User Roles and Permissions

Automating a process takes an interdisciplinary team. Knowledge, skills, and responsibilities are distributed over several different persons. Not everyone can do anything or should know anything for security reasons. These restrictions are implemented as user roles and permissions in RPA Manager.

User Permission Scopes

Permissions determine what users of the RPA products can see and do:

See and open
- a module
- a view
- an object and its data
Perform an action in a view
Create objects
Edit data
Transition objects
Take decisions
Use products
Analyze data
Monitor
- usage
- performance
Report results

User Permissions Types

Permissions have different scopes and purposes. They can be combined.

Permission Type Scope Example

Permission Type	Scope	Example
Privileges / RPA (Deprecated) Permissions	Predefined fine-granular permissions to view and process data. Can be compiled to individual roles. For some tasks users need individual permissions or assignments additional to privileges. Are deprecated after the migration of RPA Manager to Anypoint Access Management	You can guess the purpose of these example privileges from their name: `Process Automation Open` `Project Management` `Process Evaluation Approval to a Project Manager` `Open Evaluation Templates` `Builder Usage` `Create Global Variables` `Edit Evaluation Templates` `Change Project Manager` `Upcoming Process Changes Administration`
RPA Permissions	Role-like permissions For some tasks users need individual permissions or assignments additional to permissions.	You can guess the purpose of these example privileges from their name: `RPA Automations Designer` `RPA Performance Analyzer`
Roles	Combination of privileges. Users can have more than one role. Are deprecated after the migration of RPA Manager to Anypoint Access Management	The role `Business User` could include the privileges `Activity Library Administration`, `Activity Library Open`, `Dashboard Open`, `Process Automation Open`, and `Process Recording`.
Assignments	Permissions valid for a phase in the lifecycle of a project. Enable a user to assume responsibility for a project. Assignments are combined with privileges.	A user who is part of a user group marked as `Center of Excellence` also needs the privilege `Process Create` to start the automation of a process. RPA developers need the privilege `Process Automation Open` to see which newly designed processes they can build. They need the privilege `Builder Usage` and the permission for the build phase as a team member to work on the implementation of the process in RPA Builder. If senior RPA developers need to check the build first before running tests in RPA Manager, the project manager can assign them the advanced permission `Release to Test`.
Individual Permission	Permissions for security relevant process elements. Granted only to selected users on element creation.	Credentials can only be used by users selected on creation.
Transferred Permission	API Keys are assigned to users whose identity and permission set is used to complete tasks via REST API. API Keys have an expiration date.	API Keys are needed when an RPA Manager Invocable Configuration is included into a Composer Flow.

Privileges / RPA (Deprecated) Permissions

Predefined fine-granular permissions to view and process data.
Can be compiled to individual roles.
For some tasks users need individual permissions or assignments additional to privileges.
Are deprecated after the migration of RPA Manager to Anypoint Access Management

You can guess the purpose of these example privileges from their name:

Process Automation Open
Project Management
Process Evaluation Approval to a Project Manager
Open Evaluation Templates
Builder Usage
Create Global Variables
Edit Evaluation Templates
Change Project Manager
Upcoming Process Changes Administration

RPA Permissions

Role-like permissions
For some tasks users need individual permissions or assignments additional to permissions.

You can guess the purpose of these example privileges from their name:

RPA Automations Designer
RPA Performance Analyzer

Roles

Combination of privileges.
Users can have more than one role.
Are deprecated after the migration of RPA Manager to Anypoint Access Management

The role Business User could include the privileges Activity Library Administration, Activity Library Open, Dashboard Open, Process Automation Open, and Process Recording.

Assignments

Permissions valid for a phase in the lifecycle of a project.
Enable a user to assume responsibility for a project.
Assignments are combined with privileges.

A user who is part of a user group marked as Center of Excellence also needs the privilege Process Create to start the automation of a process.
RPA developers need the privilege Process Automation Open to see which newly designed processes they can build. They need the privilege Builder Usage and the permission for the build phase as a team member to work on the implementation of the process in RPA Builder. If senior RPA developers need to check the build first before running tests in RPA Manager, the project manager can assign them the advanced permission Release to Test.

Individual Permission

Permissions for security relevant process elements.
Granted only to selected users on element creation.

Credentials can only be used by users selected on creation.

Transferred Permission

API Keys are assigned to users whose identity and permission set is used to complete tasks via REST API.
API Keys have an expiration date.

API Keys are needed when an RPA Manager Invocable Configuration is included into a Composer Flow.

User Roles and Permissions

User Permission Scopes

User Permissions Types

See Also