Access rights for processes and objects

Access rights for processes and objects are split into two types – item and group.

Item permissions

These permissions apply to items in a group and determine what users can do with those items.

Permission	Description
Delete	Users can delete items in the group.
Edit	Users can edit items in the group. Execute and View permissions are also assumed.
Execute	Users can execute items but cannot open or edit them. Execute does not automatically grant permission to view definitions, this would require Edit permissions. Users with the Execute permission who do not have View Definition or Edit permissions cannot step into the item while debugging an object or process.
Export	Users can export processes, objects and releases if they have the access rights to do so.
View Definition	Users can view an object or process but cannot run or edit it. This also prevents users from successfully running a process that references an object for which they only have the right to view the definition. Providing the user has the permissions to view and run the process, it will stop running only when it reaches a prohibited object.
Execute as Web Service	Users can call an object or process that is exposed as a web service

Group permissions

These permissions determine what actions users can perform in relation to a group.

Permission	Description
Create	Users can create items in the group, including using Save As in the editor. Edit, Execute, and View permissions are also assumed.
Edit Groups	Users can create, rename, move and delete groups within the object and process Studio trees. Users can also create and edit groups at the root level and in other unrestricted groups. This permission also allows users to retire and unretire processes if they also have the Manage Access Rights permission. Both Manage Access Rights and Edit Groups permissions are required on any Restricted Group involved in a move. For more information, see Moving Groups.
Manage Access Rights	Users can edit the access rights for the roles that have access to the group, to refine the permissions that the roles allow. A user with this permission cannot grant access rights that are denied by the permissions set for a user role. Users cannot update this permission for their own user role. This prevents a user giving themselves access rights management to a group which they have been previously denied those rights.

Permission

Description

Create

Users can create items in the group, including using Save As in the editor. Edit, Execute, and View permissions are also assumed.

Edit Groups

Users can create, rename, move and delete groups within the object and process Studio trees. Users can also create and edit groups at the root level and in other unrestricted groups. This permission also allows users to retire and unretire processes if they also have the Manage Access Rights permission.

Both Manage Access Rights and Edit Groups permissions are required on any Restricted Group involved in a move. For more information, see Moving Groups.

Manage Access Rights

Users can edit the access rights for the roles that have access to the group, to refine the permissions that the roles allow. A user with this permission cannot grant access rights that are denied by the permissions set for a user role. Users cannot update this permission for their own user role. This prevents a user giving themselves access rights management to a group which they have been previously denied those rights.

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 05 Jan 2024