by RoboServers when accessing a cluster, retrieving repository items, and requesting passwords from the Vault.

  • TotalAgility Client (A service role): This role allows TotalAgility components to interact with the Management Console.

  • Vault Client: This add-on role gives permission to access the Vault in Management Console. The role is provided on top of other roles, such as the Developer role.

  • Viewer: Can view Schedules, Repository, Data view, Log view, and some Settings. This role gives restricted access under the Admin section and does not give rights to modify or run robots.